sys_linux: report if CAP_SYS_TIME is not present

Instead of having adjtimex just fail with a permission issue
improve the error messaging by warning for the lack of
CAP_SYS_TIME on SYS_Linux_Initialise.

Message will look like (instead of only the latter message):
 CAP_SYS_TIME not present
 adjtimex(0x8001) failed : Operation not permitted

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>

diff --git a/sys_linux.c b/sys_linux.c
index f445727f78151bbaf67cce0009657558f9262a26..202e7c2061476a1c4ca05d09937a7e6cfc353910 100644 (file)
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -380,6 +380,18 @@ test_step_offset(void)
   return 1;
 }
 
+/* ================================================== */
+
+static void
+report_time_adjust_blockers(void)
+{
+#ifdef FEAT_PRIVDROP
+  if (CAP_IS_SUPPORTED(CAP_SYS_TIME) && cap_get_bound(CAP_SYS_TIME))
+    return;
+  LOG(LOGS_WARN, "CAP_SYS_TIME not present");
+#endif
+}
+
 /* ================================================== */
 /* Initialisation code for this module */
 
@@ -388,6 +400,8 @@ SYS_Linux_Initialise(void)
 {
   get_version_specific_details();
 
+  report_time_adjust_blockers();
+
   reset_adjtime_offset();
 
   if (have_setoffset && !test_step_offset()) {