Mercurial > hg > nginx
changeset 7175:56923e8e01a5
Improved the capabilities feature detection.
Previously included file sys/capability.h mentioned in capset(2) man page,
belongs to the libcap-dev package, which may not be installed on some Linux
systems when compiling nginx. This prevented the capabilities feature from
being detected and compiled on that systems.
Now linux/capability.h system header is included instead. Since capset()
declaration is located in sys/capability.h, now capset() syscall is defined
explicitly in code using the SYS_capset constant, similarly to other
Linux-specific features in nginx.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Mon, 18 Dec 2017 21:09:39 +0300 |
parents | 84e53e4735a4 |
children | 7f28b61c92f0 |
files | auto/os/linux src/os/unix/ngx_linux_config.h src/os/unix/ngx_process_cycle.c |
diffstat | 3 files changed, 5 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/auto/os/linux Wed Dec 13 20:40:53 2017 +0300 +++ b/auto/os/linux Mon Dec 18 21:09:39 2017 +0300 @@ -174,7 +174,8 @@ ngx_feature="capabilities" ngx_feature_name="NGX_HAVE_CAPABILITIES" ngx_feature_run=no -ngx_feature_incs="#include <sys/capability.h>" +ngx_feature_incs="#include <linux/capability.h> + #include <sys/syscall.h>" ngx_feature_path= ngx_feature_libs= ngx_feature_test="struct __user_cap_data_struct data; @@ -184,7 +185,7 @@ data.effective = CAP_TO_MASK(CAP_NET_RAW); data.permitted = 0; - (void) capset(&header, &data)" + (void) SYS_capset" . auto/feature
--- a/src/os/unix/ngx_linux_config.h Wed Dec 13 20:40:53 2017 +0300 +++ b/src/os/unix/ngx_linux_config.h Mon Dec 18 21:09:39 2017 +0300 @@ -100,7 +100,7 @@ #if (NGX_HAVE_CAPABILITIES) -#include <sys/capability.h> +#include <linux/capability.h> #endif
--- a/src/os/unix/ngx_process_cycle.c Wed Dec 13 20:40:53 2017 +0300 +++ b/src/os/unix/ngx_process_cycle.c Mon Dec 18 21:09:39 2017 +0300 @@ -869,7 +869,7 @@ data.effective = CAP_TO_MASK(CAP_NET_RAW); data.permitted = data.effective; - if (capset(&header, &data) == -1) { + if (syscall(SYS_capset, &header, &data) == -1) { ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, "capset() failed"); /* fatal */