Autodetect if we want to support capabilities

diff --git a/ucw/Makefile b/ucw/Makefile
index 160abd5cf3273067bfff1d7c804f10ebd49364d5..9b1d0ff4645b4b81324b523dcff3d3c928c0368e 100644 (file)
--- a/ucw/Makefile
+++ b/ucw/Makefile
@@ -92,7 +92,7 @@ include $(s)/ucw/doc/Makefile
 
 LIBUCW_MOD_PATHS=$(addprefix $(o)/ucw/,$(LIBUCW_MODS))
 
-export LIBUCW_LIBS=-lm -lcap
+export LIBUCW_LIBS=-lm
 ifdef CONFIG_UCW_THREADS
 LIBUCW_LIBS+=-lpthread
 endif
@@ -102,6 +102,9 @@ endif
 ifdef CONFIG_UCW_MONOTONIC_CLOCK
 LIBUCW_LIBS+=-lrt
 endif
+ifdef CONFIG_UCW_CAPABILITIES
+LIBUCW_LIBS+=-lcap
+endif
 
 $(o)/ucw/libucw$(LV).a: $(addsuffix .o,$(LIBUCW_MOD_PATHS))
 $(o)/ucw/libucw$(LV).so: $(addsuffix .oo,$(LIBUCW_MOD_PATHS))

diff --git a/ucw/daemon.c b/ucw/daemon.c
index eb4a4d79493c9c7fe5d22812ada202081dae9c6e..f74e03728e555fc48e48e015bfc19c3d4074e565 100644 (file)
--- a/ucw/daemon.c
+++ b/ucw/daemon.c
@@ -21,7 +21,9 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/file.h>
+#ifdef CONFIG_UCW_CAPABILITIES
 #include <sys/prctl.h>
+#endif
 
 void
 daemon_resolve_ugid(struct daemon_params *dp)
@@ -82,15 +84,18 @@ daemon_resolve_ugid(struct daemon_params *dp)
 
 void daemon_switch_ugid(struct daemon_params *dp)
 {
+#ifdef CONFIG_UCW_CAPABILITIES
   // If we want to preserve some caps across UID switch, keep all first, to avoid having to set them twice.
   if (dp->keep_caps && prctl(PR_SET_KEEPCAPS, 1L) < 0)
     die("Can not keep caps: %m");
+#endif
   if (dp->want_setgid && setresgid(dp->run_as_gid, dp->run_as_gid, dp->run_as_gid) < 0)
     die("Cannot set GID to %d: %m", (int) dp->run_as_gid);
   if (dp->want_setgid > 1 && initgroups(dp->run_as_user, dp->run_as_gid) < 0)
     die("Cannot initialize groups: %m");
   if (dp->want_setuid && setresuid(dp->run_as_uid, dp->run_as_uid, dp->run_as_uid) < 0)
     die("Cannot set UID to %d: %m", (int) dp->run_as_uid);
+#ifdef CONFIG_UCW_CAPABILITIES
   if (dp->keep_caps)
   {
     cap_t caps = cap_init();
@@ -106,6 +111,7 @@ void daemon_switch_ugid(struct daemon_params *dp)
       die("Couldn't give up keeping caps: %m");
     cap_free(caps);
   }
+#endif
 }
 
 void

diff --git a/ucw/daemon.h b/ucw/daemon.h
index ab9f5245371a1b00f1dd36b23f27e42697239e78..3425d57e930cb39d28f4275ee66b112ab54a3f6b 100644 (file)
--- a/ucw/daemon.h
+++ b/ucw/daemon.h
@@ -11,7 +11,9 @@
 #define _UCW_DAEMON_H
 
 #include <sys/types.h>
+#ifdef CONFIG_UCW_CAPABILITIES
 #include <sys/capability.h>
+#endif
 
 #ifdef CONFIG_UCW_CLEAN_ABI
 #define daemon_control ucw_daemon_control
@@ -28,8 +30,10 @@ struct daemon_params {
   const char *pid_file;                        // A path to PID file (optional)
   const char *run_as_user;             // User name or "#uid" (optional)
   const char *run_as_group;            // Group name or "#gid" (optional)
+#ifdef CONFIG_UCW_CAPABILITIES
   const cap_value_t *keep_caps;         // Keep these capabilities across UID switch (optional)
   int keep_cap_count;
+#endif
 
   // Internal
   uid_t run_as_uid;

diff --git a/ucw/default.cfg b/ucw/default.cfg
index bc4d48b0d357806419d7db343a82264556961ef6..458e104d014a73e60f1580d80914c5b9fdfd57df 100644 (file)
--- a/ucw/default.cfg
+++ b/ucw/default.cfg
@@ -68,6 +68,9 @@ Set("CONFIG_UCW_FB_DIRECT");
 # Use monotonic clock (default: yes on Linux, no elsewhere)
 # Set("CONFIG_UCW_MONOTONIC_CLOCK");
 
+# Have support for capabilities (default: yes on Linux, no elsewhere)
+# Set("CONFIG_UCW_CAPABILITIES");
+
 # Which regular expression library should be used? If none is selected, we use BSD regex from libc.
 UnSet("CONFIG_UCW_POSIX_REGEX");
 UnSet("CONFIG_UCW_PCRE");

diff --git a/ucw/perl/UCW/Configure/LibUCW.pm b/ucw/perl/UCW/Configure/LibUCW.pm
index 7feef1e29dbc2c0faeb3f96d113868c058d56123..8d30d8c54c05764528bcd793fe8bc5373daf9462 100644 (file)
--- a/ucw/perl/UCW/Configure/LibUCW.pm
+++ b/ucw/perl/UCW/Configure/LibUCW.pm
@@ -73,6 +73,11 @@ TestBool("CONFIG_UCW_MONOTONIC_CLOCK", "Checking for monotonic clock", sub {
        return Get("CONFIG_LINUX");
 });
 
+# Check if we have capabilities (available on linux)
+TestBool("CONFIG_UCW_CAPABILITIES", "Checking for capabilities support", sub {
+       return Get("CONFIG_LINUX");
+});
+
 if (IsSet("CONFIG_DARWIN")) {
        # Darwin does not support BSD regexes, fix up
        if (!IsSet("CONFIG_UCW_POSIX_REGEX") && !IsSet("CONFIG_UCW_PCRE")) {