Bug 989352 - cap-get-file will return error if the file has not be set capabilities
Summary: cap-get-file will return error if the file has not be set capabilities
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libguestfs
Version: 6.5
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Richard W.M. Jones
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 989356
TreeView+ depends on / blocked
 
Reported: 2013-07-29 06:46 UTC by bfan
Modified: 2013-11-21 04:46 UTC (History)
2 users (show)

Fixed In Version: libguestfs-1.20.10-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: Reading the capabilities of a file via libguestfs, when the file has no capabilities set. Consequence: This would return an error. Fix: guestfs_cap_get_file has been changed to return an empty string instead of an error. Result: Returns an empty string if there are no capabilities. It can still return an error in the case where there is a genuine read error.
Clone Of:
: 989356 (view as bug list)
Environment:
Last Closed: 2013-11-21 04:46:17 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:1536 0 normal SHIPPED_LIVE Moderate: libguestfs security, bug fix, and enhancement update 2013-11-21 00:40:55 UTC

Description bfan 2013-07-29 06:46:23 UTC 
Description of problem:
cap-get-file should not return error when the file has no capabilities, it's not grace. it's better do a further process to return NULL likes linux original command "getcap"


Version-Release number of selected component (if applicable):
libguestfs-1.20.9-6.el6.x86_64


How reproducible:
100%

Steps to Reproduce:
# guestfish -N fs -m /dev/sda1 touch /testfile : cap-get-file /testfile
libguestfs: error: cap_get_file: /testfile: No data available


Actual results:
guestfish return error


Expected results:
should return NULL


Additional info:
Same issue in rhel7(libguestfs1.22.4-2)


B.R
Fan Bo
Comment 1 Richard W.M. Jones 2013-08-05 13:46:18 UTC 
Fixed upstream in:

commit c663ab3bb9ab02fb3ca6209333c2d5402081c4de
Author: Richard W.M. Jones <rjones@redhat.com>
Date:   Mon Jul 29 14:37:50 2013 +0100

    daemon: cap-get-file: Return empty string if no capability on file (RHBZ#989356).
    
    Return an empty string (instead of an error) if no capabilities are
    set on a file, and document that in the API.
Comment 4 bfan 2013-08-06 07:29:49 UTC 
Verified with libguestfs-1.20.10-2.el6.x86_64,

1. check the return
[root@intel-8400-8-2 home]# guestfish -N fs -m /dev/sda1 touch /testfile : cap-get-file /testfile

[root@intel-8400-8-2 home]#


2. check document
[root@intel-8400-8-2 home]# guestfish 

Welcome to guestfish, the libguestfs filesystem interactive shell for
editing virtual machine filesystems.

Type: 'help' for help on commands
      'man' to read the manual
      'quit' to quit the shell

><fs> help cap-get-file
NAME
    cap-get-file - get the Linux capabilities attached to a file

SYNOPSIS
     cap-get-file path

DESCRIPTION
    This function returns the Linux capabilities attached to "path". The
    capabilities set is returned in text form (see cap_to_text(3)).

    If no capabilities are attached to a file, an empty string is returned.

><fs>

So change the status to verified
Comment 6 errata-xmlrpc 2013-11-21 04:46:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-1536.html
Note You need to log in before you can comment on or make changes to this bug.