[PATCH 1/2] virSetUIDGIDWithCaps: Check for capng_apply() retval properly

[Michal Privoznik]

After all capabilities were set (except for CAP_SETGID,
CAP_SETUID and CAP_SETPCAP) and after UID:GID was changed we drop
the last aforementioned capabilities (we couldn't drop them
before because we needed UID:GID and capabilities change).
Therefore, there's final capng_apply() call. However, it's return
value is not checked for properly. It's typical problem of:

  var = func() < 0

Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
---
 src/util/virutil.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/util/virutil.c b/src/util/virutil.c
index ed3d57662b..aba0aea0ff 100644
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -1261,7 +1261,7 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups,
     if (need_setpcap)
         capng_update(CAPNG_DROP, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SETPCAP);
 
-    if (((capng_ret = capng_apply(CAPNG_SELECT_CAPS)) < 0)) {
+    if ((capng_ret = capng_apply(CAPNG_SELECT_CAPS)) < 0) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("cannot apply process capabilities %d"), capng_ret);
         return -1;
-- 
2.31.1