mount.cifs: fix toggle_cap_dac_override

...it clears the capability set completely, which it shouldn't do. It
also doesn't call cap_set_proc to make the new capability set active.

Signed-off-by: Jeff Layton <jlayton@redhat.com>

diff --git a/mount.cifs.c b/mount.cifs.c
index 1f0823094dbbb1118683b74292654e03293266f8..eb72c46e7be7c8c3673e044cf84801c1bd199a65 100644 (file)
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -395,13 +395,6 @@ toggle_cap_dac_override(int enable)
                return EX_SYSERR;
        }
 
-       if (cap_clear(caps) == -1) {
-               fprintf(stderr, "Unable to clear capability set: %s\n",
-                       strerror(errno));
-               rc = EX_SYSERR;
-               goto free_caps;
-       }
-
        cap_list = CAP_DAC_OVERRIDE;
        if (cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap_list,
                         enable ? CAP_SET : CAP_CLEAR) == -1) {
@@ -410,6 +403,12 @@ toggle_cap_dac_override(int enable)
                rc = EX_SYSERR;
                goto free_caps;
        }
+
+       if (cap_set_proc(caps) != 0) {
+               fprintf(stderr, "Unable to set current process capabilities: %s\n",
+                       strerror(errno));
+               rc = EX_SYSERR;
+       }
 free_caps:
        cap_free(caps);
        return 0;