2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00

Improve documentation and error messages when libcap is not available

This commit is contained in:
Ondřej Surý
2018-07-02 08:47:32 +02:00
parent cebcd9184e
commit b5ea00158d
4 changed files with 22 additions and 5 deletions

View File

@@ -1,4 +1,6 @@
4986. [func] Linux capabilities now require libcap library. 4986. [func] When built on Linux, BIND now requires the libcap library
to set process privileges, unless capability support is
explicitly overridden with "configure --disable-linux-caps".
[GL #321] [GL #321]
4985. [func] Add a new slave zone option, "mirror", to enable 4985. [func] Add a new slave zone option, "mirror", to enable

6
configure vendored
View File

@@ -19825,7 +19825,8 @@ if test "x$ac_cv_header_sys_capability_h" = xyes; then :
_ACEOF _ACEOF
else else
as_fn_error $? "sys/capability.h header is required for Linux capabilities support" "$LINENO" 5 as_fn_error $? "sys/capability.h header is required for Linux capabilities support.
Either install libcap or use --disable-linux-caps." "$LINENO" 5
fi fi
done done
@@ -19886,7 +19887,8 @@ if test "$ac_res" != no; then :
test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
LIBCAP_LIBS="$ac_cv_search_cap_set_proc" LIBCAP_LIBS="$ac_cv_search_cap_set_proc"
else else
as_fn_error $? "libcap is required for Linux capabilities support" "$LINENO" 5 as_fn_error $? "libcap is required for Linux capabilities support.
Either install libcap or use --disable-linux-caps." "$LINENO" 5
fi fi
LIBS="$save_LIBS" LIBS="$save_LIBS"

View File

@@ -3585,11 +3585,13 @@ AS_IF([test "$enable_linux_caps" = "yes"],
[AC_MSG_RESULT([yes]) [AC_MSG_RESULT([yes])
AC_CHECK_HEADERS([sys/capability.h], AC_CHECK_HEADERS([sys/capability.h],
[], [],
[AC_MSG_ERROR([sys/capability.h header is required for Linux capabilities support])]) [AC_MSG_ERROR([sys/capability.h header is required for Linux capabilities support.
Either install libcap or use --disable-linux-caps.])])
save_LIBS="$LIBS" save_LIBS="$LIBS"
AC_SEARCH_LIBS([cap_set_proc], [cap], AC_SEARCH_LIBS([cap_set_proc], [cap],
[LIBCAP_LIBS="$ac_cv_search_cap_set_proc"], [LIBCAP_LIBS="$ac_cv_search_cap_set_proc"],
[AC_MSG_ERROR([libcap is required for Linux capabilities support])]) [AC_MSG_ERROR([libcap is required for Linux capabilities support.
Either install libcap or use --disable-linux-caps.])])
LIBS="$save_LIBS"], LIBS="$save_LIBS"],
[AC_MSG_RESULT([no])]) [AC_MSG_RESULT([no])])
AC_SUBST([LIBCAP_LIBS]) AC_SUBST([LIBCAP_LIBS])

View File

@@ -119,6 +119,17 @@
setting might change to <command>strict</command> in the future. setting might change to <command>strict</command> in the future.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
When built on Linux, BIND now requires the <command>libcap</command>
library to set process privileges. The adds a new compile-time
dependency, which can be met on most Linux platforms by installing the
<command>libcap-dev</command> or <command>libcap-devel</command>
package. BIND can also be built without capability support by using
<command>configure --disable-linux-caps</command>, at the cost of some
loss of security.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>