minijail: Handle cap_get_flag(3) failing with EINVAL This change adds handling EINVAL on cap_get_flag(3). This is because libcap rejects setting / getting any capabilities that it wasn't compiled with, despite there being some wording on libcap(3)'s cap_from_text(3) manpage that would lead the readers to think that the library would allow doing so. Bug: None Test: # ./minijail0 -T static --ambient \ -c 'cap_dac_read_search,cap_dac_override+e' -- \ /bin/true # On Chrome OS. Change-Id: Iea9b6737b208a201868731d44724eb1caa165fc5

commit: 677900fb3a5fcde716e0a07e15365acc46d7356f [log] [tgz]
author: Luis Hector Chavez <lhchavez@google.com> Mon Sep 24 09:13:26 2018 -0700
committer: Luis Hector Chavez <lhchavez@google.com> Mon Sep 24 12:08:00 2018 -0700
tree: f2247050ff5efef914d2f979a839adb1b783d122
parent: dabc4301f7432c852eec7b5ce0e1ab1af7c4016f [diff]
diff --git a/minijail0_cli.c b/minijail0_cli.c
index ea66d7c..38e946f 100644
--- a/minijail0_cli.c
+++ b/minijail0_cli.c

@@ -94,6 +94,14 @@
 		for (i = 0; i <= last_valid_cap; ++i) {
 			if (cap_get_flag(parsed_caps, i, CAP_EFFECTIVE,
 					 &cap_value)) {
+				if (errno == EINVAL) {
+					/*
+					 * Some versions of libcap reject any
+					 * capabilities they were not compiled
+					 * with by returning EINVAL.
+					 */
+					continue;
+				}
 				fprintf(stderr,
 					"Could not get the value of "
 					"the %d-th capability: %m\n",
commit	677900fb3a5fcde716e0a07e15365acc46d7356f	[log] [tgz]
author	Luis Hector Chavez <lhchavez@google.com>	Mon Sep 24 09:13:26 2018 -0700
committer	Luis Hector Chavez <lhchavez@google.com>	Mon Sep 24 12:08:00 2018 -0700
tree	f2247050ff5efef914d2f979a839adb1b783d122
parent	dabc4301f7432c852eec7b5ce0e1ab1af7c4016f [diff]