]> git.kaiwu.me - nginx.git/commitdiff
projects / nginx.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 752f66b)
Improved the capabilities feature detection.
authorRoman Arutyunyan <arut@nginx.com>
Mon, 18 Dec 2017 18:09:39 +0000 (21:09 +0300)
committerRoman Arutyunyan <arut@nginx.com>
Mon, 18 Dec 2017 18:09:39 +0000 (21:09 +0300)
Previously included file sys/capability.h mentioned in capset(2) man page,
belongs to the libcap-dev package, which may not be installed on some Linux
systems when compiling nginx.  This prevented the capabilities feature from
being detected and compiled on that systems.

Now linux/capability.h system header is included instead.  Since capset()
declaration is located in sys/capability.h, now capset() syscall is defined
explicitly in code using the SYS_capset constant, similarly to other
Linux-specific features in nginx.

auto/os/linux patch | blob | history
src/os/unix/ngx_linux_config.h patch | blob | history
src/os/unix/ngx_process_cycle.c patch | blob | history

diff --git a/auto/os/linux b/auto/os/linux
index e4aa0e549622dcd01c9d2f017581e8969c0a425a..135280f990b00c9747ca805a0c3288212105b214 100644 (file)
--- a/auto/os/linux
+++ b/auto/os/linux
@@ -174,7 +174,8 @@ ngx_feature_test="if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) return 1"
 ngx_feature="capabilities"
 ngx_feature_name="NGX_HAVE_CAPABILITIES"
 ngx_feature_run=no
-ngx_feature_incs="#include <sys/capability.h>"
+ngx_feature_incs="#include <linux/capability.h>
+                  #include <sys/syscall.h>"
 ngx_feature_path=
 ngx_feature_libs=
 ngx_feature_test="struct __user_cap_data_struct    data;
@@ -184,7 +185,7 @@ ngx_feature_test="struct __user_cap_data_struct    data;
                   data.effective = CAP_TO_MASK(CAP_NET_RAW);
                   data.permitted = 0;
 
-                  (void) capset(&header, &data)"
+                  (void) SYS_capset"
 . auto/feature
 
 
diff --git a/src/os/unix/ngx_linux_config.h b/src/os/unix/ngx_linux_config.h
index b22ea4378662e8d0e1ec5ae2dd5a5a5fcf7e0209..3036caebf630e2d3e16d7b2cb3916c4edcf74f0f 100644 (file)
--- a/src/os/unix/ngx_linux_config.h
+++ b/src/os/unix/ngx_linux_config.h
@@ -100,7 +100,7 @@ typedef struct iocb  ngx_aiocb_t;
 
 
 #if (NGX_HAVE_CAPABILITIES)
-#include <sys/capability.h>
+#include <linux/capability.h>
 #endif
 
 
diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c
index 40654b3a266be5f57a092ebca979fcb65a39d421..9b0e0421e3910d22bb4f1feb85d7044642d33584 100644 (file)
--- a/src/os/unix/ngx_process_cycle.c
+++ b/src/os/unix/ngx_process_cycle.c
@@ -869,7 +869,7 @@ ngx_worker_process_init(ngx_cycle_t *cycle, ngx_int_t worker)
             data.effective = CAP_TO_MASK(CAP_NET_RAW);
             data.permitted = data.effective;
 
-            if (capset(&header, &data) == -1) {
+            if (syscall(SYS_capset, &header, &data) == -1) {
                 ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
                               "capset() failed");
                 /* fatal */
nginx upstream