jail: use linux/capability.h instead of sys/capability.h

Remove bogus build-dependency on libcap by using linux uapi header and libc-provided syscall wrappers for capget/capset. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
author: Daniel Golle 2020-07-11 10:03:56 +0000
committer: Daniel Golle 2020-07-11 10:24:08 +0000
commit: 3034eaf5ceebc3b8d8461680a2cd3c61e796fc7d (patch)
tree: fd7beb5db21febe4e1a0bc545f3e40c6a685a718
parent: 347367193dc2df7d8c2578b426089c11adbc4f6b (diff)
download: procd-3034eaf5ceebc3b8d8461680a2cd3c61e796fc7d.tar.gz
2 files changed, 5 insertions, 2 deletions
diff --git a/jail/capabilities.c b/jail/capabilities.c
index 3c95f81..8b8e1a3 100644
--- a/jail/capabilities.c
+++ b/jail/capabilities.c
@@ -15,8 +15,6 @@
 #define _GNU_SOURCE 1
 #include <syslog.h>
 #include <sys/prctl.h>
-#include <sys/capability.h>
-
 #include <libubox/blobmsg.h>
 #include <libubox/blobmsg_json.h>
 
diff --git a/jail/capabilities.h b/jail/capabilities.h
index cc5f54d..f75a34f 100644
--- a/jail/capabilities.h
+++ b/jail/capabilities.h
@@ -14,6 +14,7 @@
 #define _JAIL_CAPABILITIES_H_
 
 #include <libubox/blobmsg.h>
+#include <linux/capability.h>
 
 struct jail_capset {
 	uint64_t bounding;
@@ -29,4 +30,8 @@ int drop_capabilities(const char *file);
 int parseOCIcapabilities(struct jail_capset *capset, struct blob_attr *msg);
 int applyOCIcapabilities(struct jail_capset capset);
 
+/* capget/capset syscall wrappers are provided by libc */
+extern int capget(cap_user_header_t header, cap_user_data_t data);
+extern int capset(cap_user_header_t header, const cap_user_data_t data);
+
 #endif
author	Daniel Golle	2020-07-11 10:03:56 +0000
committer	Daniel Golle	2020-07-11 10:24:08 +0000
commit	3034eaf5ceebc3b8d8461680a2cd3c61e796fc7d (patch)
tree	fd7beb5db21febe4e1a0bc545f3e40c6a685a718
parent	347367193dc2df7d8c2578b426089c11adbc4f6b (diff)
download	procd-3034eaf5ceebc3b8d8461680a2cd3c61e796fc7d.tar.gz