Bug 989352

Summary: cap-get-file will return error if the file has not be set capabilities
Product: Red Hat Enterprise Linux 6 Reporter: bfan
Component: libguestfsAssignee: Richard W.M. Jones <rjones>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.5CC: leiwang, wshi
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libguestfs-1.20.10-1.el6 Doc Type: Bug Fix
Doc Text:
Cause: Reading the capabilities of a file via libguestfs, when the file has no capabilities set. Consequence: This would return an error. Fix: guestfs_cap_get_file has been changed to return an empty string instead of an error. Result: Returns an empty string if there are no capabilities. It can still return an error in the case where there is a genuine read error.
 Story Points: ---
Clone Of:
: 989356 (view as bug list) Environment:
Last Closed: 2013-11-21 04:46:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 989356    

Description bfan 2013-07-29 06:46:23 UTC 
Description of problem:
cap-get-file should not return error when the file has no capabilities, it's not grace. it's better do a further process to return NULL likes linux original command "getcap"


Version-Release number of selected component (if applicable):
libguestfs-1.20.9-6.el6.x86_64


How reproducible:
100%

Steps to Reproduce:
# guestfish -N fs -m /dev/sda1 touch /testfile : cap-get-file /testfile
libguestfs: error: cap_get_file: /testfile: No data available


Actual results:
guestfish return error


Expected results:
should return NULL


Additional info:
Same issue in rhel7(libguestfs1.22.4-2)


B.R
Fan Bo
Comment 1 Richard W.M. Jones 2013-08-05 13:46:18 UTC 
Fixed upstream in:

commit c663ab3bb9ab02fb3ca6209333c2d5402081c4de
Author: Richard W.M. Jones <rjones>
Date:   Mon Jul 29 14:37:50 2013 +0100

    daemon: cap-get-file: Return empty string if no capability on file (RHBZ#989356).
    
    Return an empty string (instead of an error) if no capabilities are
    set on a file, and document that in the API.
Comment 4 bfan 2013-08-06 07:29:49 UTC 
Verified with libguestfs-1.20.10-2.el6.x86_64,

1. check the return
[root@intel-8400-8-2 home]# guestfish -N fs -m /dev/sda1 touch /testfile : cap-get-file /testfile

[root@intel-8400-8-2 home]#


2. check document
[root@intel-8400-8-2 home]# guestfish 

Welcome to guestfish, the libguestfs filesystem interactive shell for
editing virtual machine filesystems.

Type: 'help' for help on commands
      'man' to read the manual
      'quit' to quit the shell

><fs> help cap-get-file
NAME
    cap-get-file - get the Linux capabilities attached to a file

SYNOPSIS
     cap-get-file path

DESCRIPTION
    This function returns the Linux capabilities attached to "path". The
    capabilities set is returned in text form (see cap_to_text(3)).

    If no capabilities are attached to a file, an empty string is returned.

><fs>

So change the status to verified
Comment 6 errata-xmlrpc 2013-11-21 04:46:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-1536.html