[lxc-devel] [PATCH 11/21] Don't hard depend on capability.h and libcap

Stéphane Graber stgraber at ubuntu.com
Thu Jan 3 17:24:12 UTC 2013 

In the effort to make LXC work with non-standard Linux distros, this change
allows for the user to build LXC without capability support.

This effectively will cause LXC not to link against libcap and will turn all
the _cap_ functions into no-ops.

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 src/lxc/caps.c  |  6 +++++-
 src/lxc/caps.h  | 24 ++++++++++++++++++++++++
 src/lxc/conf.c  | 11 ++++++++++-
 src/lxc/start.c | 15 ++++++++++++++-
 4 files changed, 53 insertions(+), 3 deletions(-)

diff --git a/src/lxc/caps.c b/src/lxc/caps.c
index 94c134d..53c552b 100644
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -27,13 +27,16 @@
 #include <stdlib.h>
 #include <limits.h>
 #include <sys/prctl.h>
-#include <sys/capability.h>
 #include <errno.h>
 
+#include "config.h"
 #include "log.h"
 
 lxc_log_define(lxc_caps, lxc);
 
+#if HAVE_SYS_CAPABILITY_H
+#include <sys/capability.h>
+
 int lxc_caps_reset(void)
 {
 	cap_t cap = cap_init();
@@ -258,3 +261,4 @@ int lxc_caps_check(void)
 
 	return 1;
 }
+#endif
diff --git a/src/lxc/caps.h b/src/lxc/caps.h
index 88cf09e..9b86215 100644
--- a/src/lxc/caps.h
+++ b/src/lxc/caps.h
@@ -20,9 +20,12 @@
  * License along with this library; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  */
+#include "config.h"
+
 #ifndef _caps_h
 #define _caps_h
 
+#if HAVE_SYS_CAPABILITY_H
 extern int lxc_caps_reset(void);
 extern int lxc_caps_down(void);
 extern int lxc_caps_up(void);
@@ -30,6 +33,27 @@ extern int lxc_caps_init(void);
 extern int lxc_caps_check(void);
 
 extern int lxc_caps_last_cap(void);
+#else
+static inline int lxc_caps_reset(void) {
+        return 0;
+}
+static inline int lxc_caps_down(void) {
+        return 0;
+}
+static inline int lxc_caps_up(void) {
+        return 0;
+}
+static inline int lxc_caps_init(void) {
+        return 0;
+}
+static inline int lxc_caps_check(void) {
+        return 0;
+}
+
+static inline int lxc_caps_last_cap(void) {
+        return 0;
+}
+#endif
 
 #define lxc_priv(__lxc_function)			\
 	({						\
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 49bba2a..25b75d7 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -48,7 +48,6 @@
 #include <sys/mount.h>
 #include <sys/mman.h>
 #include <sys/prctl.h>
-#include <sys/capability.h>
 #include <sys/personality.h>
 
 #include <arpa/inet.h>
@@ -71,6 +70,10 @@
 #include <apparmor.h>
 #endif
 
+#if HAVE_SYS_CAPABILITY_H
+#include <sys/capability.h>
+#endif
+
 #include "lxcseccomp.h"
 
 lxc_log_define(lxc_conf, lxc);
@@ -104,6 +107,7 @@ lxc_log_define(lxc_conf, lxc);
 #define MS_STRICTATIME (1 << 24)
 #endif
 
+#if HAVE_SYS_CAPABILITY_H
 #ifndef CAP_SETFCAP
 #define CAP_SETFCAP 31
 #endif
@@ -115,6 +119,7 @@ lxc_log_define(lxc_conf, lxc);
 #ifndef CAP_MAC_ADMIN
 #define CAP_MAC_ADMIN 33
 #endif
+#endif
 
 #ifndef PR_CAPBSET_DROP
 #define PR_CAPBSET_DROP 24
@@ -199,6 +204,7 @@ static struct mount_opt mount_opt[] = {
 	{ NULL,            0, 0              },
 };
 
+#if HAVE_SYS_CAPABILITY_H
 static struct caps_opt caps_opt[] = {
 	{ "chown",             CAP_CHOWN             },
 	{ "dac_override",      CAP_DAC_OVERRIDE      },
@@ -245,6 +251,9 @@ static struct caps_opt caps_opt[] = {
 	{ "wake_alarm",        CAP_WAKE_ALARM        },
 #endif
 };
+#else
+static struct caps_opt caps_opt[] = {};
+#endif
 
 static int run_buffer(char *buffer)
 {
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 3452022..271764e 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -41,12 +41,15 @@
 #include <sys/socket.h>
 #include <sys/prctl.h>
 #include <sys/types.h>
-#include <sys/capability.h>
 #include <sys/wait.h>
 #include <sys/un.h>
 #include <sys/poll.h>
 #include <sys/syscall.h>
 
+#if HAVE_SYS_CAPABILITY_H
+#include <sys/capability.h>
+#endif
+
 #ifdef HAVE_SYS_SIGNALFD_H
 #  include <sys/signalfd.h>
 #else
@@ -339,10 +342,14 @@ int lxc_poll(const char *name, struct lxc_handler *handler)
 	}
 
 	if (handler->conf->need_utmp_watch) {
+		#if HAVE_SYS_CAPABILITY_H
 		if (lxc_utmp_mainloop_add(&descr, handler)) {
 			ERROR("failed to add utmp handler to mainloop");
 			goto out_mainloop_open;
 		}
+		#else
+			DEBUG("Can't start utmp handler as capabilities aren't supported\n");
+		#endif
 	}
 
 	return lxc_mainloop(&descr);
@@ -553,6 +560,7 @@ static int do_start(void *data)
 	if (lxc_sync_barrier_parent(handler, LXC_SYNC_CONFIGURE))
 		return -1;
 
+	#if HAVE_SYS_CAPABILITY_H
 	if (handler->conf->need_utmp_watch) {
 		if (prctl(PR_CAPBSET_DROP, CAP_SYS_BOOT, 0, 0, 0)) {
 			SYSERROR("failed to remove CAP_SYS_BOOT capability");
@@ -560,6 +568,7 @@ static int do_start(void *data)
 		}
 		DEBUG("Dropped cap_sys_boot\n");
 	}
+	#endif
 
 	/* Setup the container, ip, names, utsname, ... */
 	if (lxc_setup(handler->name, handler->conf)) {
@@ -752,7 +761,11 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
 	handler->data = data;
 
 	if (must_drop_cap_sys_boot()) {
+		#if HAVE_SYS_CAPABILITY_H
 		DEBUG("Dropping cap_sys_boot\n");
+		#else
+		DEBUG("Can't drop cap_sys_boot as capabilities aren't supported\n");
+		#endif
 	} else {
 		DEBUG("Not dropping cap_sys_boot or watching utmp\n");
 		handler->conf->need_utmp_watch = 0;
-- 
1.8.0

More information about the lxc-devel mailing list