From c34b2725817d4fd1fd6878bbb16617cb9e3e3a70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
Date: Fri, 22 Jan 2016 16:23:59 +0100
Subject: [PATCH] removing capability enforcement

Signed-off-by: ronan <ronan@iot.bzh>

Change-Id: Idb724192ceab176a611bbed45c0ebc9c8eb5dd30
---
 progs/setcap.c | 45 +--------------------------------------------
 1 file changed, 1 insertion(+), 44 deletions(-)

diff --git a/progs/setcap.c b/progs/setcap.c
index 7304343..71999b6 100644
--- a/progs/setcap.c
+++ b/progs/setcap.c
@@ -58,11 +58,9 @@ static int read_caps(int quiet, const char *filename, char *buffer)
 
 int main(int argc, char **argv)
 {
-    int tried_to_cap_setfcap = 0;
     char buffer[MAXCAP+1];
     int retval, quiet=0, verify=0;
     cap_t mycaps;
-    cap_value_t capflag;
 
     if (argc < 3) {
 	usage();
@@ -150,54 +148,13 @@ int main(int argc, char **argv)
 		printf("%s: OK\n", *argv);
 	    }
 	} else {
-	    if (!tried_to_cap_setfcap) {
-		capflag = CAP_SETFCAP;
-
-		/*
-		 * Raise the effective CAP_SETFCAP.
-		 */
-		if (cap_set_flag(mycaps, CAP_EFFECTIVE, 1, &capflag, CAP_SET)
-		    != 0) {
-		    perror("unable to manipulate CAP_SETFCAP - "
-			   "try a newer libcap?");
-		    exit(1);
-		}
-		if (cap_set_proc(mycaps) != 0) {
-		    perror("unable to set CAP_SETFCAP effective capability");
-		    exit(1);
-		}
-		tried_to_cap_setfcap = 1;
-	    }
 	    retval = cap_set_file(*++argv, cap_d);
 	    if (retval != 0) {
-		int explained = 0;
 		int oerrno = errno;
-#ifdef linux
-		cap_value_t cap;
-		cap_flag_value_t per_state;
-
-		for (cap = 0;
-		     cap_get_flag(cap_d, cap, CAP_PERMITTED, &per_state) != -1;
-		     cap++) {
-		    cap_flag_value_t inh_state, eff_state;
-
-		    cap_get_flag(cap_d, cap, CAP_INHERITABLE, &inh_state);
-		    cap_get_flag(cap_d, cap, CAP_EFFECTIVE, &eff_state);
-		    if ((inh_state | per_state) != eff_state) {
-			fprintf(stderr, "NOTE: Under Linux, effective file capabilities must either be empty, or\n"
-				"      exactly match the union of selected permitted and inheritable bits.\n");
-			explained = 1;
-			break;
-		    }
-		}
-#endif /* def linux */
-		
 		fprintf(stderr,
 			"Failed to set capabilities on file `%s' (%s)\n",
 			argv[0], strerror(oerrno));
-		if (!explained) {
-		    usage();
-		}
+
 	    }
 	}
 	if (cap_d) {
-- 
2.6.6