Compile capsicum support only if HAVE_CAPSICUM is defined.

MFC after: 3 days
2011-06-27 09:14:25 +00:00 · 2011-06-27 09:14:25 +00:00 · 699b26bdce
commit 699b26bdce
parent 133d75ed18
1 changed files with 4 additions and 0 deletions
--- a/sbin/hastd/subr.c
+++ b/sbin/hastd/subr.c
@ -31,7 +31,9 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");

+#ifdef HAVE_CAPSICUM
 #include <sys/capability.h>
+#endif
 #include <sys/param.h>
 #include <sys/disk.h>
 #include <sys/ioctl.h>
@ -230,6 +232,7 @@ drop_privs(struct hast_resource *res)
 	 * ioctls and secondary uses ioctls to handle BIO_DELETE and BIO_FLUSH.
 	 * For now capsicum is only used to sandbox hastctl.
 	 */
+#ifdef HAVE_CAPSICUM
 	if (res == NULL) {
 		capsicum = (cap_enter() == 0);
 		if (!capsicum) {
@ -237,6 +240,7 @@ drop_privs(struct hast_resource *res)
 			    "Unable to sandbox using capsicum");
 		}
 	} else
+#endif
 		capsicum = false;

 	/*