From eced72ba25a1aced3553ac4e8499c4c2befd2a91 Mon Sep 17 00:00:00 2001
From: Tiago Natel de Moura <t.nateldemoura@f5.com>
Date: Mon, 16 Dec 2019 17:12:09 +0000
Subject: [PATCH] Using the 64-bit Linux capability mode when available.

For backward compatibility, the Linux capabilities macros exposes v1 semantics
(32-bit) by default.  We probe the version at runtime (because of pre-compiled
binaries) but the kernel syscall API is conservative and it doesn't return a
64-bit capability version if the input version is v1.

This patch suppress the kernel > 5.0 dmesg log below:

  capability: warning: 'unitd' uses 32-bit capabilities (legacy support in use)
---
 src/nxt_capability.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/nxt_capability.c b/src/nxt_capability.c
index 805faff6..dfa7a834 100644
--- a/src/nxt_capability.c
+++ b/src/nxt_capability.c
@@ -10,6 +10,16 @@
 #include <linux/capability.h>
 #include <sys/syscall.h>
 
+
+#if (_LINUX_CAPABILITY_VERSION_3)
+#define NXT_CAPABILITY_VERSION  _LINUX_CAPABILITY_VERSION_3
+#elif (_LINUX_CAPABILITY_VERSION_2)
+#define NXT_CAPABILITY_VERSION  _LINUX_CAPABILITY_VERSION_2
+#else
+#define NXT_CAPABILITY_VERSION  _LINUX_CAPABILITY_VERSION
+#endif
+
+
 #define nxt_capget(hdrp, datap)                                               \
             syscall(SYS_capget, hdrp, datap)
 #define nxt_capset(hdrp, datap)                                               \
@@ -43,7 +53,7 @@ nxt_capability_linux_get_version()
 {
     struct __user_cap_header_struct hdr;
 
-    hdr.version = _LINUX_CAPABILITY_VERSION;
+    hdr.version = NXT_CAPABILITY_VERSION;
     hdr.pid     = nxt_pid;
 
     nxt_capget(&hdr, NULL);