From 02098ed830815e1856e92b7328e2630a62fcdad9 Mon Sep 17 00:00:00 2001
From: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Date: Wed, 14 Mar 2018 15:05:29 +0100
Subject: [PATCH] sys_linux: report if CAP_SYS_TIME is not present

Instead of having adjtimex just fail with a permission issue
improve the error messaging by warning for the lack of
CAP_SYS_TIME on SYS_Linux_Initialise.

Message will look like (instead of only the latter message):
 CAP_SYS_TIME not present
 adjtimex(0x8001) failed : Operation not permitted

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
---
 sys_linux.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/sys_linux.c b/sys_linux.c
index f445727..202e7c2 100644
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -380,6 +380,18 @@ test_step_offset(void)
   return 1;
 }
 
+/* ================================================== */
+
+static void
+report_time_adjust_blockers(void)
+{
+#ifdef FEAT_PRIVDROP
+  if (CAP_IS_SUPPORTED(CAP_SYS_TIME) && cap_get_bound(CAP_SYS_TIME))
+    return;
+  LOG(LOGS_WARN, "CAP_SYS_TIME not present");
+#endif
+}
+
 /* ================================================== */
 /* Initialisation code for this module */
 
@@ -388,6 +400,8 @@ SYS_Linux_Initialise(void)
 {
   get_version_specific_details();
 
+  report_time_adjust_blockers();
+
   reset_adjtime_offset();
 
   if (have_setoffset && !test_step_offset()) {