Fix for systems that don't have CAP_SYSLOG

CAP_SYSLOG was retroactively split from CAP_SYSADMIN (Linux
kernel commit ce6ada35bdf710d16582cc4869c26722547e6f11). Existing
supported systems might not yet have this commit (eg RHEL 6.6) in
which case compilation fails.

1 files changed, 2 insertions, 0 deletions

diff --git a/src/firejail/caps.c b/src/firejail/caps.c
index 93049ebf0..1c4ac8d37 100644
--- a/src/firejail/caps.c
+++ b/src/firejail/caps.c
@@ -289,10 +289,12 @@ int caps_default_filter(void) {
         else if (arg_debug)
                 printf("Drop CAP_SYS_TTY_CONFIG\n");
 
+#ifdef CAP_SYSLOG
         if (prctl(PR_CAPBSET_DROP, CAP_SYSLOG, 0, 0, 0) && arg_debug)
                 fprintf(stderr, "Warning: cannot drop CAP_SYSLOG");
         else if (arg_debug)
                 printf("Drop CAP_SYSLOG\n");
+#endif
 
         if (prctl(PR_CAPBSET_DROP, CAP_MKNOD, 0, 0, 0) && arg_debug)
                 fprintf(stderr, "Warning: cannot drop CAP_MKNOD");