AM_CONDITIONAL([ENABLE_CAP], [test "x$enable_capabilities" = "xyes"])
AM_COND_IF([ENABLE_CAP],
- [AC_CHECK_LIB(cap,cap_set_proc,[true],[AC_MSG_ERROR([You are missing libcap support.])])
+ [AC_CHECK_HEADER([sys/capability.h],[],[AC_MSG_ERROR([You must install the libcap development package in order to compile lxc])])
+ AC_CHECK_LIB(cap,cap_set_proc,[],[AC_MSG_ERROR([You must install the libcap development package in order to compile lxc])])
AC_SUBST([CAP_LIBS], [-lcap])])
# HAVE_SCMP_FILTER_CTX=1 will tell us we have libseccomp api >= 1.0.0
AC_CHECK_DECLS([PR_GET_NO_NEW_PRIVS], [], [], [#include <sys/prctl.h>])
# Check for some headers
-AC_CHECK_HEADERS([sys/signalfd.h pty.h ifaddrs.h sys/capability.h sys/memfd.h sys/personality.h utmpx.h sys/timerfd.h])
+AC_CHECK_HEADERS([sys/signalfd.h pty.h ifaddrs.h sys/memfd.h sys/personality.h utmpx.h sys/timerfd.h])
# lookup major()/minor()/makedev()
AC_HEADER_MAJOR
lxc_log_define(lxc_caps, lxc);
-#if HAVE_SYS_CAPABILITY_H
+#if HAVE_LIBCAP
#ifndef PR_CAPBSET_READ
#define PR_CAPBSET_READ 23
#ifndef __LXC_CAPS_H
#define __LXC_CAPS_H
-#if HAVE_SYS_CAPABILITY_H
+#if HAVE_LIBCAP
#include <sys/capability.h>
extern int lxc_caps_down(void);
#include "utils.h"
#include "lsm/lsm.h"
-#if HAVE_SYS_CAPABILITY_H
+#if HAVE_LIBCAP
#include <sys/capability.h>
#endif
lxc_log_define(lxc_conf, lxc);
-#if HAVE_SYS_CAPABILITY_H
+#if HAVE_LIBCAP
#ifndef CAP_SETFCAP
#define CAP_SETFCAP 31
#endif
{ NULL, 0, 0 },
};
-#if HAVE_SYS_CAPABILITY_H
+#if HAVE_LIBCAP
static struct caps_opt caps_opt[] = {
{ "chown", CAP_CHOWN },
{ "dac_override", CAP_DAC_OVERRIDE },
#include <sys/un.h>
#include <sys/wait.h>
-#if HAVE_SYS_CAPABILITY_H
+#if HAVE_LIBCAP
#include <sys/capability.h>
#endif
}
if (handler->conf->need_utmp_watch) {
- #if HAVE_SYS_CAPABILITY_H
+ #if HAVE_LIBCAP
if (lxc_utmp_mainloop_add(&descr, handler)) {
ERROR("Failed to add utmp handler to LXC mainloop.");
goto out_mainloop_open;
goto out_warn_father;
}
- #if HAVE_SYS_CAPABILITY_H
+ #if HAVE_LIBCAP
if (handler->conf->need_utmp_watch) {
if (prctl(PR_CAPBSET_DROP, CAP_SYS_BOOT, 0, 0, 0)) {
SYSERROR("Failed to remove the CAP_SYS_BOOT capability.");
* further above. Only drop groups if we can, so ensure that we
* have necessary privilege.
*/
- #if HAVE_SYS_CAPABILITY_H
+ #if HAVE_LIBCAP
have_cap_setgid = lxc_cap_is_set(CAP_SETGID, CAP_EFFECTIVE);
#else
have_cap_setgid = false;
handler->netnsfd = -1;
if (must_drop_cap_sys_boot(handler->conf)) {
- #if HAVE_SYS_CAPABILITY_H
+ #if HAVE_LIBCAP
DEBUG("Dropping CAP_SYS_BOOT capability.");
#else
DEBUG("Not dropping CAP_SYS_BOOT capability as capabilities aren't supported.");