Klaus Demo nginx / 0e92c21
Improved the capabilities feature detection. Previously included file sys/capability.h mentioned in capset(2) man page, belongs to the libcap-dev package, which may not be installed on some Linux systems when compiling nginx. This prevented the capabilities feature from being detected and compiled on that systems. Now linux/capability.h system header is included instead. Since capset() declaration is located in sys/capability.h, now capset() syscall is defined explicitly in code using the SYS_capset constant, similarly to other Linux-specific features in nginx. Roman Arutyunyan 4 years ago
3 changed file(s) with 5 addition(s) and 4 deletion(s). Raw diff Collapse all Expand all
173173 ngx_feature="capabilities"
174174 ngx_feature_name="NGX_HAVE_CAPABILITIES"
175175 ngx_feature_run=no
176 ngx_feature_incs="#include <sys/capability.h>"
176 ngx_feature_incs="#include <linux/capability.h>
177 #include <sys/syscall.h>"
177178 ngx_feature_path=
178179 ngx_feature_libs=
179180 ngx_feature_test="struct __user_cap_data_struct data;
183184 data.effective = CAP_TO_MASK(CAP_NET_RAW);
184185 data.permitted = 0;
185186
186 (void) capset(&header, &data)"
187 (void) SYS_capset"
187188 . auto/feature
188189
189190
9999
100100
101101 #if (NGX_HAVE_CAPABILITIES)
102 #include <sys/capability.h>
102 #include <linux/capability.h>
103103 #endif
104104
105105
868868 data.effective = CAP_TO_MASK(CAP_NET_RAW);
869869 data.permitted = data.effective;
870870
871 if (capset(&header, &data) == -1) {
871 if (syscall(SYS_capset, &header, &data) == -1) {
872872 ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
873873 "capset() failed");
874874 /* fatal */