summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_capability.c
diff options
context:
space:
mode:
authorTiago Natel de Moura <t.nateldemoura@f5.com>2019-12-16 17:12:09 +0000
committerTiago Natel de Moura <t.nateldemoura@f5.com>2019-12-16 17:12:09 +0000
commiteced72ba25a1aced3553ac4e8499c4c2befd2a91 (patch)
tree374ea3a116ce8624228490eab64721f1227bd3a1 /src/nxt_capability.c
parent96a9a790a00c0d0dc4c3f71ced0a6e1ebeca72f7 (diff)
downloadunit-eced72ba25a1aced3553ac4e8499c4c2befd2a91.tar.gz
unit-eced72ba25a1aced3553ac4e8499c4c2befd2a91.tar.bz2
Using the 64-bit Linux capability mode when available.
For backward compatibility, the Linux capabilities macros exposes v1 semantics (32-bit) by default. We probe the version at runtime (because of pre-compiled binaries) but the kernel syscall API is conservative and it doesn't return a 64-bit capability version if the input version is v1. This patch suppress the kernel > 5.0 dmesg log below: capability: warning: 'unitd' uses 32-bit capabilities (legacy support in use)
Diffstat (limited to '')
-rw-r--r--src/nxt_capability.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/src/nxt_capability.c b/src/nxt_capability.c
index 805faff6..dfa7a834 100644
--- a/src/nxt_capability.c
+++ b/src/nxt_capability.c
@@ -10,6 +10,16 @@
#include <linux/capability.h>
#include <sys/syscall.h>
+
+#if (_LINUX_CAPABILITY_VERSION_3)
+#define NXT_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3
+#elif (_LINUX_CAPABILITY_VERSION_2)
+#define NXT_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_2
+#else
+#define NXT_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION
+#endif
+
+
#define nxt_capget(hdrp, datap) \
syscall(SYS_capget, hdrp, datap)
#define nxt_capset(hdrp, datap) \
@@ -43,7 +53,7 @@ nxt_capability_linux_get_version()
{
struct __user_cap_header_struct hdr;
- hdr.version = _LINUX_CAPABILITY_VERSION;
+ hdr.version = NXT_CAPABILITY_VERSION;
hdr.pid = nxt_pid;
nxt_capget(&hdr, NULL);