From: Yu Watanabe Date: Fri, 28 Feb 2025 20:24:48 +0000 (+0900) Subject: basic/linux: import capability.h from kernel 6.14-rc4 X-Git-Tag: v258-rc1~1195^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa14f193983a7d5e368500b0c408993ded2571c0;p=thirdparty%2Fsystemd.git basic/linux: import capability.h from kernel 6.14-rc4 --- diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c index 11825832de0..8e18681be7b 100644 --- a/src/analyze/analyze-security.c +++ b/src/analyze/analyze-security.c @@ -20,7 +20,6 @@ #include "locale-util.h" #include "macro.h" #include "manager.h" -#include "missing_capability.h" #include "missing_sched.h" #include "mkdir.h" #include "nulstr-util.h" diff --git a/src/basic/capability-util.h b/src/basic/capability-util.h index e4104c5da5a..a076becdcd8 100644 --- a/src/basic/capability-util.h +++ b/src/basic/capability-util.h @@ -7,7 +7,6 @@ #include #include "macro.h" -#include "missing_capability.h" #include "pidref.h" /* Special marker used when storing a capabilities mask as "unset". This would need to be updated as soon as diff --git a/src/basic/generate-cap-list.sh b/src/basic/generate-cap-list.sh index 53abdd9a722..32053900375 100755 --- a/src/basic/generate-cap-list.sh +++ b/src/basic/generate-cap-list.sh @@ -3,6 +3,6 @@ set -eu set -o pipefail -${1:?} -dM -include linux/capability.h -include "${2:?}" -include "${3:?}" - + * + * Andrew G. Morgan + * Alexander Kjeldaas + * with help from Aleph1, Roland Buresund and Andrew Main. + * + * See here for the libcap library ("POSIX draft" compliance): + * + * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ + */ + +#ifndef _LINUX_CAPABILITY_H +#define _LINUX_CAPABILITY_H + +#include + +/* User-level do most of the mapping between kernel and user + capabilities based on the version tag given by the kernel. The + kernel might be somewhat backwards compatible, but don't bet on + it. */ + +/* Note, cap_t, is defined by POSIX (draft) to be an "opaque" pointer to + a set of three capability sets. The transposition of 3*the + following structure to such a composite is better handled in a user + library since the draft standard requires the use of malloc/free + etc.. */ + +#define _LINUX_CAPABILITY_VERSION_1 0x19980330 +#define _LINUX_CAPABILITY_U32S_1 1 + +#define _LINUX_CAPABILITY_VERSION_2 0x20071026 /* deprecated - use v3 */ +#define _LINUX_CAPABILITY_U32S_2 2 + +#define _LINUX_CAPABILITY_VERSION_3 0x20080522 +#define _LINUX_CAPABILITY_U32S_3 2 + +typedef struct __user_cap_header_struct { + __u32 version; + int pid; +} *cap_user_header_t; + +struct __user_cap_data_struct { + __u32 effective; + __u32 permitted; + __u32 inheritable; +}; +typedef struct __user_cap_data_struct *cap_user_data_t; + + +#define VFS_CAP_REVISION_MASK 0xFF000000 +#define VFS_CAP_REVISION_SHIFT 24 +#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK +#define VFS_CAP_FLAGS_EFFECTIVE 0x000001 + +#define VFS_CAP_REVISION_1 0x01000000 +#define VFS_CAP_U32_1 1 +#define XATTR_CAPS_SZ_1 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_1)) + +#define VFS_CAP_REVISION_2 0x02000000 +#define VFS_CAP_U32_2 2 +#define XATTR_CAPS_SZ_2 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_2)) + +#define VFS_CAP_REVISION_3 0x03000000 +#define VFS_CAP_U32_3 2 +#define XATTR_CAPS_SZ_3 (sizeof(__le32)*(2 + 2*VFS_CAP_U32_3)) + +#define XATTR_CAPS_SZ XATTR_CAPS_SZ_3 +#define VFS_CAP_U32 VFS_CAP_U32_3 +#define VFS_CAP_REVISION VFS_CAP_REVISION_3 + +struct vfs_cap_data { + __le32 magic_etc; /* Little endian */ + struct { + __le32 permitted; /* Little endian */ + __le32 inheritable; /* Little endian */ + } data[VFS_CAP_U32]; +}; + +/* + * same as vfs_cap_data but with a rootid at the end + */ +struct vfs_ns_cap_data { + __le32 magic_etc; + struct { + __le32 permitted; /* Little endian */ + __le32 inheritable; /* Little endian */ + } data[VFS_CAP_U32]; + __le32 rootid; +}; + + +/* + * Backwardly compatible definition for source code - trapped in a + * 32-bit world. If you find you need this, please consider using + * libcap to untrap yourself... + */ +#define _LINUX_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_1 +#define _LINUX_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_1 + + + +/** + ** POSIX-draft defined capabilities. + **/ + +/* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this + overrides the restriction of changing file ownership and group + ownership. */ + +#define CAP_CHOWN 0 + +/* Override all DAC access, including ACL execute access if + [_POSIX_ACL] is defined. Excluding DAC access covered by + CAP_LINUX_IMMUTABLE. */ + +#define CAP_DAC_OVERRIDE 1 + +/* Overrides all DAC restrictions regarding read and search on files + and directories, including ACL restrictions if [_POSIX_ACL] is + defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */ + +#define CAP_DAC_READ_SEARCH 2 + +/* Overrides all restrictions about allowed operations on files, where + file owner ID must be equal to the user ID, except where CAP_FSETID + is applicable. It doesn't override MAC and DAC restrictions. */ + +#define CAP_FOWNER 3 + +/* Overrides the following restrictions that the effective user ID + shall match the file owner ID when setting the S_ISUID and S_ISGID + bits on that file; that the effective group ID (or one of the + supplementary group IDs) shall match the file owner ID when setting + the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are + cleared on successful return from chown(2) (not implemented). */ + +#define CAP_FSETID 4 + +/* Overrides the restriction that the real or effective user ID of a + process sending a signal must match the real or effective user ID + of the process receiving the signal. */ + +#define CAP_KILL 5 + +/* Allows setgid(2) manipulation */ +/* Allows setgroups(2) */ +/* Allows forged gids on socket credentials passing. */ + +#define CAP_SETGID 6 + +/* Allows set*uid(2) manipulation (including fsuid). */ +/* Allows forged pids on socket credentials passing. */ + +#define CAP_SETUID 7 + + +/** + ** Linux-specific capabilities + **/ + +/* Without VFS support for capabilities: + * Transfer any capability in your permitted set to any pid, + * remove any capability in your permitted set from any pid + * With VFS support for capabilities (neither of above, but) + * Add any capability from current's capability bounding set + * to the current process' inheritable set + * Allow taking bits out of capability bounding set + * Allow modification of the securebits for a process + */ + +#define CAP_SETPCAP 8 + +/* Allow modification of S_IMMUTABLE and S_APPEND file attributes */ + +#define CAP_LINUX_IMMUTABLE 9 + +/* Allows binding to TCP/UDP sockets below 1024 */ +/* Allows binding to ATM VCIs below 32 */ + +#define CAP_NET_BIND_SERVICE 10 + +/* Allow broadcasting, listen to multicast */ + +#define CAP_NET_BROADCAST 11 + +/* Allow interface configuration */ +/* Allow administration of IP firewall, masquerading and accounting */ +/* Allow setting debug option on sockets */ +/* Allow modification of routing tables */ +/* Allow setting arbitrary process / process group ownership on + sockets */ +/* Allow binding to any address for transparent proxying (also via NET_RAW) */ +/* Allow setting TOS (type of service) */ +/* Allow setting promiscuous mode */ +/* Allow clearing driver statistics */ +/* Allow multicasting */ +/* Allow read/write of device-specific registers */ +/* Allow activation of ATM control sockets */ + +#define CAP_NET_ADMIN 12 + +/* Allow use of RAW sockets */ +/* Allow use of PACKET sockets */ +/* Allow binding to any address for transparent proxying (also via NET_ADMIN) */ + +#define CAP_NET_RAW 13 + +/* Allow locking of shared memory segments */ +/* Allow mlock and mlockall (which doesn't really have anything to do + with IPC) */ + +#define CAP_IPC_LOCK 14 + +/* Override IPC ownership checks */ + +#define CAP_IPC_OWNER 15 + +/* Insert and remove kernel modules - modify kernel without limit */ +#define CAP_SYS_MODULE 16 + +/* Allow ioperm/iopl access */ +/* Allow sending USB messages to any device via /dev/bus/usb */ + +#define CAP_SYS_RAWIO 17 + +/* Allow use of chroot() */ + +#define CAP_SYS_CHROOT 18 + +/* Allow ptrace() of any process */ + +#define CAP_SYS_PTRACE 19 + +/* Allow configuration of process accounting */ + +#define CAP_SYS_PACCT 20 + +/* Allow configuration of the secure attention key */ +/* Allow administration of the random device */ +/* Allow examination and configuration of disk quotas */ +/* Allow setting the domainname */ +/* Allow setting the hostname */ +/* Allow mount() and umount(), setting up new smb connection */ +/* Allow some autofs root ioctls */ +/* Allow nfsservctl */ +/* Allow VM86_REQUEST_IRQ */ +/* Allow to read/write pci config on alpha */ +/* Allow irix_prctl on mips (setstacksize) */ +/* Allow flushing all cache on m68k (sys_cacheflush) */ +/* Allow removing semaphores */ +/* Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores + and shared memory */ +/* Allow locking/unlocking of shared memory segment */ +/* Allow turning swap on/off */ +/* Allow forged pids on socket credentials passing */ +/* Allow setting readahead and flushing buffers on block devices */ +/* Allow setting geometry in floppy driver */ +/* Allow turning DMA on/off in xd driver */ +/* Allow administration of md devices (mostly the above, but some + extra ioctls) */ +/* Allow tuning the ide driver */ +/* Allow access to the nvram device */ +/* Allow administration of apm_bios, serial and bttv (TV) device */ +/* Allow manufacturer commands in isdn CAPI support driver */ +/* Allow reading non-standardized portions of pci configuration space */ +/* Allow DDI debug ioctl on sbpcd driver */ +/* Allow setting up serial ports */ +/* Allow sending raw qic-117 commands */ +/* Allow enabling/disabling tagged queuing on SCSI controllers and sending + arbitrary SCSI commands */ +/* Allow setting encryption key on loopback filesystem */ +/* Allow setting zone reclaim policy */ +/* Allow everything under CAP_BPF and CAP_PERFMON for backward compatibility */ + +#define CAP_SYS_ADMIN 21 + +/* Allow use of reboot() */ + +#define CAP_SYS_BOOT 22 + +/* Allow raising priority and setting priority on other (different + UID) processes */ +/* Allow use of FIFO and round-robin (realtime) scheduling on own + processes and setting the scheduling algorithm used by another + process. */ +/* Allow setting cpu affinity on other processes */ +/* Allow setting realtime ioprio class */ +/* Allow setting ioprio class on other processes */ + +#define CAP_SYS_NICE 23 + +/* Override resource limits. Set resource limits. */ +/* Override quota limits. */ +/* Override reserved space on ext2 filesystem */ +/* Modify data journaling mode on ext3 filesystem (uses journaling + resources) */ +/* NOTE: ext2 honors fsuid when checking for resource overrides, so + you can override using fsuid too */ +/* Override size restrictions on IPC message queues */ +/* Allow more than 64hz interrupts from the real-time clock */ +/* Override max number of consoles on console allocation */ +/* Override max number of keymaps */ +/* Control memory reclaim behavior */ + +#define CAP_SYS_RESOURCE 24 + +/* Allow manipulation of system clock */ +/* Allow irix_stime on mips */ +/* Allow setting the real-time clock */ + +#define CAP_SYS_TIME 25 + +/* Allow configuration of tty devices */ +/* Allow vhangup() of tty */ + +#define CAP_SYS_TTY_CONFIG 26 + +/* Allow the privileged aspects of mknod() */ + +#define CAP_MKNOD 27 + +/* Allow taking of leases on files */ + +#define CAP_LEASE 28 + +/* Allow writing the audit log via unicast netlink socket */ + +#define CAP_AUDIT_WRITE 29 + +/* Allow configuration of audit via unicast netlink socket */ + +#define CAP_AUDIT_CONTROL 30 + +/* Set or remove capabilities on files. + Map uid=0 into a child user namespace. */ + +#define CAP_SETFCAP 31 + +/* Override MAC access. + The base kernel enforces no MAC policy. + An LSM may enforce a MAC policy, and if it does and it chooses + to implement capability based overrides of that policy, this is + the capability it should use to do so. */ + +#define CAP_MAC_OVERRIDE 32 + +/* Allow MAC configuration or state changes. + The base kernel requires no MAC configuration. + An LSM may enforce a MAC policy, and if it does and it chooses + to implement capability based checks on modifications to that + policy or the data required to maintain it, this is the + capability it should use to do so. */ + +#define CAP_MAC_ADMIN 33 + +/* Allow configuring the kernel's syslog (printk behaviour) */ + +#define CAP_SYSLOG 34 + +/* Allow triggering something that will wake the system */ + +#define CAP_WAKE_ALARM 35 + +/* Allow preventing system suspends */ + +#define CAP_BLOCK_SUSPEND 36 + +/* Allow reading the audit log via multicast netlink socket */ + +#define CAP_AUDIT_READ 37 + +/* + * Allow system performance and observability privileged operations + * using perf_events, i915_perf and other kernel subsystems + */ + +#define CAP_PERFMON 38 + +/* + * CAP_BPF allows the following BPF operations: + * - Creating all types of BPF maps + * - Advanced verifier features + * - Indirect variable access + * - Bounded loops + * - BPF to BPF function calls + * - Scalar precision tracking + * - Larger complexity limits + * - Dead code elimination + * - And potentially other features + * - Loading BPF Type Format (BTF) data + * - Retrieve xlated and JITed code of BPF programs + * - Use bpf_spin_lock() helper + * + * CAP_PERFMON relaxes the verifier checks further: + * - BPF progs can use of pointer-to-integer conversions + * - speculation attack hardening measures are bypassed + * - bpf_probe_read to read arbitrary kernel memory is allowed + * - bpf_trace_printk to print kernel memory is allowed + * + * CAP_SYS_ADMIN is required to use bpf_probe_write_user. + * + * CAP_SYS_ADMIN is required to iterate system wide loaded + * programs, maps, links, BTFs and convert their IDs to file descriptors. + * + * CAP_PERFMON and CAP_BPF are required to load tracing programs. + * CAP_NET_ADMIN and CAP_BPF are required to load networking programs. + */ +#define CAP_BPF 39 + + +/* Allow checkpoint/restore related operations */ +/* Allow PID selection during clone3() */ +/* Allow writing to ns_last_pid */ + +#define CAP_CHECKPOINT_RESTORE 40 + +#define CAP_LAST_CAP CAP_CHECKPOINT_RESTORE + +#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) + +/* + * Bit location of each capability (used by user-space library and kernel) + */ + +#define CAP_TO_INDEX(x) ((x) >> 5) /* 1 << 5 == bits in __u32 */ +#define CAP_TO_MASK(x) (1U << ((x) & 31)) /* mask for indexed __u32 */ + + +#endif /* _LINUX_CAPABILITY_H */ diff --git a/src/basic/meson.build b/src/basic/meson.build index 147040a193e..2372cf4d8d5 100644 --- a/src/basic/meson.build +++ b/src/basic/meson.build @@ -114,7 +114,6 @@ basic_sources = files( ) missing_audit_h = files('missing_audit.h') -missing_capability_h = files('missing_capability.h') missing_socket_h = files('missing_socket.h') missing_syscall_def_h = files('missing_syscall_def.h') @@ -138,7 +137,7 @@ generate_cap_list = find_program('generate-cap-list.sh') cap_list_txt = custom_target( 'cap-list.txt', output : 'cap-list.txt', - command : [generate_cap_list, cpp, config_h, missing_capability_h], + command : [generate_cap_list, cpp, files('linux/capability.h')], capture : true) generate_errno_list = find_program('generate-errno-list.sh') diff --git a/src/basic/missing_capability.h b/src/basic/missing_capability.h deleted file mode 100644 index c1c63a68292..00000000000 --- a/src/basic/missing_capability.h +++ /dev/null @@ -1,48 +0,0 @@ -/* SPDX-License-Identifier: LGPL-2.1-or-later */ -#pragma once - -#include - -/* 3a101b8de0d39403b2c7e5c23fd0b005668acf48 (3.16) */ -#ifndef CAP_AUDIT_READ -# define CAP_AUDIT_READ 37 -#else -assert_cc(CAP_AUDIT_READ == 37); -#endif - -/* 980737282232b752bb14dab96d77665c15889c36 (5.8) */ -#ifndef CAP_PERFMON -# define CAP_PERFMON 38 -#else -assert_cc(CAP_PERFMON == 38); -#endif - -/* a17b53c4a4b55ec322c132b6670743612229ee9c (5.8) */ -#ifndef CAP_BPF -# define CAP_BPF 39 -#else -assert_cc(CAP_BPF == 39); -#endif - -/* 124ea650d3072b005457faed69909221c2905a1f (5.9) */ -#ifndef CAP_CHECKPOINT_RESTORE -# define CAP_CHECKPOINT_RESTORE 40 -#else -assert_cc(CAP_CHECKPOINT_RESTORE == 40); -#endif - -#define SYSTEMD_CAP_LAST_CAP CAP_CHECKPOINT_RESTORE - -#ifdef CAP_LAST_CAP -# if CAP_LAST_CAP > SYSTEMD_CAP_LAST_CAP -# if BUILD_MODE_DEVELOPER && defined(TEST_CAPABILITY_C) -# warning "The capability list here is outdated" -# endif -# else -# undef CAP_LAST_CAP -# endif -#endif - -#ifndef CAP_LAST_CAP -# define CAP_LAST_CAP SYSTEMD_CAP_LAST_CAP -#endif diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c index 6f242776a02..ec30f774e83 100644 --- a/src/hostname/hostnamed.c +++ b/src/hostname/hostnamed.c @@ -27,7 +27,6 @@ #include "id128-util.h" #include "json-util.h" #include "main-func.h" -#include "missing_capability.h" #include "nulstr-util.h" #include "os-util.h" #include "parse-util.h" diff --git a/src/import/importd.c b/src/import/importd.c index 21c6d969bca..34222c133e1 100644 --- a/src/import/importd.c +++ b/src/import/importd.c @@ -26,7 +26,6 @@ #include "json-util.h" #include "machine-pool.h" #include "main-func.h" -#include "missing_capability.h" #include "mkdir-label.h" #include "notify-recv.h" #include "os-util.h" diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/sd-bus/bus-objects.c index 7fdb112a5cb..f23774504a0 100644 --- a/src/libsystemd/sd-bus/bus-objects.c +++ b/src/libsystemd/sd-bus/bus-objects.c @@ -1,5 +1,7 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ +#include + #include "alloc-util.h" #include "bus-internal.h" #include "bus-introspect.h" @@ -8,7 +10,6 @@ #include "bus-signature.h" #include "bus-slot.h" #include "bus-type.h" -#include "missing_capability.h" #include "string-util.h" #include "strv.h" diff --git a/src/locale/localed.c b/src/locale/localed.c index 54ab210bcd0..e9177d3ea14 100644 --- a/src/locale/localed.c +++ b/src/locale/localed.c @@ -20,7 +20,6 @@ #include "localed-util.h" #include "macro.h" #include "main-func.h" -#include "missing_capability.h" #include "path-util.h" #include "selinux-util.h" #include "service-util.h" diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index 5d3e2e01b50..984e60b4b4f 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -39,7 +39,6 @@ #include "logind-session-dbus.h" #include "logind-user-dbus.h" #include "logind.h" -#include "missing_capability.h" #include "mkdir-label.h" #include "parse-util.h" #include "path-util.h" diff --git a/src/login/logind-polkit.c b/src/login/logind-polkit.c index 2f1523ae04b..5b6c256a085 100644 --- a/src/login/logind-polkit.c +++ b/src/login/logind-polkit.c @@ -2,7 +2,6 @@ #include "bus-polkit.h" #include "logind-polkit.h" -#include "missing_capability.h" #include "user-util.h" int check_polkit_chvt(sd_bus_message *message, Manager *manager, sd_bus_error *error) { diff --git a/src/login/logind-seat-dbus.c b/src/login/logind-seat-dbus.c index 380990c05d7..18acbf25b4f 100644 --- a/src/login/logind-seat-dbus.c +++ b/src/login/logind-seat-dbus.c @@ -14,7 +14,6 @@ #include "logind-seat.h" #include "logind-session-dbus.h" #include "logind.h" -#include "missing_capability.h" #include "strv.h" #include "user-util.h" diff --git a/src/login/logind-session-dbus.c b/src/login/logind-session-dbus.c index 2affc32b16d..126020acf16 100644 --- a/src/login/logind-session-dbus.c +++ b/src/login/logind-session-dbus.c @@ -19,7 +19,6 @@ #include "logind-session.h" #include "logind-user-dbus.h" #include "logind.h" -#include "missing_capability.h" #include "path-util.h" #include "signal-util.h" #include "strv.h" diff --git a/src/login/logind-user-dbus.c b/src/login/logind-user-dbus.c index a2119539329..847b611dc4d 100644 --- a/src/login/logind-user-dbus.c +++ b/src/login/logind-user-dbus.c @@ -12,7 +12,6 @@ #include "logind-user-dbus.h" #include "logind-user.h" #include "logind.h" -#include "missing_capability.h" #include "signal-util.h" #include "strv.h" #include "user-util.h" diff --git a/src/machine/image-dbus.c b/src/machine/image-dbus.c index 8f18e78c7dd..0e96127a055 100644 --- a/src/machine/image-dbus.c +++ b/src/machine/image-dbus.c @@ -16,7 +16,6 @@ #include "image-dbus.h" #include "io-util.h" #include "loop-util.h" -#include "missing_capability.h" #include "mount-util.h" #include "os-util.h" #include "process-util.h" diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c index 90b4c4baead..657b9e91936 100644 --- a/src/machine/machine-dbus.c +++ b/src/machine/machine-dbus.c @@ -22,7 +22,6 @@ #include "local-addresses.h" #include "machine-dbus.h" #include "machine.h" -#include "missing_capability.h" #include "mkdir.h" #include "mount-util.h" #include "mountpoint-util.h" diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c index fd6a25375aa..e1969d69d8d 100644 --- a/src/machine/machined-dbus.c +++ b/src/machine/machined-dbus.c @@ -25,7 +25,6 @@ #include "machine-dbus.h" #include "machine-pool.h" #include "machined.h" -#include "missing_capability.h" #include "os-util.h" #include "path-util.h" #include "process-util.h" diff --git a/src/portable/portabled-bus.c b/src/portable/portabled-bus.c index 0476796dbe4..1302e5d8937 100644 --- a/src/portable/portabled-bus.c +++ b/src/portable/portabled-bus.c @@ -8,7 +8,6 @@ #include "discover-image.h" #include "fd-util.h" #include "io-util.h" -#include "missing_capability.h" #include "portable.h" #include "portabled-bus.h" #include "portabled-image-bus.h" diff --git a/src/portable/portabled-image-bus.c b/src/portable/portabled-image-bus.c index ab0e44e038f..be0ea536235 100644 --- a/src/portable/portabled-image-bus.c +++ b/src/portable/portabled-image-bus.c @@ -16,7 +16,6 @@ #include "fd-util.h" #include "fileio.h" #include "io-util.h" -#include "missing_capability.h" #include "os-util.h" #include "portable.h" #include "portabled-bus.h" diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c index d5782e4687d..61975de1d2e 100644 --- a/src/resolve/resolved-bus.c +++ b/src/resolve/resolved-bus.c @@ -10,7 +10,6 @@ #include "dns-domain.h" #include "format-util.h" #include "memory-util.h" -#include "missing_capability.h" #include "path-util.h" #include "resolved-bus.h" #include "resolved-def.h" diff --git a/src/resolve/resolved-dnssd-bus.c b/src/resolve/resolved-dnssd-bus.c index 4857a92b01d..1843382d9b0 100644 --- a/src/resolve/resolved-dnssd-bus.c +++ b/src/resolve/resolved-dnssd-bus.c @@ -2,7 +2,6 @@ #include "alloc-util.h" #include "bus-polkit.h" -#include "missing_capability.h" #include "resolved-dnssd-bus.h" #include "resolved-dnssd.h" #include "resolved-link.h" diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c index 64d35d2b363..d14ff5e0e7e 100644 --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c @@ -32,7 +32,6 @@ #include "list.h" #include "main-func.h" #include "memory-util.h" -#include "missing_capability.h" #include "path-util.h" #include "selinux-util.h" #include "service-util.h"