From c288c1ae058ee453b8def8f342f6546b143e6df5 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Thu, 20 Mar 2008 19:18:33 +0000
Subject: [PATCH] Don't call cap_set_proc() unless we were started with
 elevated privileges.  Otherwise, we might print

dumpcap: cap_set_proc() fail return: Operation not permitted

to stderr.

svn path=/trunk/; revision=24704
---
 dumpcap.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/dumpcap.c b/dumpcap.c
index 93c580759c..ed9405677b 100644
--- a/dumpcap.c
+++ b/dumpcap.c
@@ -508,12 +508,15 @@ relinquish_privs_except_capture(void)
 
     relinquish_special_privs_perm();
 
-    print_caps("Post drop, pre set");
-    cap_set_flag(caps, CAP_EFFECTIVE,   cl_len, cap_list, CAP_SET);
-    if (cap_set_proc(caps)) {
-        cmdarg_err("cap_set_proc() fail return: %s", strerror(errno));
+    if (started_with_special_privs()) {
+        print_caps("Post drop, pre set");
+        cap_set_flag(caps, CAP_EFFECTIVE,   cl_len, cap_list, CAP_SET);
+        if (cap_set_proc(caps)) {
+            cmdarg_err("cap_set_proc() fail return: %s", strerror(errno));
+        }
+        print_caps("Post drop, post set");
     }
-    print_caps("Post drop, post set");
+
     cap_free(caps);
 }
 #endif /* HAVE_LIBCAP */