diff options
| -rw-r--r-- | configure.ac | 24 | ||||
| -rw-r--r-- | src/daemon/caps.c | 6 |
2 files changed, 22 insertions, 8 deletions
diff --git a/configure.ac b/configure.ac index d4b481776..64ab9faa0 100644 --- a/configure.ac +++ b/configure.ac @@ -118,6 +118,10 @@ fi #### Determine host OS #### +# if the host has the possibility of sys/capability.h for dropping privileges +# used to determine if we should error out if it is not found +host_has_caps=0 + os_is_linux=0 os_is_win32=0 os_is_darwin=0 @@ -126,8 +130,13 @@ AC_MSG_CHECKING([host operating system]) case "$host_os" in linux*) AC_MSG_RESULT([linux]) + host_has_caps=1 os_is_linux=1 ;; + freebsd*) + AC_MSG_RESULT([freebsd]) + host_has_caps=1 + ;; darwin*) AC_MSG_RESULT([darwin]) os_is_darwin=1 @@ -595,17 +604,16 @@ AS_IF([test "x$HAVE_X11" = "x1"], AC_DEFINE([HAVE_X11], 1, [Have X11?])) CAP_LIBS='' AC_ARG_WITH([caps], - AS_HELP_STRING([--without-caps],[Omit support for POSIX capabilities.])) + AS_HELP_STRING([--without-caps],[Omit support for dropping capabilities.])) if test "x${with_caps}" != "xno"; then - AC_SEARCH_LIBS([cap_init], [cap], [], [ - if test "x${with_caps}" = "xyes" ; then - AC_MSG_ERROR([*** POSIX caps libraries not found]) - fi]) + AC_SEARCH_LIBS([cap_init], [cap], [], []) + + # Only give an error on hosts that we know could support capabilities AC_CHECK_HEADERS([sys/capability.h], [], [ - if test "x${with_caps}" = "xyes" ; then - AC_MSG_ERROR([*** POSIX caps headers not found]) - fi]) + if test "${host_has_caps}" = "1"; then + AC_MSG_ERROR([*** sys/capability.h not found. Use --without-caps to disable capabilities support.]) + fi]) fi #### Valgrind (optional) #### diff --git a/src/daemon/caps.c b/src/daemon/caps.c index 2251cb373..68b79cebd 100644 --- a/src/daemon/caps.c +++ b/src/daemon/caps.c @@ -80,12 +80,18 @@ void pa_drop_root(void) { void pa_drop_caps(void) { #ifdef HAVE_SYS_CAPABILITY_H +#ifdef __linux cap_t caps; pa_assert_se(caps = cap_init()); pa_assert_se(cap_clear(caps) == 0); pa_assert_se(cap_set_proc(caps) == 0); pa_assert_se(cap_free(caps) == 0); +#elif __FreeBSD__ + pa_assert_se (cap_enter () == 0); #else +#error Don't know how to do capabilities on your system. Please send a patch. +#endif /* __linux */ +#else /* HAVE_SYS_CAPABILITY_H */ pa_log_warn("Normally all extra capabilities would be dropped now, but " "that's impossible because this Pulseaudio was built without " "libcap support."); |