check_capability: explicitly target recent linux implementations

[collectd.git] / src / iptables.c

diff --git a/src/iptables.c b/src/iptables.c
index a2ed4c7..c0854b3 100644 (file)
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -30,13 +30,13 @@
 #include "plugin.h"
 #include "configfile.h"
 
+#include <libiptc/libiptc.h>
+#include <libiptc/libip6tc.h>
+
 #ifdef HAVE_SYS_CAPABILITY_H
 # include <sys/capability.h>
 #endif
 
-#include <libiptc/libiptc.h>
-#include <libiptc/libip6tc.h>
-
 /*
  * iptc_handle_t was available before libiptc was officially available as a
  * shared library. Note, that when the shared lib was introduced, the API and
@@ -505,7 +505,7 @@ static int iptables_shutdown (void)
 
 static int iptables_init (void)
 {
-#ifdef HAVE_SYS_CAPABILITY_H
+#if defined(HAVE_SYS_CAPABILITY_H) && defined(CAP_NET_ADMIN)
     if (check_capability (CAP_NET_ADMIN) != 0)
     {
         if (getuid () == 0)