Index: /trunk/src/vserver-info.c =================================================================== --- a/src/vserver-info.c (revision 2589) +++ b/src/vserver-info.c (revision 2717) @@ -186,7 +186,9 @@ verifyCap() { + int retried = 0; struct __user_cap_header_struct header; - struct __user_cap_data_struct user; - header.version = _LINUX_CAPABILITY_VERSION; + struct __user_cap_data_struct user[2]; + + header.version = _LINUX_CAPABILITY_VERSION_2; header.pid = 0; @@ -200,15 +202,22 @@ // return false; // } - - if (capget(&header, &user)==-1) { + +retry: + if (capget(&header, user)==-1) { + if (!retried && + header.version != _LINUX_CAPABILITY_VERSION_2) { + header.version = _LINUX_CAPABILITY_VERSION_1; + retried = 1; + goto retry; + } perror("capget()"); return false; } - user.effective = 0; - user.permitted = 0; - user.inheritable = 0; - - if (capset(&header, &user)==-1) { + user[0].effective = user[1].effective = 0; + user[0].permitted = user[1].permitted = 0; + user[0].inheritable = user[1].inheritable = 0; + + if (capset(&header, user)==-1) { perror("capset()"); return false; Index: /trunk/src/rpm-fake.c =================================================================== --- a/src/rpm-fake.c (revision 2693) +++ b/src/rpm-fake.c (revision 2717) @@ -420,20 +420,28 @@ reduceCapabilities() { + int retried = 0; struct __user_cap_header_struct header; - struct __user_cap_data_struct user; - - header.version = _LINUX_CAPABILITY_VERSION; + struct __user_cap_data_struct user[2]; + + header.version = _LINUX_CAPABILITY_VERSION_2; header.pid = 0; - if (capget(&header, &user)==-1) { +retry: + if (capget(&header, user)==-1) { + if (!retried && + header.version != _LINUX_CAPABILITY_VERSION_2) { + header.version = _LINUX_CAPABILITY_VERSION_1; + retried = 1; + goto retry; + } perror("capget()"); exit(wrapper_exit_code); } - user.effective &= ~(1<