minijail: Handle cap_get_flag(3) failing with EINVAL
This change adds handling EINVAL on cap_get_flag(3). This is because
libcap rejects setting / getting any capabilities that it wasn't
compiled with, despite there being some wording on libcap(3)'s
cap_from_text(3) manpage that would lead the readers to think that
the library would allow doing so.
Bug: None
Test: # ./minijail0 -T static --ambient \
-c 'cap_dac_read_search,cap_dac_override+e' -- \
/bin/true # On Chrome OS.
Change-Id: Iea9b6737b208a201868731d44724eb1caa165fc5
diff --git a/minijail0_cli.c b/minijail0_cli.c
index ea66d7c..38e946f 100644
--- a/minijail0_cli.c
+++ b/minijail0_cli.c
@@ -94,6 +94,14 @@
for (i = 0; i <= last_valid_cap; ++i) {
if (cap_get_flag(parsed_caps, i, CAP_EFFECTIVE,
&cap_value)) {
+ if (errno == EINVAL) {
+ /*
+ * Some versions of libcap reject any
+ * capabilities they were not compiled
+ * with by returning EINVAL.
+ */
+ continue;
+ }
fprintf(stderr,
"Could not get the value of "
"the %d-th capability: %m\n",