From 07d123a71a5ad769aac4d04e7e189fbf5f957cd8 Mon Sep 17 00:00:00 2001
From: Anatoly Pugachev <matorola@gmail.com>
Date: Fri, 16 Oct 2020 22:03:54 +0300
Subject: [PATCH] [capabilities] fix for a newer versions of libcap (#1061)

* [capabilities] fix for a newer versions of libcap

fixes: #993

* Minor correction for files without caps set.

PS: side note, getcap (per sources) does not set non-zero return code,
even for files which are not found (i.e. wrong filename).

* add changelog fragment

* review/suggested changes

* change comment to explicitly state stderr vs output
---
 changelogs/fragments/993-file-capabilities.yml |  2 ++
 plugins/modules/system/capabilities.py         | 12 +++++++++---
 2 files changed, 11 insertions(+), 3 deletions(-)
 create mode 100644 changelogs/fragments/993-file-capabilities.yml

diff --git a/changelogs/fragments/993-file-capabilities.yml b/changelogs/fragments/993-file-capabilities.yml
new file mode 100644
index 0000000000..a9e781c400
--- /dev/null
+++ b/changelogs/fragments/993-file-capabilities.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - capabilities - fix for a newer version of libcap release (https://github.com/ansible-collections/community.general/pull/1061).
diff --git a/plugins/modules/system/capabilities.py b/plugins/modules/system/capabilities.py
index 9643aadbce..ac6dde6761 100644
--- a/plugins/modules/system/capabilities.py
+++ b/plugins/modules/system/capabilities.py
@@ -108,12 +108,18 @@ class CapabilitiesModule(object):
         #   '/foo ='
         # If file xattrs are unset the output will be:
         #   '/foo'
-        # If the file does not exist the output will be (with rc == 0...):
+        # If the file does not exist, the stderr will be (with rc == 0...):
         #   '/foo (No such file or directory)'
-        if rc != 0 or (stdout.strip() != path and stdout.count(' =') != 1):
+        if rc != 0 or stderr != "":
             self.module.fail_json(msg="Unable to get capabilities of %s" % path, stdout=stdout.strip(), stderr=stderr)
         if stdout.strip() != path:
-            caps = stdout.split(' =')[1].strip().split()
+            if ' =' in stdout:
+                # process output of an older version of libcap
+                caps = stdout.split(' =')[1].strip().split()
+            else:
+                # otherwise, we have a newer version here
+                # see original commit message of cap/v0.2.40-18-g177cd41 in libcap.git
+                caps = stdout.split()[1].strip().split()
             for cap in caps:
                 cap = cap.lower()
                 # getcap condenses capabilities with the same op/flags into a