additional autoconf check for ambient raise securebit to support kernels prior 4.3

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2018-08-02 18:00:55 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2018-08-02 18:00:55 +0200
commit: 25f613480aeb1421d8461c4abd796595b4d4984b (patch)
tree: 92be2eac959b984861336497eb7f5d77916a032f /src
parent: 7557d150d3848fb38623983b4df48574384cb208 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/jail.c b/src/jail.c
index b307706..1b35cc7 100644
--- a/src/jail.c
+++ b/src/jail.c
@@ -42,7 +42,9 @@
 #include <pty.h>
 #include <utmp.h>
 #include <limits.h>
+#ifdef HAVE_SECUREBITS_AMBIENT
 #include <linux/securebits.h>
+#endif
 #include <sys/signalfd.h>
 #include <sys/wait.h>
 #include <sys/prctl.h>
@@ -310,10 +312,12 @@ static int jail_childfn(prisoner_process *ctx)
     set_procname("[potd] jail-client");
     if (prctl(PR_SET_PDEATHSIG, SIGTERM) != 0)
         FATAL("%s", "Jail child setting deathsig");
+#ifdef HAVE_SECUREBITS_AMBIENT
     if (prctl(PR_SET_SECUREBITS,
               SECBIT_NOROOT | SECBIT_NOROOT_LOCKED |
               SECBIT_NO_CAP_AMBIENT_RAISE | SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED))
         FATAL("%s", "Jail child setting securebits");
+#endif
     if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
         FATAL("%s", "Jail child setting no new privs");
author	Toni Uhlig <matzeton@googlemail.com>	2018-08-02 18:00:55 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2018-08-02 18:00:55 +0200
commit	25f613480aeb1421d8461c4abd796595b4d4984b (patch)
tree	92be2eac959b984861336497eb7f5d77916a032f /src
parent	7557d150d3848fb38623983b4df48574384cb208 (diff)