* [PATCH] Fix nscd HAVE_LIBCAP
@ 2007-03-22 16:38 Jakub Jelinek
2007-03-23 16:10 ` Jakub Jelinek
0 siblings, 1 reply; 2+ messages in thread
From: Jakub Jelinek @ 2007-03-22 16:38 UTC (permalink / raw)
To: Ulrich Drepper; +Cc: Glibc hackers
Hi!
While configure.in has AC_DEFINE(HAVE_LIBCAP), config.h.in doesn't and
so it was never defined. After defining this I found a couple of compile
time bugs that were masked by it.
2007-03-22 Jakub Jelinek <jakub@redhat.com>
* config.h.in (HAVE_LIBCAP): Add.
* nscd/selinux.h: Include sys/capability.h rather than non-existent
sys/capabilities.h.
* nscd/selinux.c (preserve_capabilities): Use cap_free instead of
free_caps. Cast away const from 4th cap_set_flag argument.
--- libc/config.h.in.jj 2006-10-31 23:05:27.000000000 +0100
+++ libc/config.h.in 2007-03-22 16:39:46.000000000 +0100
@@ -19,6 +19,9 @@
/* Defined if building with SELinux support & audit libs are detected. */
#undef HAVE_LIBAUDIT
+/* Defined if building with SELinux support & libcap libs are detected. */
+#undef HAVE_LIBCAP
+
/* Define if using XCOFF. Set by --with-xcoff. */
#undef HAVE_XCOFF
--- libc/nscd/selinux.h.jj 2006-04-26 18:27:39.000000000 +0200
+++ libc/nscd/selinux.h 2007-03-22 16:47:50.000000000 +0100
@@ -1,5 +1,5 @@
/* Header for nscd SELinux access controls.
- Copyright (C) 2004, 2006 Free Software Foundation, Inc.
+ Copyright (C) 2004, 2006, 2007 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Matthew Rickard <mjricka@epoch.ncsc.mil>, 2004.
@@ -23,7 +23,7 @@
#include "nscd.h"
#ifdef HAVE_LIBCAP
-# include <sys/capabilities.h>
+# include <sys/capability.h>
#endif
#ifdef HAVE_SELINUX
--- libc/nscd/selinux.c.jj 2007-01-15 23:25:28.000000000 +0100
+++ libc/nscd/selinux.c 2007-03-22 17:21:36.000000000 +0100
@@ -187,18 +187,22 @@ preserve_capabilities (void)
if (tmp_caps == NULL || new_caps == NULL)
{
if (tmp_caps != NULL)
- free_caps (tmp_caps);
+ cap_free (tmp_caps);
dbg_log (_("Failed to initialize drop of capabilities"));
error (EXIT_FAILURE, 0, _("cap_init failed"));
}
/* There is no reason why these should not work. */
- cap_set_flag (new_caps, CAP_PERMITTED, nnew_cap_list, new_cap_list, CAP_SET);
- cap_set_flag (new_caps, CAP_EFFECTIVE, nnew_cap_list, new_cap_list, CAP_SET);
-
- cap_set_flag (tmp_caps, CAP_PERMITTED, ntmp_cap_list, tmp_cap_list, CAP_SET);
- cap_set_flag (tmp_caps, CAP_EFFECTIVE, ntmp_cap_list, tmp_cap_list, CAP_SET);
+ cap_set_flag (new_caps, CAP_PERMITTED, nnew_cap_list,
+ (cap_value_t *) new_cap_list, CAP_SET);
+ cap_set_flag (new_caps, CAP_EFFECTIVE, nnew_cap_list,
+ (cap_value_t *) new_cap_list, CAP_SET);
+
+ cap_set_flag (tmp_caps, CAP_PERMITTED, ntmp_cap_list,
+ (cap_value_t *) tmp_cap_list, CAP_SET);
+ cap_set_flag (tmp_caps, CAP_EFFECTIVE, ntmp_cap_list,
+ (cap_value_t *) tmp_cap_list, CAP_SET);
int res = cap_set_proc (tmp_caps);
Jakub
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] Fix nscd HAVE_LIBCAP
2007-03-22 16:38 [PATCH] Fix nscd HAVE_LIBCAP Jakub Jelinek
@ 2007-03-23 16:10 ` Jakub Jelinek
0 siblings, 0 replies; 2+ messages in thread
From: Jakub Jelinek @ 2007-03-23 16:10 UTC (permalink / raw)
To: Ulrich Drepper; +Cc: Glibc hackers
On Thu, Mar 22, 2007 at 05:42:25PM +0100, Jakub Jelinek wrote:
> 2007-03-22 Jakub Jelinek <jakub@redhat.com>
>
> * config.h.in (HAVE_LIBCAP): Add.
> * nscd/selinux.h: Include sys/capability.h rather than non-existent
> sys/capabilities.h.
> * nscd/selinux.c (preserve_capabilities): Use cap_free instead of
> free_caps. Cast away const from 4th cap_set_flag argument.
When this is applied, check-local-headers complains about sys/capability.h,
which isn't a glibc header.
Fixed thusly:
2007-03-23 Jakub Jelinek <jakub@redhat.com>
* scripts/check-local-headers.sh: Filter out sys/capability.h.
--- libc/scripts/check-local-headers.sh.jj 2007-01-15 23:25:30.000000000 +0100
+++ libc/scripts/check-local-headers.sh 2007-03-23 17:05:08.000000000 +0100
@@ -30,6 +30,7 @@ if fgrep "$includedir" */*.{o,os,oS}.d |
fgrep -v "$includedir/asm" |
fgrep -v "$includedir/linux" |
fgrep -v "$includedir/selinux" |
+fgrep -v "$includedir/sys/capability.h" |
fgrep -v "$includedir/gd"; then
# If we found a match something is wrong.
exit 1
Jakub
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-03-23 16:10 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-03-22 16:38 [PATCH] Fix nscd HAVE_LIBCAP Jakub Jelinek
2007-03-23 16:10 ` Jakub Jelinek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).