Commit a937fabd authored by Daniel Salzman's avatar Daniel Salzman

configure: link libcap-ng with knotd only

parent 15694546
......@@ -537,15 +537,36 @@ AS_IF([test "$enable_utilities" = "yes"], [
])
]) # Knot DNS utilities dependencies
AS_IF([test "$enable_daemon" = "yes"], [
PKG_CHECK_MODULES([cap_ng], [cap-ng], [enable_cap_ng=yes], [
enable_cap_ng=no
AC_CHECK_HEADER([cap-ng.h], [
save_LIBS="$LIBS"
AC_SEARCH_LIBS([capng_apply], [cap-ng], [
enable_cap_ng=yes
cap_ng_LIBS="$ac_cv_search_capng_apply"
AC_SUBST([cap_ng_LIBS])
])
LIBS="$save_LIBS"
])
])
], [
enable_cap_ng=no
cap_ng_LIBS=
])
AS_IF([test "$enable_cap_ng" = yes],
[AC_DEFINE([ENABLE_CAP_NG], [1], [POSIX capabilities available])]
)
AC_SEARCH_LIBS([pow], [m])
AC_SEARCH_LIBS([pthread_create], [pthread], [], [AC_MSG_ERROR([pthreads not found])])
AC_SEARCH_LIBS([dlopen], [dl])
AC_SEARCH_LIBS([clock_gettime], [rt])
AC_SEARCH_LIBS([capng_apply], [cap-ng])
# Checks for header files.
AC_HEADER_RESOLV
AC_CHECK_HEADERS_ONCE([cap-ng.h pthread_np.h sys/uio.h])
AC_CHECK_HEADERS_ONCE([pthread_np.h sys/uio.h])
# Checks for optional library functions.
AC_CHECK_FUNCS([accept4 clock_gettime fgetln getline initgroups malloc_trim \
......@@ -633,6 +654,7 @@ result_msg_base=" Knot DNS $VERSION
Utilities with Dnstap: ${enable_dnstap}
MaxMind DB support: ${enable_maxminddb}
Systemd integration: ${enable_systemd}
POSIX capabilities ${enable_cap_ng}
PKCS #11 support: ${enable_pkcs11}
Ed25519 support: ${enable_ed25519}
Code coverage: ${enable_code_coverage}
......
......@@ -105,7 +105,8 @@ knotc_CPPFLAGS = $(AM_CPPFLAGS) $(CFLAG_VISIBILITY) $(libedit_CFLAGS)
knotc_LDADD = libcontrib.la libknotd.la libknotus.la $(libedit_LIBS)
knotc_LDFLAGS = $(AM_LDFLAGS) -rdynamic
knotd_CPPFLAGS = $(AM_CPPFLAGS) $(CFLAG_VISIBILITY) $(liburcu_CFLAGS)
knotd_LDADD = $(malloc_LIBS) libcontrib.la libknotd.la $(liburcu_LIBS)
knotd_LDADD = $(malloc_LIBS) libcontrib.la libknotd.la $(liburcu_LIBS) \
$(cap_ng_LIBS)
knotd_LDFLAGS = $(AM_LDFLAGS) -rdynamic
if HAVE_UTILS
......
......@@ -25,9 +25,9 @@
#include <sys/stat.h>
#include <urcu.h>
#ifdef HAVE_CAP_NG_H
#ifdef ENABLE_CAP_NG
#include <cap-ng.h>
#endif /* HAVE_CAP_NG_H */
#endif
#ifdef ENABLE_SYSTEMD
#include <systemd/sd-daemon.h>
......@@ -186,7 +186,7 @@ static void enable_signals(void)
/*! \brief Drop POSIX 1003.1e capabilities. */
static void drop_capabilities(void)
{
#ifdef HAVE_CAP_NG_H
#ifdef ENABLE_CAP_NG
/* Drop all capabilities. */
if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
capng_clear(CAPNG_SELECT_BOTH);
......@@ -199,7 +199,7 @@ static void drop_capabilities(void)
} else {
log_info("process not allowed to set capabilities, skipping");
}
#endif /* HAVE_CAP_NG_H */
#endif /* ENABLE_CAP_NG */
}
/*! \brief Event loop listening for signals and remote commands. */
......
......@@ -28,7 +28,7 @@ knotd_stdio_SOURCES = \
knotd_stdio_CPPFLAGS = $(AM_CPPFLAGS) $(liburcu_CFLAGS)
knotd_stdio_LDADD = $(top_builddir)/src/libknotd.la $(top_builddir)/src/libcontrib.la \
$(liburcu_LIBS)
$(liburcu_LIBS) $(cap_ng_LIBS)
BUILT_SOURCES = knotd_wrap/main.c
CLEANFILES = knotd_wrap/main.c
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment