basic/missing_capability: clean up our defines and check that our fallback is up...

There is little point in #defining and #undefining CAP_LAST_CAP multiple times.

The check is only done in developer mode. After all, it's not an error to
compile on a newer kernel, and we shouldn't even warn in that case.

diff --git a/src/basic/missing_capability.h b/src/basic/missing_capability.h
index b31e736390274c74e371a0b3b1f12a021f64b2bc..c52cd449339cad29df48a629ccc5eb824cc614ad 100644 (file)
--- a/src/basic/missing_capability.h
+++ b/src/basic/missing_capability.h
@@ -5,32 +5,35 @@
 
 /* 3a101b8de0d39403b2c7e5c23fd0b005668acf48 (3.16) */
 #ifndef CAP_AUDIT_READ
-#define CAP_AUDIT_READ 37
-
-#undef  CAP_LAST_CAP
-#define CAP_LAST_CAP   CAP_AUDIT_READ
+#  define CAP_AUDIT_READ 37
 #endif
 
 /* 980737282232b752bb14dab96d77665c15889c36 (5.8) */
 #ifndef CAP_PERFMON
-#define CAP_PERFMON 38
-
-#undef  CAP_LAST_CAP
-#define CAP_LAST_CAP   CAP_PERFMON
+#  define CAP_PERFMON 38
 #endif
 
 /* a17b53c4a4b55ec322c132b6670743612229ee9c (5.8) */
 #ifndef CAP_BPF
-#define CAP_BPF 39
-
-#undef  CAP_LAST_CAP
-#define CAP_LAST_CAP   CAP_BPF
+#  define CAP_BPF 39
 #endif
 
 /* 124ea650d3072b005457faed69909221c2905a1f (5.9) */
 #ifndef CAP_CHECKPOINT_RESTORE
-#define CAP_CHECKPOINT_RESTORE  40
+#  define CAP_CHECKPOINT_RESTORE 40
+#endif
+
+#define SYSTEMD_CAP_LAST_CAP CAP_CHECKPOINT_RESTORE
 
-#undef  CAP_LAST_CAP
-#define CAP_LAST_CAP   CAP_CHECKPOINT_RESTORE
+#ifdef CAP_LAST_CAP
+#  if CAP_LAST_CAP > SYSTEMD_CAP_LAST_CAP
+#    if DEVELOPER_MODE && defined(TEST_CAPABILITY_C)
+#      warning "The capability list here is outdated"
+#    endif
+#  else
+#    undef CAP_LAST_CAP
+#  endif
+#endif
+#ifndef CAP_LAST_CAP
+#  define CAP_LAST_CAP SYSTEMD_CAP_LAST_CAP
 #endif

diff --git a/src/test/test-capability.c b/src/test/test-capability.c
index 249323f8cf78e59652bd0687545fd0df75cce817..2d47c77f4669ece391fcd1f588d1673efb65c3b9 100644 (file)
--- a/src/test/test-capability.c
+++ b/src/test/test-capability.c
@@ -7,6 +7,8 @@
 #include <sys/wait.h>
 #include <unistd.h>
 
+#define TEST_CAPABILITY_C
+
 #include "alloc-util.h"
 #include "capability-util.h"
 #include "errno-util.h"