jail: use linux/capability.h instead of sys/capability.h

Remove bogus build-dependency on libcap by using linux uapi header
and libc-provided syscall wrappers for capget/capset.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

diff --git a/jail/capabilities.c b/jail/capabilities.c
index 3c95f81199b2640ec88991d9172f83f57a5bf989..8b8e1a38f22dc297450fb2f0579240c2c1fc22a5 100644 (file)
--- a/jail/capabilities.c
+++ b/jail/capabilities.c
@@ -15,8 +15,6 @@
 #define _GNU_SOURCE 1
 #include <syslog.h>
 #include <sys/prctl.h>
-#include <sys/capability.h>
-
 #include <libubox/blobmsg.h>
 #include <libubox/blobmsg_json.h>
 

diff --git a/jail/capabilities.h b/jail/capabilities.h
index cc5f54d4fdc88058a1dbbb9e427f6909c13152e2..f75a34f9434f6bf25320fe6f70c0a05bed144f01 100644 (file)
--- a/jail/capabilities.h
+++ b/jail/capabilities.h
@@ -14,6 +14,7 @@
 #define _JAIL_CAPABILITIES_H_
 
 #include <libubox/blobmsg.h>
+#include <linux/capability.h>
 
 struct jail_capset {
        uint64_t bounding;
@@ -29,4 +30,8 @@ int drop_capabilities(const char *file);
 int parseOCIcapabilities(struct jail_capset *capset, struct blob_attr *msg);
 int applyOCIcapabilities(struct jail_capset capset);
 
+/* capget/capset syscall wrappers are provided by libc */
+extern int capget(cap_user_header_t header, cap_user_data_t data);
+extern int capset(cap_user_header_t header, const cap_user_data_t data);
+
 #endif