<html> <head> <base href="https://bugs.freedesktop.org/" /> </head> <body><table border="1" cellspacing="0" cellpadding="8"> <tr> <th>Priority</th> <td>medium </td> </tr> <tr> <th>Bug ID</th> <td><a class="bz_bug_link bz_status_NEW " title="NEW --- - pulseaudio's use of sys/capability.h is non-POSIX" href="https://bugs.freedesktop.org/show_bug.cgi?id=72580">72580</a> </td> </tr> <tr> <th>CC</th> <td>lennart@poettering.net </td> </tr> <tr> <th>Assignee</th> <td>pulseaudio-bugs@lists.freedesktop.org </td> </tr> <tr> <th>Summary</th> <td>pulseaudio's use of sys/capability.h is non-POSIX </td> </tr> <tr> <th>QA Contact</th> <td>pulseaudio-bugs@lists.freedesktop.org </td> </tr> <tr> <th>Severity</th> <td>normal </td> </tr> <tr> <th>Classification</th> <td>Unclassified </td> </tr> <tr> <th>OS</th> <td>All </td> </tr> <tr> <th>Reporter</th> <td>desrt@desrt.ca </td> </tr> <tr> <th>Hardware</th> <td>Other </td> </tr> <tr> <th>Status</th> <td>NEW </td> </tr> <tr> <th>Version</th> <td>unspecified </td> </tr> <tr> <th>Component</th> <td>daemon </td> </tr> <tr> <th>Product</th> <td>PulseAudio </td> </tr></table> <p> <div> <pre>The configure script for pulseaudio has this: CAP_LIBS='' AC_ARG_WITH([caps], AS_HELP_STRING([--without-caps],[Omit support for POSIX capabilities.])) if test "x${with_caps}" != "xno"; then AC_SEARCH_LIBS([cap_init], [cap], [], [ if test "x${with_caps}" = "xyes" ; then AC_MSG_ERROR([*** POSIX caps libraries not found]) fi]) AC_CHECK_HEADERS([sys/capability.h], [], [ if test "x${with_caps}" = "xyes" ; then AC_MSG_ERROR([*** POSIX caps headers not found]) fi]) fi Then in the daemon's source: void pa_drop_caps(void) { #ifdef HAVE_SYS_CAPABILITY_H cap_t caps; pa_assert_se(caps = cap_init()); pa_assert_se(cap_clear(caps) == 0); pa_assert_se(cap_set_proc(caps) == 0); pa_assert_se(cap_free(caps) == 0); #else pa_log_warn("Normally all extra capabilities would be dropped now, but " "that's impossible because this Pulseaudio was built without " "libcap support."); #endif } POSIX does not specify what such a file should contain -- the attempt to standardise it seems to have failed, as evidenced by the comment at the top of Linux's version of this file: * defunct POSIX.1e Standard: 25.2 Capabilities Meanwhile, the combination of the two checks above produces the wrong behaviour. Imagine a system where sys/capability.h exists, but not cap_init (FreeBSD is such a system, for example). The first check fails due to missing cap_init, but because --with-caps=yes was not explicitly given, the failure is ignored. The second check, which is independent of the first check then passes, because we do find sys/capability.h. This results in HAVE_SYS_CAPABILITY_H being defined, and then the caps code gets enabled in pa_drop_caps(). Inside the #ifdef for HAVE_SYS_CAPABILITY_H there should probably also be an #ifdef __linux before using that Linux-style capabilities code. There could then ideally be another branch for BSD-style sys/capability.h.</pre> </div> </p> <hr> <span>You are receiving this mail because:</span> <ul> <li>You are the QA Contact for the bug.</li> <li>You are the assignee for the bug.</li> </ul> </body> </html>