diff options
author | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2018-11-06 15:42:44 +0100 |
---|---|---|
committer | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2018-11-15 10:56:14 +0100 |
commit | e0b4edbdcc3558d3f38af8398f995c2e9f019f07 (patch) | |
tree | ea91a5fcfb9b6a66a8c0b74cf68ff8d450ce17e0 /freebsd/sbin/dhclient | |
parent | Disable or make static kern_* functions (diff) | |
download | rtems-libbsd-e0b4edbdcc3558d3f38af8398f995c2e9f019f07.tar.bz2 |
Update to FreeBSD head 2018-11-15
Git mirror commit a18b0830c4be01b39489a891b63d6023ada6358a.
Update #3472.
Diffstat (limited to 'freebsd/sbin/dhclient')
-rw-r--r-- | freebsd/sbin/dhclient/bpf.c | 8 | ||||
-rw-r--r-- | freebsd/sbin/dhclient/dhclient.c | 22 |
2 files changed, 17 insertions, 13 deletions
diff --git a/freebsd/sbin/dhclient/bpf.c b/freebsd/sbin/dhclient/bpf.c index e1bfacdc..55a8586f 100644 --- a/freebsd/sbin/dhclient/bpf.c +++ b/freebsd/sbin/dhclient/bpf.c @@ -59,6 +59,8 @@ __FBSDID("$FreeBSD$"); #include <netinet/udp.h> #include <netinet/if_ether.h> +#include <capsicum_helpers.h> + #define BPF_FORMAT "/dev/bpf%d" /* @@ -166,7 +168,7 @@ if_register_send(struct interface_info *info) error("Cannot lock bpf"); cap_rights_init(&rights, CAP_WRITE); - if (cap_rights_limit(info->wfdesc, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(info->wfdesc, &rights) < 0) error("Can't limit bpf descriptor: %m"); /* @@ -272,9 +274,9 @@ if_register_receive(struct interface_info *info) error("Cannot lock bpf"); cap_rights_init(&rights, CAP_IOCTL, CAP_EVENT, CAP_READ); - if (cap_rights_limit(info->rfdesc, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(info->rfdesc, &rights) < 0) error("Can't limit bpf descriptor: %m"); - if (cap_ioctls_limit(info->rfdesc, cmds, 2) < 0 && errno != ENOSYS) + if (caph_ioctls_limit(info->rfdesc, cmds, 2) < 0) error("Can't limit ioctls for bpf descriptor: %m"); } diff --git a/freebsd/sbin/dhclient/dhclient.c b/freebsd/sbin/dhclient/dhclient.c index d155d454..2aedd2f7 100644 --- a/freebsd/sbin/dhclient/dhclient.c +++ b/freebsd/sbin/dhclient/dhclient.c @@ -514,7 +514,7 @@ main(int argc, char *argv[]) close(pipe_fd[0]); privfd = pipe_fd[1]; cap_rights_init(&rights, CAP_READ, CAP_WRITE); - if (cap_rights_limit(privfd, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(privfd, &rights) < 0) error("can't limit private descriptor: %m"); if ((fd = open(path_dhclient_db, O_RDONLY|O_EXLOCK|O_CREAT, 0)) == -1) @@ -528,7 +528,7 @@ main(int argc, char *argv[]) if (shutdown(routefd, SHUT_WR) < 0) error("can't shutdown route socket: %m"); cap_rights_init(&rights, CAP_EVENT, CAP_READ); - if (cap_rights_limit(routefd, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(routefd, &rights) < 0) error("can't limit route socket: %m"); endpwent(); @@ -1930,12 +1930,10 @@ rewrite_client_leases(void) error("can't create %s: %m", path_dhclient_db); cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_FSYNC, CAP_FTRUNCATE, CAP_SEEK, CAP_WRITE); - if (cap_rights_limit(fileno(leaseFile), &rights) < 0 && - errno != ENOSYS) { + if (caph_rights_limit(fileno(leaseFile), &rights) < 0) { error("can't limit lease descriptor: %m"); } - if (cap_fcntls_limit(fileno(leaseFile), CAP_FCNTL_GETFL) < 0 && - errno != ENOSYS) { + if (caph_fcntls_limit(fileno(leaseFile), CAP_FCNTL_GETFL) < 0) { error("can't limit lease descriptor fcntls: %m"); } } else { @@ -2462,20 +2460,24 @@ go_daemon(void) cap_rights_init(&rights); - if (pidfile != NULL) + if (pidfile != NULL) { pidfile_write(pidfile); + if (caph_rights_limit(pidfile_fileno(pidfile), &rights) < 0) + error("can't limit pidfile descriptor: %m"); + } + if (nullfd != -1) { close(nullfd); nullfd = -1; } - if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(STDIN_FILENO, &rights) < 0) error("can't limit stdin: %m"); cap_rights_init(&rights, CAP_WRITE); - if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(STDOUT_FILENO, &rights) < 0) error("can't limit stdout: %m"); - if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(STDERR_FILENO, &rights) < 0) error("can't limit stderr: %m"); } |