diff options
author | Tiago Natel de Moura <t.nateldemoura@f5.com> | 2019-12-16 17:12:09 +0000 |
---|---|---|
committer | Tiago Natel de Moura <t.nateldemoura@f5.com> | 2019-12-16 17:12:09 +0000 |
commit | eced72ba25a1aced3553ac4e8499c4c2befd2a91 (patch) | |
tree | 374ea3a116ce8624228490eab64721f1227bd3a1 /src/nxt_capability.c | |
parent | 96a9a790a00c0d0dc4c3f71ced0a6e1ebeca72f7 (diff) | |
download | unit-eced72ba25a1aced3553ac4e8499c4c2befd2a91.tar.gz unit-eced72ba25a1aced3553ac4e8499c4c2befd2a91.tar.bz2 |
Using the 64-bit Linux capability mode when available.
For backward compatibility, the Linux capabilities macros exposes v1 semantics
(32-bit) by default. We probe the version at runtime (because of pre-compiled
binaries) but the kernel syscall API is conservative and it doesn't return a
64-bit capability version if the input version is v1.
This patch suppress the kernel > 5.0 dmesg log below:
capability: warning: 'unitd' uses 32-bit capabilities (legacy support in use)
Diffstat (limited to '')
-rw-r--r-- | src/nxt_capability.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/nxt_capability.c b/src/nxt_capability.c index 805faff6..dfa7a834 100644 --- a/src/nxt_capability.c +++ b/src/nxt_capability.c @@ -10,6 +10,16 @@ #include <linux/capability.h> #include <sys/syscall.h> + +#if (_LINUX_CAPABILITY_VERSION_3) +#define NXT_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3 +#elif (_LINUX_CAPABILITY_VERSION_2) +#define NXT_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_2 +#else +#define NXT_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION +#endif + + #define nxt_capget(hdrp, datap) \ syscall(SYS_capget, hdrp, datap) #define nxt_capset(hdrp, datap) \ @@ -43,7 +53,7 @@ nxt_capability_linux_get_version() { struct __user_cap_header_struct hdr; - hdr.version = _LINUX_CAPABILITY_VERSION; + hdr.version = NXT_CAPABILITY_VERSION; hdr.pid = nxt_pid; nxt_capget(&hdr, NULL); |