From f1b6145ce2bf1bc5061c4aafcf63e90bdc6b8b5c Mon Sep 17 00:00:00 2001
From: Marc Fournier <marc.fournier@camptocamp.com>
Date: Wed, 25 Jan 2017 07:37:41 +0100
Subject: [PATCH] daemon/common.c: Fix check_capability() by using
 cap_get_proc()

Rewrite this function, as 58acba67f made it a no-op.
---
 src/daemon/common.c | 20 +++++++++++++++-----
 src/daemon/common.h |  2 +-
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/src/daemon/common.c b/src/daemon/common.c
index 7ead55d1..2be2e8e5 100644
--- a/src/daemon/common.c
+++ b/src/daemon/common.c
@@ -1527,16 +1527,26 @@ void strarray_free(char **array, size_t array_len) /* {{{ */
 #if HAVE_CAPABILITY
 int check_capability(int arg) /* {{{ */
 {
-  cap_value_t cap = (cap_value_t)arg;
+  cap_value_t cap_value = (cap_value_t)arg;
+  cap_t cap;
+  cap_flag_value_t cap_flag_value;
 
-  if (!CAP_IS_SUPPORTED(cap))
+  if (!CAP_IS_SUPPORTED(cap_value))
     return (-1);
 
-  int have_cap = cap_get_bound(cap);
-  if (have_cap != 1)
+  if (!(cap = cap_get_proc())) {
+    ERROR("check_capability: cap_get_proc failed.");
     return (-1);
+  }
 
-  return (0);
+  if (cap_get_flag(cap, cap_value, CAP_EFFECTIVE, &cap_flag_value) < 0) {
+    ERROR("check_capability: cap_get_flag failed.");
+    cap_free(cap);
+    return (-1);
+  }
+  cap_free(cap);
+
+  return (cap_flag_value != CAP_SET);
 } /* }}} int check_capability */
 #else
 int check_capability(__attribute__((unused)) int arg) /* {{{ */
diff --git a/src/daemon/common.h b/src/daemon/common.h
index a88e73e0..2a0b9ee7 100644
--- a/src/daemon/common.h
+++ b/src/daemon/common.h
@@ -376,7 +376,7 @@ void strarray_free(char **array, size_t array_len);
  * argument. Returns zero if it does, less than zero if it doesn't or on error.
  * See capabilities(7) for the list of possible capabilities.
  * */
-int check_capability(int capability);
+int check_capability(int arg);
 #endif /* HAVE_SYS_CAPABILITY_H */
 
 #endif /* COMMON_H */
-- 
2.11.0