From 81f66feea49080b9581f2e238aeabedccbf7aee1 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Mon, 4 Aug 2025 20:50:41 +0200 Subject: [PATCH] [PR #10524/7e2d91e5 backport][stable-11] capabilities: command args as list rather than string (#10588) capabilities: command args as list rather than string (#10524) * capabilities: command args as list rather than string * add changelog frag (cherry picked from commit 7e2d91e53ddbc79f7fff287c05adf4eebb2ba228) Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com> --- changelogs/fragments/10524-capabilities-cmd-list.yml | 2 ++ plugins/modules/capabilities.py | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/10524-capabilities-cmd-list.yml diff --git a/changelogs/fragments/10524-capabilities-cmd-list.yml b/changelogs/fragments/10524-capabilities-cmd-list.yml new file mode 100644 index 0000000000..e6af832b5c --- /dev/null +++ b/changelogs/fragments/10524-capabilities-cmd-list.yml @@ -0,0 +1,2 @@ +minor_changes: + - capabilities - using safer mechanism to run external command (https://github.com/ansible-collections/community.general/pull/10524). diff --git a/plugins/modules/capabilities.py b/plugins/modules/capabilities.py index 08bd2e85ff..625de99b44 100644 --- a/plugins/modules/capabilities.py +++ b/plugins/modules/capabilities.py @@ -109,7 +109,7 @@ class CapabilitiesModule(object): def getcap(self, path): rval = [] - cmd = "%s -v %s" % (self.getcap_cmd, path) + cmd = [self.getcap_cmd, "-v", path] rc, stdout, stderr = self.module.run_command(cmd) # If file xattrs are set but no caps are set the output will be: # '/foo =' @@ -144,7 +144,7 @@ class CapabilitiesModule(object): def setcap(self, path, caps): caps = ' '.join([''.join(cap) for cap in caps]) - cmd = "%s '%s' %s" % (self.setcap_cmd, caps, path) + cmd = [self.setcap_cmd, caps, path] rc, stdout, stderr = self.module.run_command(cmd) if rc != 0: self.module.fail_json(msg="Unable to set capabilities of %s" % path, stdout=stdout, stderr=stderr)