From 29079c5b3703047cf2163c3c27ff2a2034ee9667 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@fedoraproject.org>
Date: Thu, 17 Jun 2010 18:46:43 +0000
Subject: [PATCH] - Only open regular files in filecap

---
 libcap-ng-0.6.5-device.patch | 41 ++++++++++++++++++++++++++++++++++++
 libcap-ng.spec               |  7 +++++-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 libcap-ng-0.6.5-device.patch

diff --git a/libcap-ng-0.6.5-device.patch b/libcap-ng-0.6.5-device.patch
new file mode 100644
index 0000000..7effd72
--- /dev/null
+++ b/libcap-ng-0.6.5-device.patch
@@ -0,0 +1,41 @@
+diff -urp libcap-ng-0.6.5.orig/utils/filecap.c libcap-ng-0.6.5/utils/filecap.c
+--- libcap-ng-0.6.5.orig/utils/filecap.c	2010-06-17 13:19:21.000000000 -0400
++++ libcap-ng-0.6.5/utils/filecap.c	2010-06-17 14:25:07.000000000 -0400
+@@ -41,12 +41,15 @@ static void usage(void)
+ 	exit(1);
+ }
+ 
+-static int check_file(const char *file,
+-		const struct stat *sb_unused __attribute__ ((unused)),
+-		int flag_unused __attribute__ ((unused)),
++static int check_file(const char *fpath,
++		const struct stat *sb,
++		int typeflag_unused __attribute__ ((unused)),
+ 		struct FTW *s_unused __attribute__ ((unused)))
+ {
+-	int fd = open(file, O_RDONLY);
++	if (S_ISREG(sb->st_mode) == 0)
++		return FTW_CONTINUE;
++
++	int fd = open(fpath, O_RDONLY);
+ 	if (fd >= 0) {
+ 		capng_results_t rc;
+ 
+@@ -58,7 +61,7 @@ static int check_file(const char *file,
+ 				header = 1;
+ 				printf("%-20s capabilities\n", "file");
+ 			}
+-			printf("%s     ", file);
++			printf("%s     ", fpath);
+ 			if (rc == CAPNG_FULL)
+ 				printf("full");
+ 			else
+@@ -68,7 +71,7 @@ static int check_file(const char *file,
+ 		}
+ 		close(fd);
+ 	}
+-	return 0;
++	return FTW_CONTINUE;
+ }
+ 
+ 
diff --git a/libcap-ng.spec b/libcap-ng.spec
index 8ae06da..4bf4bb7 100644
--- a/libcap-ng.spec
+++ b/libcap-ng.spec
@@ -3,11 +3,12 @@
 Summary: An alternate posix capabilities library
 Name: libcap-ng
 Version: 0.6.4
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: LGPLv2+
 Group: System Environment/Libraries
 URL: http://people.redhat.com/sgrubb/libcap-ng
 Source0: http://people.redhat.com/sgrubb/libcap-ng/%{name}-%{version}.tar.gz
+Patch1: libcap-ng-0.6.5-device.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: kernel-headers >= 2.6.11 
 BuildRequires: libattr-devel
@@ -51,6 +52,7 @@ lets you set the file system based capabilities.
 
 %prep
 %setup -q
+%patch1 -p1
 
 %build
 %configure --libdir=/%{_lib}
@@ -109,6 +111,9 @@ rm -rf $RPM_BUILD_ROOT
 %attr(0644,root,root) %{_mandir}/man8/*
 
 %changelog
+* Thu June 17 2010 Steve Grubb <sgrubb@redhat.com> 0.6.4-3
+- Only open regular files in filecap
+
 * Mon May 24 2010 Steve Grubb <sgrubb@redhat.com> 0.6.4-2
 - In utils subpackage added a requires statement.