Author: markj Date: Wed Dec 19 17:40:45 2018 New Revision: 342219 URL: https://svnweb.freebsd.org/changeset/base/342219
Log: MFC r341837, r342192: Use Capsicum helpers in ping(8). Modified: stable/12/sbin/ping/ping.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sbin/ping/ping.c ============================================================================== --- stable/12/sbin/ping/ping.c Wed Dec 19 16:45:37 2018 (r342218) +++ stable/12/sbin/ping/ping.c Wed Dec 19 17:40:45 2018 (r342219) @@ -85,6 +85,7 @@ __FBSDID("$FreeBSD$"); #include <netipsec/ipsec.h> #endif /*IPSEC*/ +#include <capsicum_helpers.h> #include <ctype.h> #include <err.h> #include <errno.h> @@ -258,7 +259,6 @@ main(int argc, char *const *argv) policy_in = policy_out = NULL; #endif cap_rights_t rights; - bool cansandbox; /* * Do the stuff that we need root priv's for *first*, and @@ -709,27 +709,20 @@ main(int argc, char *const *argv) ip->ip_dst = to->sin_addr; } - if (options & F_NUMERIC) - cansandbox = true; - else if (capdns != NULL) - cansandbox = CASPER_SUPPORT; - else - cansandbox = false; - /* * Here we enter capability mode. Further down access to global * namespaces (e.g filesystem) is restricted (see capsicum(4)). * We must connect(2) our socket before this point. */ - if (cansandbox && cap_enter() < 0 && errno != ENOSYS) + caph_cache_catpages(); + if (caph_enter_casper() < 0) err(1, "cap_enter"); cap_rights_init(&rights, CAP_RECV, CAP_EVENT, CAP_SETSOCKOPT); - if (cap_rights_limit(srecv, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(srecv, &rights) < 0) err(1, "cap_rights_limit srecv"); - cap_rights_init(&rights, CAP_SEND, CAP_SETSOCKOPT); - if (cap_rights_limit(ssend, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(ssend, &rights) < 0) err(1, "cap_rights_limit ssend"); /* record route option */ @@ -814,14 +807,14 @@ main(int argc, char *const *argv) sizeof(hold)); /* CAP_SETSOCKOPT removed */ cap_rights_init(&rights, CAP_RECV, CAP_EVENT); - if (cap_rights_limit(srecv, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(srecv, &rights) < 0) err(1, "cap_rights_limit srecv setsockopt"); if (uid == 0) (void)setsockopt(ssend, SOL_SOCKET, SO_SNDBUF, (char *)&hold, sizeof(hold)); /* CAP_SETSOCKOPT removed */ cap_rights_init(&rights, CAP_SEND); - if (cap_rights_limit(ssend, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(ssend, &rights) < 0) err(1, "cap_rights_limit ssend setsockopt"); if (to->sin_family == AF_INET) { _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"