Add support for FreeBSD <sys/capability.h>

cap_init() and friends are Linux-specific, so only use them if we're on
Linux.

Add support for FreeBSD capabilities if we find <sys/capability.h> to be
available there.

Add an #else (not Linux or FreeBSD) case with an #error requesting
contributions for other platforms.

This patch keeps the cap_init check in configure.ac but removes the
error if it fails.  This will ensure we link to -lcap if needed, but
won't fail for the case that capabilities are part of the core system
(as on FreeBSD).

We do however, modify the header check to ensure we fail if there is no
<sys/capability.h> at all and we are on a system where it could be
installed.  The logic here is that it is better to give the user the
chance to install it than it is to proceed silently with a disabled
security feature on a system where it could easily be supported.
--without-caps remains an option if the user wants to force it.

https://bugs.freedesktop.org/show_bug.cgi?id=72580

diff --git a/configure.ac b/configure.ac
index d4b481776616024f09b00219242b661bcc04fa9f..64ab9faa055e9cac90ce8e95828e1b8ad72a4b1e 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -118,6 +118,10 @@ fi
 
 #### Determine host OS ####
 
+# if the host has the possibility of sys/capability.h for dropping privileges
+# used to determine if we should error out if it is not found
+host_has_caps=0
+
 os_is_linux=0
 os_is_win32=0
 os_is_darwin=0
@@ -126,8 +130,13 @@ AC_MSG_CHECKING([host operating system])
 case "$host_os" in
     linux*)
         AC_MSG_RESULT([linux])
+        host_has_caps=1
         os_is_linux=1
     ;;
+    freebsd*)
+        AC_MSG_RESULT([freebsd])
+        host_has_caps=1
+    ;;
     darwin*)
         AC_MSG_RESULT([darwin])
         os_is_darwin=1
@@ -595,17 +604,16 @@ AS_IF([test "x$HAVE_X11" = "x1"], AC_DEFINE([HAVE_X11], 1, [Have X11?]))
 CAP_LIBS=''
 
 AC_ARG_WITH([caps],
-    AS_HELP_STRING([--without-caps],[Omit support for POSIX capabilities.]))
+    AS_HELP_STRING([--without-caps],[Omit support for dropping capabilities.]))
 
 if test "x${with_caps}" != "xno"; then
-    AC_SEARCH_LIBS([cap_init], [cap], [], [
-                    if test "x${with_caps}" = "xyes" ; then
-                        AC_MSG_ERROR([*** POSIX caps libraries not found])
-                    fi])
+    AC_SEARCH_LIBS([cap_init], [cap], [], [])
+
+    # Only give an error on hosts that we know could support capabilities
     AC_CHECK_HEADERS([sys/capability.h], [], [
-                    if test "x${with_caps}" = "xyes" ; then
-                        AC_MSG_ERROR([*** POSIX caps headers not found])
-                    fi])
+      if test "${host_has_caps}" = "1"; then
+        AC_MSG_ERROR([*** sys/capability.h not found.  Use --without-caps to disable capabilities support.])
+      fi])
 fi
 
 #### Valgrind (optional) ####

diff --git a/src/daemon/caps.c b/src/daemon/caps.c
index 2251cb3738367d0855f9df8c339ab3c0be02bff2..68b79cebd2e53943e2ec8355f20a9130e80702f9 100644 (file)
--- a/src/daemon/caps.c
+++ b/src/daemon/caps.c
@@ -80,12 +80,18 @@ void pa_drop_root(void) {
 
 void pa_drop_caps(void) {
 #ifdef HAVE_SYS_CAPABILITY_H
+#ifdef __linux
     cap_t caps;
     pa_assert_se(caps = cap_init());
     pa_assert_se(cap_clear(caps) == 0);
     pa_assert_se(cap_set_proc(caps) == 0);
     pa_assert_se(cap_free(caps) == 0);
+#elif __FreeBSD__
+    pa_assert_se (cap_enter () == 0);
 #else
+#error Don't know how to do capabilities on your system.  Please send a patch.
+#endif /* __linux */
+#else /* HAVE_SYS_CAPABILITY_H */
     pa_log_warn("Normally all extra capabilities would be dropped now, but "
                 "that's impossible because this Pulseaudio was built without "
                 "libcap support.");