From bf3f87358d231190c67342d3b6958558c477a9c2 Mon Sep 17 00:00:00 2001
From: Daniel Bevenius <daniel.bevenius@gmail.com>
Date: Wed, 17 Mar 2021 17:23:17 +0100
Subject: [PATCH] squash! src: allow CAP_NET_BIND_SERVICE in SafeGetenv

Try using syscall instead of sys/capability.h
---
 src/node_credentials.cc | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/node_credentials.cc b/src/node_credentials.cc
index 8be27925844307..5f177590d3aaa2 100644
--- a/src/node_credentials.cc
+++ b/src/node_credentials.cc
@@ -10,7 +10,8 @@
 
 #if !defined(_MSC_VER)
 #include <unistd.h>  // setuid, getuid
-#include <sys/capability.h>
+#include <linux/capability.h>
+#include <sys/syscall.h>
 #endif
 
 namespace node {
@@ -44,7 +45,7 @@ bool HasCapability(int capability) {
   };
   struct __user_cap_data_struct cap_data;
 
-  if (capget(&cap_header_data, &cap_data) == -1) {
+  if (syscall(SYS_capget, &cap_header_data, &cap_data) == -1) {
     return false;
   }
 
@@ -58,8 +59,8 @@ bool HasCapability(int capability) {
 // then lookup will not be allowed.
 bool SafeGetenv(const char* key, std::string* text, Environment* env) {
 #if !defined(__CloudABI__) && !defined(_WIN32)
-  if (!HasCapability(CAP_NET_BIND_SERVICE) && per_process::linux_at_secure ||
-      getuid() != geteuid() || getgid() != getegid())
+  if (!HasCapability(CAP_NET_BIND_SERVICE) && (per_process::linux_at_secure ||
+      getuid() != geteuid() || getgid() != getegid()))
     goto fail;
 #endif