check_capability: explicitly target recent linux implementations

author Marc Fournier <marc.fournier@camptocamp.com>

Tue, 17 May 2016 05:36:34 +0000 (07:36 +0200)

committer Marc Fournier <marc.fournier@camptocamp.com>

Wed, 10 Aug 2016 06:07:33 +0000 (08:07 +0200)
author Marc Fournier <marc.fournier@camptocamp.com>
Tue, 17 May 2016 05:36:34 +0000 (07:36 +0200)
committer Marc Fournier <marc.fournier@camptocamp.com>
Wed, 10 Aug 2016 06:07:33 +0000 (08:07 +0200)
diff --git a/src/ceph.c b/src/ceph.c

index e9bb960d9492958992dfabe336b3cfcd1e5d6bea..8cda764fc6f41d3a28d41192bab2281d8f3b9da8 100644 (file)
--- a/src/ceph.c
+++ b/src/ceph.c
@@ -1577,7 +1577,7 @@ static int ceph_init(void)
  {
      int ret;
  
-#ifdef HAVE_SYS_CAPABILITY_H
+#if defined(HAVE_SYS_CAPABILITY_H) && defined(CAP_DAC_OVERRIDE)
    if (check_capability (CAP_DAC_OVERRIDE) != 0)
    {
      if (getuid () == 0)
diff --git a/src/daemon/common.c b/src/daemon/common.c

index 3e2db15a78a4230beaa8eb037b1763169c84df7c..765619160cbcda31cba551e13f2be4eba66e0b56 100644 (file)
--- a/src/daemon/common.c
+++ b/src/daemon/common.c
@@ -1676,6 +1676,7 @@ void strarray_free (char **array, size_t array_len) /* {{{ */
  #ifdef HAVE_SYS_CAPABILITY_H
  int check_capability (int capability) /* {{{ */
  {
+#ifdef _LINUX_CAPABILITY_VERSION_3
         struct __user_cap_header_struct cap_header_data;
         cap_user_header_t cap_header = &cap_header_data;
         struct __user_cap_data_struct cap_data_data;
@@ -1693,5 +1694,10 @@ int check_capability (int capability) /* {{{ */
                 return (-1);
         else
                 return (0);
+#else
+       WARNING ("check_capability: unsupported capability implementation. "
+           "Some plugin(s) may require elevated privileges to work properly.");
+       return (0);
+#endif /* _LINUX_CAPABILITY_VERSION_3 */
  } /* }}} int check_capability */
-#endif
+#endif /* HAVE_SYS_CAPABILITY_H */
diff --git a/src/dns.c b/src/dns.c

index be6d0dcb4223684e31c62e51a903ae0f853e83ef..53128396232b848c34645010dcbc64d36eac1281 100644 (file)
--- a/src/dns.c
+++ b/src/dns.c
@@ -351,7 +351,7 @@ static int dns_init (void)
  
         listen_thread_init = 1;
  
-#ifdef HAVE_SYS_CAPABILITY_H
+#if defined(HAVE_SYS_CAPABILITY_H) && defined(CAP_NET_RAW)
         if (check_capability (CAP_NET_RAW) != 0)
         {
                 if (getuid () == 0)
diff --git a/src/exec.c b/src/exec.c

index c51465b810064162517a4e3f53bae9107a7a5b19..1a14293eb7fafdb0c7aa099284bfc5b675d2792c 100644 (file)
--- a/src/exec.c
+++ b/src/exec.c
@@ -810,7 +810,7 @@ static int exec_init (void) /* {{{ */
  
    sigaction (SIGCHLD, &sa, NULL);
  
-#ifdef HAVE_SYS_CAPABILITY_H
+#if defined(HAVE_SYS_CAPABILITY_H) && defined(CAP_SETUID) && defined(CAP_SETGID)
    if ((check_capability (CAP_SETUID) != 0) ||
        (check_capability (CAP_SETGID) != 0))
    {
diff --git a/src/iptables.c b/src/iptables.c

index 66dbab7fbf9913eeb9a7f9af08bbac96e56095ea..c0854b3f38148f62837699b2289f75e2a22e743a 100644 (file)
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -505,7 +505,7 @@ static int iptables_shutdown (void)
  
  static int iptables_init (void)
  {
-#ifdef HAVE_SYS_CAPABILITY_H
+#if defined(HAVE_SYS_CAPABILITY_H) && defined(CAP_NET_ADMIN)
      if (check_capability (CAP_NET_ADMIN) != 0)
      {
          if (getuid () == 0)
diff --git a/src/ping.c b/src/ping.c

index 9b5d5ca581a04b6e43820992545efedf2cad759f..7b28ed37d0c409733b22df09a51e587149f4068d 100644 (file)
--- a/src/ping.c
+++ b/src/ping.c
@@ -452,7 +452,7 @@ static int ping_init (void) /* {{{ */
          "Will use a timeout of %gs.", ping_timeout);
    }
  
-#ifdef HAVE_SYS_CAPABILITY_H
+#if defined(HAVE_SYS_CAPABILITY_H) && defined(CAP_NET_RAW)
    if (check_capability (CAP_NET_RAW) != 0)
    {
      if (getuid () == 0)
diff --git a/src/turbostat.c b/src/turbostat.c

index 6e0405d01aaf896d6879b4cbebbe0af3d15e7e03..a1faac4819856c3d8087aa4dfeb6a302f75495b7 100644 (file)
--- a/src/turbostat.c
+++ b/src/turbostat.c
@@ -1480,13 +1480,13 @@ check_permissions(void)
         if (getuid() == 0) {
                 /* We have everything we need */
                 return 0;
-#ifndef HAVE_SYS_CAPABILITY_H
+#if !defined(HAVE_SYS_CAPABILITY_H) && !defined(CAP_SYS_RAWIO)
         } else {
                 ERROR("turbostat plugin: Initialization failed: this plugin "
                       "requires collectd to run as root");
                 return -1;
         }
-#else /* HAVE_SYS_CAPABILITY_H */
+#else /* HAVE_SYS_CAPABILITY_H && CAP_SYS_RAWIO */
         }
  
         if (check_capability(CAP_SYS_RAWIO) != 0) {
@@ -1511,7 +1511,7 @@ check_permissions(void)
                       "collectd a special capability (CAP_SYS_RAWIO) and read "
                        "access to /dev/cpu/*/msr (see previous warnings)");
         return ret;
-#endif /* HAVE_SYS_CAPABILITY_H */
+#endif /* HAVE_SYS_CAPABILITY_H && CAP_SYS_RAWIO */
  }
  
  static int
author	Marc Fournier <marc.fournier@camptocamp.com>
	Tue, 17 May 2016 05:36:34 +0000 (07:36 +0200)
committer	Marc Fournier <marc.fournier@camptocamp.com>
	Wed, 10 Aug 2016 06:07:33 +0000 (08:07 +0200)
src/ceph.c		patch \| blob \| history
src/daemon/common.c		patch \| blob \| history
src/dns.c		patch \| blob \| history
src/exec.c		patch \| blob \| history
src/iptables.c		patch \| blob \| history
src/ping.c		patch \| blob \| history
src/turbostat.c		patch \| blob \| history