From 0e92c213f51bae95605c19dfee843902e7c8a0ad Mon Sep 17 00:00:00 2001 From: Roman Arutyunyan Date: Mon, 18 Dec 2017 21:09:39 +0300 Subject: Improved the capabilities feature detection. Previously included file sys/capability.h mentioned in capset(2) man page, belongs to the libcap-dev package, which may not be installed on some Linux systems when compiling nginx. This prevented the capabilities feature from being detected and compiled on that systems. Now linux/capability.h system header is included instead. Since capset() declaration is located in sys/capability.h, now capset() syscall is defined explicitly in code using the SYS_capset constant, similarly to other Linux-specific features in nginx. --- src/os/unix/ngx_linux_config.h | 2 +- src/os/unix/ngx_process_cycle.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src/os/unix') diff --git a/src/os/unix/ngx_linux_config.h b/src/os/unix/ngx_linux_config.h index b22ea4378..3036caebf 100644 --- a/src/os/unix/ngx_linux_config.h +++ b/src/os/unix/ngx_linux_config.h @@ -100,7 +100,7 @@ typedef struct iocb ngx_aiocb_t; #if (NGX_HAVE_CAPABILITIES) -#include +#include #endif diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c index 40654b3a2..9b0e0421e 100644 --- a/src/os/unix/ngx_process_cycle.c +++ b/src/os/unix/ngx_process_cycle.c @@ -869,7 +869,7 @@ ngx_worker_process_init(ngx_cycle_t *cycle, ngx_int_t worker) data.effective = CAP_TO_MASK(CAP_NET_RAW); data.permitted = data.effective; - if (capset(&header, &data) == -1) { + if (syscall(SYS_capset, &header, &data) == -1) { ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, "capset() failed"); /* fatal */ -- cgit v1.2.3