Improve documentation and error messages when libcap is not available

diff --git a/CHANGES b/CHANGES
index 8e40250b079dbe684e4de042ed2e12cbc07f92ef..63f92e5ea9ad1f247cd7efb9678d49349491212e 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,6 @@
-4986.  [func]          Linux capabilities now require libcap library.
+4986.  [func]          When built on Linux, BIND now requires the libcap library
+                       to set process privileges, unless capability support is
+                       explicitly overridden with "configure --disable-linux-caps".
                        [GL #321]
 
 4985.  [func]          Add a new slave zone option, "mirror", to enable

diff --git a/configure b/configure
index 516c59017bce26f3b3ec1122ea7859ec1c3db7a6..f5c42c90dcb814502e703db400749e0d277d57c2 100755 (executable)
--- a/configure
+++ b/configure
@@ -19825,7 +19825,8 @@ if test "x$ac_cv_header_sys_capability_h" = xyes; then :
 _ACEOF
 
 else
-  as_fn_error $? "sys/capability.h header is required for Linux capabilities support" "$LINENO" 5
+  as_fn_error $? "sys/capability.h header is required for Linux capabilities support.
+Either install libcap or use --disable-linux-caps." "$LINENO" 5
 fi
 
 done
@@ -19886,7 +19887,8 @@ if test "$ac_res" != no; then :
   test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
   LIBCAP_LIBS="$ac_cv_search_cap_set_proc"
 else
-  as_fn_error $? "libcap is required for Linux capabilities support" "$LINENO" 5
+  as_fn_error $? "libcap is required for Linux capabilities support.
+Either install libcap or use --disable-linux-caps." "$LINENO" 5
 fi
 
        LIBS="$save_LIBS"

diff --git a/configure.in b/configure.in
index 60168f5f48fb1e803a7d4fc33dcaae9c5339f35b..464febe0cea99b638dc5d3276e7002fa6b898164 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -3585,11 +3585,13 @@ AS_IF([test "$enable_linux_caps" = "yes"],
       [AC_MSG_RESULT([yes])
        AC_CHECK_HEADERS([sys/capability.h],
                        [],
-                       [AC_MSG_ERROR([sys/capability.h header is required for Linux capabilities support])])
+                       [AC_MSG_ERROR([sys/capability.h header is required for Linux capabilities support.
+Either install libcap or use --disable-linux-caps.])])
        save_LIBS="$LIBS"
        AC_SEARCH_LIBS([cap_set_proc], [cap],
                      [LIBCAP_LIBS="$ac_cv_search_cap_set_proc"],
-                     [AC_MSG_ERROR([libcap is required for Linux capabilities support])])
+                     [AC_MSG_ERROR([libcap is required for Linux capabilities support.
+Either install libcap or use --disable-linux-caps.])])
        LIBS="$save_LIBS"],
       [AC_MSG_RESULT([no])])
 AC_SUBST([LIBCAP_LIBS])

diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index bf7406144d47c4bcd2f344f14dab75df00729aae..336d51ca036e7df81cfcc9ce690267440915114d 100644 (file)
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -119,6 +119,17 @@
          setting might change to <command>strict</command> in the future.
        </para>
       </listitem>
+      <listitem>
+       <para>
+         When built on Linux, BIND now requires the <command>libcap</command>
+         library to set process privileges.  The adds a new compile-time
+         dependency, which can be met on most Linux platforms by installing the
+         <command>libcap-dev</command> or <command>libcap-devel</command>
+         package. BIND can also be built without capability support by using
+         <command>configure --disable-linux-caps</command>, at the cost of some
+         loss of security.
+       </para>
+      </listitem>
     </itemizedlist>
   </section>