diff options
| author |   clg@linux.vnet.ibm.com <clg@linux.vnet.ibm.com> | 2010-05-27 12:17:40 +0200 |
|---|---|---|
| committer |   Daniel Lezcano <dlezcano@fr.ibm.com> | 2010-05-27 12:17:40 +0200 |
| commit | 0af683cf29633c8655c3dd07eb75feaf2e8cc3cb (patch) | |
| tree | 0a58e1d0f7cee062fce73696f3a2679817a85707 /configure.ac | |
| parent | introduce a sync API (diff) | |
| download | lxc-0af683cf29633c8655c3dd07eb75feaf2e8cc3cb.tar.gz lxc-0af683cf29633c8655c3dd07eb75feaf2e8cc3cb.tar.bz2 lxc-0af683cf29633c8655c3dd07eb75feaf2e8cc3cb.zip | |
drop capabilities in lxc-init (V2)
capabilities are reseted just after the filesystem is mounted.
lxc_setup_fs() is moved up, before the process is forked.
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 46e8ff7..83e01d5 100644 --- a/configure.ac +++ b/configure.ac @@ -72,6 +72,15 @@ AC_CHECK_HEADERS([linux/netlink.h linux/genetlink.h], AC_CHECK_HEADERS([sys/capability.h], [], AC_MSG_ERROR([please install libcap-devel.]), [#include <sys/types.h> #include <sys/capability.h>]) +AC_CHECK_LIB(cap,cap_set_proc,caplib=yes,caplib=no) +AC_MSG_CHECKING([linux capabilities]) +if test "x$caplib" = "xyes" ; then + CAP_LIBS="-lcap" + AC_MSG_RESULT([$CAP_LIBS]) +else + AC_MSG_ERROR([not found]) +fi +AC_SUBST([CAP_LIBS]) # Some systems lack PR_CAPBSET_DROP definition => HAVE_DECL_PR_CAPBSET_DROP AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include <sys/prctl.h>]) |