Re: [PATCH 2/2] virSetUIDGIDWithCaps: Set bounding capabilities only with CAP_SETPCAP

On 7/22/21 11:29 AM, Michal Privoznik wrote: > In one of my previous patches I've tried to postpone dropping > CAP_SETPCAP until the very end because it's needed for > capng_apply(). What I did not realize back then was that we might > not have the capability to begin with. Because of unknown

[PATCH 2/2] virSetUIDGIDWithCaps: Set bounding capabilities only with CAP_SETPCAP

In one of my previous patches I've tried to postpone dropping CAP_SETPCAP until the very end because it's needed for capng_apply(). What I did not realize back then was that we might not have the capability to begin with. Because of unknown reasons capng_apply() pollutes logs only for