From 3034eaf5ceebc3b8d8461680a2cd3c61e796fc7d Mon Sep 17 00:00:00 2001
From: Daniel Golle <daniel@makrotopia.org>
Date: Sat, 11 Jul 2020 11:03:56 +0100
Subject: [PATCH] jail: use linux/capability.h instead of sys/capability.h

Remove bogus build-dependency on libcap by using linux uapi header
and libc-provided syscall wrappers for capget/capset.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---
 jail/capabilities.c | 2 --
 jail/capabilities.h | 5 +++++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/jail/capabilities.c b/jail/capabilities.c
index 3c95f81..8b8e1a3 100644
--- a/jail/capabilities.c
+++ b/jail/capabilities.c
@@ -15,8 +15,6 @@
 #define _GNU_SOURCE 1
 #include <syslog.h>
 #include <sys/prctl.h>
-#include <sys/capability.h>
-
 #include <libubox/blobmsg.h>
 #include <libubox/blobmsg_json.h>
 
diff --git a/jail/capabilities.h b/jail/capabilities.h
index cc5f54d..f75a34f 100644
--- a/jail/capabilities.h
+++ b/jail/capabilities.h
@@ -14,6 +14,7 @@
 #define _JAIL_CAPABILITIES_H_
 
 #include <libubox/blobmsg.h>
+#include <linux/capability.h>
 
 struct jail_capset {
 	uint64_t bounding;
@@ -29,4 +30,8 @@ int drop_capabilities(const char *file);
 int parseOCIcapabilities(struct jail_capset *capset, struct blob_attr *msg);
 int applyOCIcapabilities(struct jail_capset capset);
 
+/* capget/capset syscall wrappers are provided by libc */
+extern int capget(cap_user_header_t header, cap_user_data_t data);
+extern int capset(cap_user_header_t header, const cap_user_data_t data);
+
 #endif
-- 
2.30.2