The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/1514
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Christian Brauner <[email protected]> cf. the discussion on https://github.com/lxc/lxc/pull/1513
From e73da381fcef0928b37149dcdeceb5580daa7011 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Wed, 19 Apr 2017 00:05:24 +0200 Subject: [PATCH] autotools: check for cap_get_file Signed-off-by: Christian Brauner <[email protected]> --- configure.ac | 4 +++- src/lxc/caps.c | 7 +++---- src/lxc/conf.c | 2 +- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/configure.ac b/configure.ac index 4db75cf..6bc69bf 100644 --- a/configure.ac +++ b/configure.ac @@ -372,7 +372,9 @@ AM_CONDITIONAL([ENABLE_CAP], [test "x$enable_capabilities" = "xyes"]) AM_COND_IF([ENABLE_CAP], [AC_CHECK_HEADER([sys/capability.h],[],[AC_MSG_ERROR([You must install the libcap development package in order to compile lxc])]) AC_CHECK_LIB(cap,cap_set_proc,[],[AC_MSG_ERROR([You must install the libcap development package in order to compile lxc])]) - AC_SUBST([CAP_LIBS], [-lcap])]) + # Test whether we support getting file capabilities via cap_get_file(). + AC_CHECK_LIB(cap,cap_get_file, AC_DEFINE(HAVE_FILE_CAPABILITIES,1,[Have cap_get_file]),[],[]) + AC_SUBST([CAP_LIBS], [-lcap])]) # HAVE_SCMP_FILTER_CTX=1 will tell us we have libseccomp api >= 1.0.0 OLD_CFLAGS="$CFLAGS" diff --git a/src/lxc/caps.c b/src/lxc/caps.c index 2d6a3b8..dac05b9 100644 --- a/src/lxc/caps.c +++ b/src/lxc/caps.c @@ -225,10 +225,7 @@ static bool lxc_cap_is_set(cap_t caps, cap_value_t cap, cap_flag_t flag) bool lxc_file_cap_is_set(const char *path, cap_value_t cap, cap_flag_t flag) { - /* Android's bionic currently seems to lack support for cap_get_file(). */ - #if IS_BIONIC - return true; - #else + #if HAVE_FILE_CAPABILITIES bool cap_is_set; cap_t caps; @@ -247,6 +244,8 @@ bool lxc_file_cap_is_set(const char *path, cap_value_t cap, cap_flag_t flag) cap_is_set = lxc_cap_is_set(caps, cap, flag); cap_free(caps); return cap_is_set; + #else + return true; #endif } diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 999f2eb..49ac150 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -3353,7 +3353,7 @@ static int idmaptool_on_path_and_privileged(const char *binary, cap_value_t cap) goto cleanup; } - #if HAVE_LIBCAP && !IS_BIONIC + #if HAVE_LIBCAP && HAVE_FILE_CAPABILITIES /* Check if it has the CAP_SETUID capability. */ if ((cap & CAP_SETUID) && lxc_file_cap_is_set(path, CAP_SETUID, CAP_EFFECTIVE) &&
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
