2007-03-23 Jakub Jelinek <jakub@redhat.com>

	* scripts/check-local-headers.sh: Filter out sys/capability.h.

2007-03-22  Jakub Jelinek  <jakub@redhat.com>

	* config.h.in (HAVE_LIBCAP): Add.
	* nscd/selinux.h: Include sys/capability.h rather than non-existent
	sys/capabilities.h.
	* nscd/selinux.c (preserve_capabilities): Use cap_free instead of
	free_caps.  Cast away const from 4th cap_set_flag argument.

5 files changed, 27 insertions, 7 deletions

diff --git a/ChangeLog b/ChangeLog
index 76dfe79667..226e03b048 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2007-03-23  Jakub Jelinek  <jakub@redhat.com>
+
+	* scripts/check-local-headers.sh: Filter out sys/capability.h.
+
+2007-03-22  Jakub Jelinek  <jakub@redhat.com>
+
+	* config.h.in (HAVE_LIBCAP): Add.
+	* nscd/selinux.h: Include sys/capability.h rather than non-existent
+	sys/capabilities.h.
+	* nscd/selinux.c (preserve_capabilities): Use cap_free instead of
+	free_caps.  Cast away const from 4th cap_set_flag argument.
+
 2007-03-16  Jakub Jelinek  <jakub@redhat.com>
 
 	* elf/dl-open.c (dl_open_worker): Declare l in 2 different
diff --git a/config.h.in b/config.h.in
index da973f6a5d..ba4dec8aff 100644
--- a/config.h.in
+++ b/config.h.in
@@ -19,6 +19,9 @@
 /* Defined if building with SELinux support & audit libs are detected. */
 #undef	HAVE_LIBAUDIT
 
+/* Defined if building with SELinux support & libcap libs are detected.  */
+#undef  HAVE_LIBCAP
+
 /* Define if using XCOFF. Set by --with-xcoff.  */
 #undef	HAVE_XCOFF
 
diff --git a/nscd/selinux.c b/nscd/selinux.c
index f123d68b93..483c8e29b6 100644
--- a/nscd/selinux.c
+++ b/nscd/selinux.c
@@ -182,18 +182,22 @@ preserve_capabilities (void)
   if (tmp_caps == NULL || new_caps == NULL)
     {
       if (tmp_caps != NULL)
-	free_caps (tmp_caps);
+	cap_free (tmp_caps);
 
       dbg_log (_("Failed to initialize drop of capabilities"));
       error (EXIT_FAILURE, 0, _("cap_init failed"));
     }
 
   /* There is no reason why these should not work.  */
-  cap_set_flag (new_caps, CAP_PERMITTED, nnew_cap_list, new_cap_list, CAP_SET);
-  cap_set_flag (new_caps, CAP_EFFECTIVE, nnew_cap_list, new_cap_list, CAP_SET);
-
-  cap_set_flag (tmp_caps, CAP_PERMITTED, ntmp_cap_list, tmp_cap_list, CAP_SET);
-  cap_set_flag (tmp_caps, CAP_EFFECTIVE, ntmp_cap_list, tmp_cap_list, CAP_SET);
+  cap_set_flag (new_caps, CAP_PERMITTED, nnew_cap_list,
+		(cap_value_t *) new_cap_list, CAP_SET);
+  cap_set_flag (new_caps, CAP_EFFECTIVE, nnew_cap_list,
+		(cap_value_t *) new_cap_list, CAP_SET);
+
+  cap_set_flag (tmp_caps, CAP_PERMITTED, ntmp_cap_list,
+		(cap_value_t *) tmp_cap_list, CAP_SET);
+  cap_set_flag (tmp_caps, CAP_EFFECTIVE, ntmp_cap_list,
+		(cap_value_t *) tmp_cap_list, CAP_SET);
 
   int res = cap_set_proc (tmp_caps);
 
diff --git a/nscd/selinux.h b/nscd/selinux.h
index 9ce0628486..1d940c35bc 100644
--- a/nscd/selinux.h
+++ b/nscd/selinux.h
@@ -23,7 +23,7 @@
 
 #include "nscd.h"
 #ifdef HAVE_LIBCAP
-# include <sys/capabilities.h>
+# include <sys/capability.h>
 #endif
 
 #ifdef HAVE_SELINUX
diff --git a/scripts/check-local-headers.sh b/scripts/check-local-headers.sh
index 88c85f7106..bf04febaf2 100755
--- a/scripts/check-local-headers.sh
+++ b/scripts/check-local-headers.sh
@@ -30,6 +30,7 @@ if fgrep "$includedir" */*.d |
 fgrep -v "$includedir/asm" |
 fgrep -v "$includedir/linux" |
 fgrep -v "$includedir/selinux" |
+fgrep -v "$includedir/sys/capability.h" |
 fgrep -v "$includedir/gd"; then
   # If we found a match something is wrong.
   exit 1