Commit 5bc0e410 authored by Evan Hunt's avatar Evan Hunt

Merge branch '321-improve-documentation-on-libcap-change' into 'master'

Improve documentation on libcap change in 9.13+

See merge request isc-projects/bind9!461
parents cebcd918 48bbef71
Pipeline #2771 passed with stages
in 8 minutes and 10 seconds
4986. [func] Linux capabilities now require libcap library.
4986. [func] When built on Linux, BIND now requires the libcap library
to set process privileges, unless capability support is
explicitly overridden with "configure --disable-linux-caps".
[GL #321]
4985. [func] Add a new slave zone option, "mirror", to enable
......
......@@ -19825,7 +19825,7 @@ if test "x$ac_cv_header_sys_capability_h" = xyes; then :
_ACEOF
else
as_fn_error $? "sys/capability.h header is required for Linux capabilities support" "$LINENO" 5
as_fn_error $? "sys/capability.h header is required for Linux capabilities support. Either install libcap or use --disable-linux-caps." "$LINENO" 5
fi
done
......@@ -19886,7 +19886,7 @@ if test "$ac_res" != no; then :
test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
LIBCAP_LIBS="$ac_cv_search_cap_set_proc"
else
as_fn_error $? "libcap is required for Linux capabilities support" "$LINENO" 5
as_fn_error $? "libcap is required for Linux capabilities support. Either install libcap or use --disable-linux-caps." "$LINENO" 5
fi
LIBS="$save_LIBS"
......
......@@ -3585,11 +3585,13 @@ AS_IF([test "$enable_linux_caps" = "yes"],
[AC_MSG_RESULT([yes])
AC_CHECK_HEADERS([sys/capability.h],
[],
[AC_MSG_ERROR([sys/capability.h header is required for Linux capabilities support])])
[AC_MSG_ERROR(m4_normalize([sys/capability.h header is required for Linux capabilities support.
Either install libcap or use --disable-linux-caps.]))])
save_LIBS="$LIBS"
AC_SEARCH_LIBS([cap_set_proc], [cap],
[LIBCAP_LIBS="$ac_cv_search_cap_set_proc"],
[AC_MSG_ERROR([libcap is required for Linux capabilities support])])
[AC_MSG_ERROR(m4_normalize([libcap is required for Linux capabilities support.
Either install libcap or use --disable-linux-caps.]))])
LIBS="$save_LIBS"],
[AC_MSG_RESULT([no])])
AC_SUBST([LIBCAP_LIBS])
......
......@@ -119,6 +119,17 @@
setting might change to <command>strict</command> in the future.
</para>
</listitem>
<listitem>
<para>
When built on Linux, BIND now requires the <command>libcap</command>
library to set process privileges. The adds a new compile-time
dependency, which can be met on most Linux platforms by installing the
<command>libcap-dev</command> or <command>libcap-devel</command>
package. BIND can also be built without capability support by using
<command>configure --disable-linux-caps</command>, at the cost of some
loss of security.
</para>
</listitem>
</itemizedlist>
</section>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment