# HG changeset patch # User Roman Arutyunyan # Date 1513620579 -10800 # Node ID 56923e8e01a5bd56c3f3d1361ef01e871c37dd4e # Parent 84e53e4735a4930de47f92e7d5765c8489a87cf6 Improved the capabilities feature detection. Previously included file sys/capability.h mentioned in capset(2) man page, belongs to the libcap-dev package, which may not be installed on some Linux systems when compiling nginx. This prevented the capabilities feature from being detected and compiled on that systems. Now linux/capability.h system header is included instead. Since capset() declaration is located in sys/capability.h, now capset() syscall is defined explicitly in code using the SYS_capset constant, similarly to other Linux-specific features in nginx. diff --git a/auto/os/linux b/auto/os/linux --- a/auto/os/linux +++ b/auto/os/linux @@ -174,7 +174,8 @@ ngx_feature_test="if (prctl(PR_SET_KEEPC ngx_feature="capabilities" ngx_feature_name="NGX_HAVE_CAPABILITIES" ngx_feature_run=no -ngx_feature_incs="#include " +ngx_feature_incs="#include + #include " ngx_feature_path= ngx_feature_libs= ngx_feature_test="struct __user_cap_data_struct data; @@ -184,7 +185,7 @@ ngx_feature_test="struct __user_cap_data data.effective = CAP_TO_MASK(CAP_NET_RAW); data.permitted = 0; - (void) capset(&header, &data)" + (void) SYS_capset" . auto/feature diff --git a/src/os/unix/ngx_linux_config.h b/src/os/unix/ngx_linux_config.h --- a/src/os/unix/ngx_linux_config.h +++ b/src/os/unix/ngx_linux_config.h @@ -100,7 +100,7 @@ typedef struct iocb ngx_aiocb_t; #if (NGX_HAVE_CAPABILITIES) -#include +#include #endif diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c --- a/src/os/unix/ngx_process_cycle.c +++ b/src/os/unix/ngx_process_cycle.c @@ -869,7 +869,7 @@ ngx_worker_process_init(ngx_cycle_t *cyc data.effective = CAP_TO_MASK(CAP_NET_RAW); data.permitted = data.effective; - if (capset(&header, &data) == -1) { + if (syscall(SYS_capset, &header, &data) == -1) { ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, "capset() failed"); /* fatal */