Update to FreeBSD head 2018-11-15

Git mirror commit a18b0830c4be01b39489a891b63d6023ada6358a.

Update #3472.

2 files changed, 17 insertions, 13 deletions

diff --git a/freebsd/sbin/dhclient/bpf.c b/freebsd/sbin/dhclient/bpf.c
index e1bfacdc..55a8586f 100644
--- a/freebsd/sbin/dhclient/bpf.c
+++ b/freebsd/sbin/dhclient/bpf.c
@@ -59,6 +59,8 @@ __FBSDID("$FreeBSD$");
 #include <netinet/udp.h>
 #include <netinet/if_ether.h>
 
+#include <capsicum_helpers.h>
+
 #define BPF_FORMAT "/dev/bpf%d"
 
 /*
@@ -166,7 +168,7 @@ if_register_send(struct interface_info *info)
 		error("Cannot lock bpf");
 
 	cap_rights_init(&rights, CAP_WRITE);
-	if (cap_rights_limit(info->wfdesc, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(info->wfdesc, &rights) < 0)
 		error("Can't limit bpf descriptor: %m");
 
 	/*
@@ -272,9 +274,9 @@ if_register_receive(struct interface_info *info)
 		error("Cannot lock bpf");
 
 	cap_rights_init(&rights, CAP_IOCTL, CAP_EVENT, CAP_READ);
-	if (cap_rights_limit(info->rfdesc, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(info->rfdesc, &rights) < 0)
 		error("Can't limit bpf descriptor: %m");
-	if (cap_ioctls_limit(info->rfdesc, cmds, 2) < 0 && errno != ENOSYS)
+	if (caph_ioctls_limit(info->rfdesc, cmds, 2) < 0)
 		error("Can't limit ioctls for bpf descriptor: %m");
 }
 
diff --git a/freebsd/sbin/dhclient/dhclient.c b/freebsd/sbin/dhclient/dhclient.c
index d155d454..2aedd2f7 100644
--- a/freebsd/sbin/dhclient/dhclient.c
+++ b/freebsd/sbin/dhclient/dhclient.c
@@ -514,7 +514,7 @@ main(int argc, char *argv[])
 	close(pipe_fd[0]);
 	privfd = pipe_fd[1];
 	cap_rights_init(&rights, CAP_READ, CAP_WRITE);
-	if (cap_rights_limit(privfd, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(privfd, &rights) < 0)
 		error("can't limit private descriptor: %m");
 
 	if ((fd = open(path_dhclient_db, O_RDONLY|O_EXLOCK|O_CREAT, 0)) == -1)
@@ -528,7 +528,7 @@ main(int argc, char *argv[])
 	if (shutdown(routefd, SHUT_WR) < 0)
 		error("can't shutdown route socket: %m");
 	cap_rights_init(&rights, CAP_EVENT, CAP_READ);
-	if (cap_rights_limit(routefd, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(routefd, &rights) < 0)
 		error("can't limit route socket: %m");
 
 	endpwent();
@@ -1930,12 +1930,10 @@ rewrite_client_leases(void)
 			error("can't create %s: %m", path_dhclient_db);
 		cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_FSYNC,
 		    CAP_FTRUNCATE, CAP_SEEK, CAP_WRITE);
-		if (cap_rights_limit(fileno(leaseFile), &rights) < 0 &&
-		    errno != ENOSYS) {
+		if (caph_rights_limit(fileno(leaseFile), &rights) < 0) {
 			error("can't limit lease descriptor: %m");
 		}
-		if (cap_fcntls_limit(fileno(leaseFile), CAP_FCNTL_GETFL) < 0 &&
-		    errno != ENOSYS) {
+		if (caph_fcntls_limit(fileno(leaseFile), CAP_FCNTL_GETFL) < 0) {
 			error("can't limit lease descriptor fcntls: %m");
 		}
 	} else {
@@ -2462,20 +2460,24 @@ go_daemon(void)
 
 	cap_rights_init(&rights);
 
-	if (pidfile != NULL)
+	if (pidfile != NULL) {
 		pidfile_write(pidfile);
 
+		if (caph_rights_limit(pidfile_fileno(pidfile), &rights) < 0)
+			error("can't limit pidfile descriptor: %m");
+	}
+
 	if (nullfd != -1) {
 		close(nullfd);
 		nullfd = -1;
 	}
 
-	if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(STDIN_FILENO, &rights) < 0)
 		error("can't limit stdin: %m");
 	cap_rights_init(&rights, CAP_WRITE);
-	if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(STDOUT_FILENO, &rights) < 0)
 		error("can't limit stdout: %m");
-	if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(STDERR_FILENO, &rights) < 0)
 		error("can't limit stderr: %m");
 }