Add option to drop Linux capabilities Conflicts with setuid support, but that is commonly not enabled.

commit: f4404effa45ce378a8a72f2fff9641c7d7a0cc6f [log] [tgz]
author: Christian Göttsche <cgzones@googlemail.com> Wed Sep 02 14:39:25 2020 +0200
committer: BenBE <BenBE@geshi.org> Mon Jan 11 20:19:51 2021 +0100
tree: 742f042db6c21e5c2203bceb4a88c5b50bf744a8
parent: d72b0a682ecad0a8d5793022733447e855a61798 [diff] [blame]
diff --git a/configure.ac b/configure.ac
index 227f6b1..1feeb0f 100644
--- a/configure.ac
+++ b/configure.ac

@@ -307,6 +307,13 @@
    AC_DEFINE(HAVE_SETUID_ENABLED, 1, [Define if setuid support should be enabled.])
 fi
 
+AC_ARG_WITH(capabilities, [AS_HELP_STRING([--with-capabilities], [Enable option to drop Linux capabilities via libcap])],, with_capabilities="no")
+if test "x$with_capabilities" = xyes
+then
+  AC_CHECK_LIB([cap], [cap_init], [], [missing_libraries="$missing_libraries libcap"])
+  AC_CHECK_HEADERS([sys/capability.h], [:], [missing_headers="$missing_headers $ac_header"])
+fi
+
 AC_ARG_ENABLE(delayacct, [AS_HELP_STRING([--enable-delayacct], [enable Linux delay accounting])],, enable_delayacct="no")
 if test "x$enable_delayacct" = xyes; then
    m4_ifdef([PKG_PROG_PKG_CONFIG], [
@@ -408,6 +415,7 @@
   (Linux) affinity:          $enable_linux_affinity
   (Linux) delay accounting:  $enable_delayacct
   (Linux) sensors:           $with_sensors
+  (Linux) capabilities:      $with_capabilities
   unicode:                   $enable_unicode
   hwloc:                     $enable_hwloc
   setuid:                    $enable_setuid
commit	f4404effa45ce378a8a72f2fff9641c7d7a0cc6f	[log] [tgz]
author	Christian Göttsche <cgzones@googlemail.com>	Wed Sep 02 14:39:25 2020 +0200
committer	BenBE <BenBE@geshi.org>	Mon Jan 11 20:19:51 2021 +0100
tree	742f042db6c21e5c2203bceb4a88c5b50bf744a8
parent	d72b0a682ecad0a8d5793022733447e855a61798 [diff] [blame]