Add support for FreeBSD <sys/capability.h>

cap_init() and friends are Linux-specific, so only use them if we're on
Linux.

Add support for FreeBSD capabilities if we find <sys/capability.h> to be
available there.

Add an #else (not Linux or FreeBSD) case with an #error requesting
contributions for other platforms.

This patch keeps the cap_init check in configure.ac but removes the
error if it fails.  This will ensure we link to -lcap if needed, but
won't fail for the case that capabilities are part of the core system
(as on FreeBSD).

We do however, modify the header check to ensure we fail if there is no
<sys/capability.h> at all and we are on a system where it could be
installed.  The logic here is that it is better to give the user the
chance to install it than it is to proceed silently with a disabled
security feature on a system where it could easily be supported.
--without-caps remains an option if the user wants to force it.

https://bugs.freedesktop.org/show_bug.cgi?id=72580

configure.ac

@@ -118,6 +118,10 @@ fi
 
 #### Determine host OS ####
 
+# if the host has the possibility of sys/capability.h for dropping privileges
+# used to determine if we should error out if it is not found
+host_has_caps=0
+
 os_is_linux=0
 os_is_win32=0
 os_is_darwin=0
@@ -126,8 +130,13 @@ AC_MSG_CHECKING([host operating system])
 case "$host_os" in
     linux*)
         AC_MSG_RESULT([linux])
+        host_has_caps=1
         os_is_linux=1
     ;;
+    freebsd*)
+        AC_MSG_RESULT([freebsd])
+        host_has_caps=1
+    ;;
     darwin*)
         AC_MSG_RESULT([darwin])
         os_is_darwin=1
@@ -595,16 +604,15 @@ AS_IF([test "x$HAVE_X11" = "x1"], AC_DEFINE([HAVE_X11], 1, [Have X11?]))
 CAP_LIBS=''
 
 AC_ARG_WITH([caps],
-    AS_HELP_STRING([--without-caps],[Omit support for POSIX capabilities.]))
+    AS_HELP_STRING([--without-caps],[Omit support for dropping capabilities.]))
 
 if test "x${with_caps}" != "xno"; then
-    AC_SEARCH_LIBS([cap_init], [cap], [], [
+    AC_SEARCH_LIBS([cap_init], [cap], [], [])
-                    if test "x${with_caps}" = "xyes" ; then
+
-                        AC_MSG_ERROR([*** POSIX caps libraries not found])
+    # Only give an error on hosts that we know could support capabilities
-                    fi])
     AC_CHECK_HEADERS([sys/capability.h], [], [
-                    if test "x${with_caps}" = "xyes" ; then
+      if test "${host_has_caps}" = "1"; then
-                        AC_MSG_ERROR([*** POSIX caps headers not found])
+        AC_MSG_ERROR([*** sys/capability.h not found.  Use --without-caps to disable capabilities support.])
       fi])
 fi
 

src/daemon/caps.c

@@ -80,12 +80,18 @@ void pa_drop_root(void) {
 
 void pa_drop_caps(void) {
 #ifdef HAVE_SYS_CAPABILITY_H
+#ifdef __linux
     cap_t caps;
     pa_assert_se(caps = cap_init());
     pa_assert_se(cap_clear(caps) == 0);
     pa_assert_se(cap_set_proc(caps) == 0);
     pa_assert_se(cap_free(caps) == 0);
+#elif __FreeBSD__
+    pa_assert_se (cap_enter () == 0);
 #else
+#error Don't know how to do capabilities on your system.  Please send a patch.
+#endif /* __linux */
+#else /* HAVE_SYS_CAPABILITY_H */
     pa_log_warn("Normally all extra capabilities would be dropped now, but "
                 "that's impossible because this Pulseaudio was built without "
                 "libcap support.");