From 79e5e89785e485b4d2c4fceff8c96bd2987d214f Mon Sep 17 00:00:00 2001
From: Ryan Lortie <desrt@desrt.ca>
Date: Tue, 10 Dec 2013 16:47:53 -0500
Subject: [PATCH] Add support for FreeBSD <sys/capability.h>

cap_init() and friends are Linux-specific, so only use them if we're on
Linux.

Add support for FreeBSD capabilities if we find <sys/capability.h> to be
available there.

Add an #else (not Linux or FreeBSD) case with an #error requesting
contributions for other platforms.

This patch keeps the cap_init check in configure.ac but removes the
error if it fails.  This will ensure we link to -lcap if needed, but
won't fail for the case that capabilities are part of the core system
(as on FreeBSD).

We do however, modify the header check to ensure we fail if there is no
<sys/capability.h> at all, forcing --without-caps to be explicitly
specified to make the failure go away.

https://bugs.freedesktop.org/show_bug.cgi?id=72580
---
 configure.ac      | 11 +++--------
 src/daemon/caps.c |  6 ++++++
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/configure.ac b/configure.ac
index 72e7695..b772160 100644
--- a/configure.ac
+++ b/configure.ac
@@ -595,17 +595,12 @@ AS_IF([test "x$HAVE_X11" = "x1"], AC_DEFINE([HAVE_X11], 1, [Have X11?]))
 CAP_LIBS=''
 
 AC_ARG_WITH([caps],
-    AS_HELP_STRING([--without-caps],[Omit support for POSIX capabilities.]))
+    AS_HELP_STRING([--without-caps],[Omit support for dropping capabilities.]))
 
 if test "x${with_caps}" != "xno"; then
-    AC_SEARCH_LIBS([cap_init], [cap], [], [
-                    if test "x${with_caps}" = "xyes" ; then
-                        AC_MSG_ERROR([*** POSIX caps libraries not found])
-                    fi])
+    AC_SEARCH_LIBS([cap_init], [cap], [], [])
     AC_CHECK_HEADERS([sys/capability.h], [], [
-                    if test "x${with_caps}" = "xyes" ; then
-                        AC_MSG_ERROR([*** POSIX caps headers not found])
-                    fi])
+      AC_MSG_ERROR([*** sys/capability.h not found.  Use --without-caps to disable capabilities support.])])
 fi
 
 #### Valgrind (optional) ####
diff --git a/src/daemon/caps.c b/src/daemon/caps.c
index 2251cb3..68b79ce 100644
--- a/src/daemon/caps.c
+++ b/src/daemon/caps.c
@@ -80,12 +80,18 @@ void pa_drop_root(void) {
 
 void pa_drop_caps(void) {
 #ifdef HAVE_SYS_CAPABILITY_H
+#ifdef __linux
     cap_t caps;
     pa_assert_se(caps = cap_init());
     pa_assert_se(cap_clear(caps) == 0);
     pa_assert_se(cap_set_proc(caps) == 0);
     pa_assert_se(cap_free(caps) == 0);
+#elif __FreeBSD__
+    pa_assert_se (cap_enter () == 0);
 #else
+#error Don't know how to do capabilities on your system.  Please send a patch.
+#endif /* __linux */
+#else /* HAVE_SYS_CAPABILITY_H */
     pa_log_warn("Normally all extra capabilities would be dropped now, but "
                 "that's impossible because this Pulseaudio was built without "
                 "libcap support.");
-- 
1.8.4.2