From f4404effa45ce378a8a72f2fff9641c7d7a0cc6f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 2 Sep 2020 14:39:25 +0200
Subject: Add option to drop Linux capabilities

Conflicts with setuid support, but that is commonly not enabled.
---
 configure.ac | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index 227f6b14..1feeb0fc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -307,6 +307,13 @@ if test "x$enable_setuid" = xyes; then
    AC_DEFINE(HAVE_SETUID_ENABLED, 1, [Define if setuid support should be enabled.])
 fi
 
+AC_ARG_WITH(capabilities, [AS_HELP_STRING([--with-capabilities], [Enable option to drop Linux capabilities via libcap])],, with_capabilities="no")
+if test "x$with_capabilities" = xyes
+then
+  AC_CHECK_LIB([cap], [cap_init], [], [missing_libraries="$missing_libraries libcap"])
+  AC_CHECK_HEADERS([sys/capability.h], [:], [missing_headers="$missing_headers $ac_header"])
+fi
+
 AC_ARG_ENABLE(delayacct, [AS_HELP_STRING([--enable-delayacct], [enable Linux delay accounting])],, enable_delayacct="no")
 if test "x$enable_delayacct" = xyes; then
    m4_ifdef([PKG_PROG_PKG_CONFIG], [
@@ -408,6 +415,7 @@ AC_MSG_RESULT([
   (Linux) affinity:          $enable_linux_affinity
   (Linux) delay accounting:  $enable_delayacct
   (Linux) sensors:           $with_sensors
+  (Linux) capabilities:      $with_capabilities
   unicode:                   $enable_unicode
   hwloc:                     $enable_hwloc
   setuid:                    $enable_setuid
-- 
cgit v1.2.3