From: Sapan Bhatia <gwsapan@gmail.com>
Date: Tue, 22 Jan 2013 16:03:11 +0000 (-0500)
Subject: Fix bug in dropped capabilities
X-Git-Tag: lxctools-0.9-2~3
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;ds=sidebyside;h=816b9d02b969728765d2aa1f975f5e80b9554f63;hp=509720d6f87c294bae9eba2236dbd48d88eb7fa0;p=lxc-userspace.git

Fix bug in dropped capabilities
---

diff --git a/lxcsu b/lxcsu
index abc98be..bf69e50 100644
--- a/lxcsu
+++ b/lxcsu
@@ -7,7 +7,7 @@ import sys
 
 #from optparse import OptionParser
 
-drop_capabilities='cap_sys_admin,cap_sys_boot,cap_sys_module'.split(',')
+drop_capabilities='cap_sys_admin,cap_sys_boot,cap_sys_module'
 
 def umount(fs_dir):
     output = os.popen('/bin/umount %s 2>&1'%fs_dir).read()
@@ -117,10 +117,11 @@ if (not umount('/sys/fs/cgroup')):
 
 pid = os.fork()
 
-cap_args = map(lambda c:'--drop='+c, drop_capabilities)
-    
 if (pid == 0):
+    cap_arg = '--drop='+drop_capabilities
+    exec_args = ['/usr/sbin/capsh',cap_arg,'--','--login']+args[1:]
+
     os.environ['SHELL'] = '/bin/sh'
-    os.execv('/usr/sbin/capsh',cap_args+['--','--login']+args[1:])
+    os.execv('/usr/sbin/capsh',exec_args)
 else:
     os.waitpid(pid,0)