Wouldn't it be better to have configure.ac check for the presence of the function and store that as a separate HAVE_CAP_GET_FILE ?
Quoting brauner on Github ([email protected]): > The following pull request was submitted through Github. > It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/1513 > > This e-mail was sent by the LXC bot, direct replies will not reach the author > unless they happen to be subscribed to this list. > > === Description (from pull-request) === > Signed-off-by: Christian Brauner <[email protected]> > From d6018f88cb5a7bd89ad8b7811879512a6181d236 Mon Sep 17 00:00:00 2001 > From: Christian Brauner <[email protected]> > Date: Mon, 17 Apr 2017 23:23:26 +0200 > Subject: [PATCH] caps: skip file capability checks on android > > Signed-off-by: Christian Brauner <[email protected]> > --- > src/lxc/caps.c | 5 +++++ > src/lxc/conf.c | 6 +++++- > 2 files changed, 10 insertions(+), 1 deletion(-) > > diff --git a/src/lxc/caps.c b/src/lxc/caps.c > index 705ac94..2d6a3b8 100644 > --- a/src/lxc/caps.c > +++ b/src/lxc/caps.c > @@ -225,6 +225,10 @@ static bool lxc_cap_is_set(cap_t caps, cap_value_t cap, > cap_flag_t flag) > > bool lxc_file_cap_is_set(const char *path, cap_value_t cap, cap_flag_t flag) > { > + /* Android's bionic currently seems to lack support for cap_get_file(). > */ > + #if IS_BIONIC > + return true; > + #else > bool cap_is_set; > cap_t caps; > > @@ -243,6 +247,7 @@ bool lxc_file_cap_is_set(const char *path, cap_value_t > cap, cap_flag_t flag) > cap_is_set = lxc_cap_is_set(caps, cap, flag); > cap_free(caps); > return cap_is_set; > + #endif > } > > bool lxc_proc_cap_is_set(cap_value_t cap, cap_flag_t flag) > diff --git a/src/lxc/conf.c b/src/lxc/conf.c > index 8cd5174..999f2eb 100644 > --- a/src/lxc/conf.c > +++ b/src/lxc/conf.c > @@ -3353,7 +3353,7 @@ static int idmaptool_on_path_and_privileged(const char > *binary, cap_value_t cap) > goto cleanup; > } > > - #if HAVE_LIBCAP > + #if HAVE_LIBCAP && !IS_BIONIC > /* Check if it has the CAP_SETUID capability. */ > if ((cap & CAP_SETUID) && > lxc_file_cap_is_set(path, CAP_SETUID, CAP_EFFECTIVE) && > @@ -3373,6 +3373,10 @@ static int idmaptool_on_path_and_privileged(const char > *binary, cap_value_t cap) > fret = 1; > goto cleanup; > } > + #else > + DEBUG("Cannot check for file capabilites as full capability support is " > + "missing. Manual intervention needed."); > + fret = 1; > #endif > > cleanup: > _______________________________________________ > lxc-devel mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-devel _______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
