Mercurial > hg > nginx
comparison src/os/unix/ngx_process_cycle.c @ 7175:56923e8e01a5
Improved the capabilities feature detection.
Previously included file sys/capability.h mentioned in capset(2) man page,
belongs to the libcap-dev package, which may not be installed on some Linux
systems when compiling nginx. This prevented the capabilities feature from
being detected and compiled on that systems.
Now linux/capability.h system header is included instead. Since capset()
declaration is located in sys/capability.h, now capset() syscall is defined
explicitly in code using the SYS_capset constant, similarly to other
Linux-specific features in nginx.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Mon, 18 Dec 2017 21:09:39 +0300 |
| parents | 84e53e4735a4 |
| children | 7f28b61c92f0 |
comparison
equal
deleted
inserted
replaced
| 7174:84e53e4735a4 | 7175:56923e8e01a5 |
|---|---|
| 867 | 867 |
| 868 header.version = _LINUX_CAPABILITY_VERSION_3; | 868 header.version = _LINUX_CAPABILITY_VERSION_3; |
| 869 data.effective = CAP_TO_MASK(CAP_NET_RAW); | 869 data.effective = CAP_TO_MASK(CAP_NET_RAW); |
| 870 data.permitted = data.effective; | 870 data.permitted = data.effective; |
| 871 | 871 |
| 872 if (capset(&header, &data) == -1) { | 872 if (syscall(SYS_capset, &header, &data) == -1) { |
| 873 ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, | 873 ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, |
| 874 "capset() failed"); | 874 "capset() failed"); |
| 875 /* fatal */ | 875 /* fatal */ |
| 876 exit(2); | 876 exit(2); |
| 877 } | 877 } |