Author: markj
Date: Wed Dec 19 17:40:45 2018
New Revision: 342219
URL: https://svnweb.freebsd.org/changeset/base/342219

Log:
  MFC r341837, r342192:
  Use Capsicum helpers in ping(8).

Modified:
  stable/12/sbin/ping/ping.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sbin/ping/ping.c
==============================================================================
--- stable/12/sbin/ping/ping.c  Wed Dec 19 16:45:37 2018        (r342218)
+++ stable/12/sbin/ping/ping.c  Wed Dec 19 17:40:45 2018        (r342219)
@@ -85,6 +85,7 @@ __FBSDID("$FreeBSD$");
 #include <netipsec/ipsec.h>
 #endif /*IPSEC*/
 
+#include <capsicum_helpers.h>
 #include <ctype.h>
 #include <err.h>
 #include <errno.h>
@@ -258,7 +259,6 @@ main(int argc, char *const *argv)
        policy_in = policy_out = NULL;
 #endif
        cap_rights_t rights;
-       bool cansandbox;
 
        /*
         * Do the stuff that we need root priv's for *first*, and
@@ -709,27 +709,20 @@ main(int argc, char *const *argv)
                ip->ip_dst = to->sin_addr;
         }
 
-       if (options & F_NUMERIC)
-               cansandbox = true;
-       else if (capdns != NULL)
-               cansandbox = CASPER_SUPPORT;
-       else
-               cansandbox = false;
-
        /*
         * Here we enter capability mode. Further down access to global
         * namespaces (e.g filesystem) is restricted (see capsicum(4)).
         * We must connect(2) our socket before this point.
         */
-       if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
+       caph_cache_catpages();
+       if (caph_enter_casper() < 0)
                err(1, "cap_enter");
 
        cap_rights_init(&rights, CAP_RECV, CAP_EVENT, CAP_SETSOCKOPT);
-       if (cap_rights_limit(srecv, &rights) < 0 && errno != ENOSYS)
+       if (caph_rights_limit(srecv, &rights) < 0)
                err(1, "cap_rights_limit srecv");
-
        cap_rights_init(&rights, CAP_SEND, CAP_SETSOCKOPT);
-       if (cap_rights_limit(ssend, &rights) < 0 && errno != ENOSYS)
+       if (caph_rights_limit(ssend, &rights) < 0)
                err(1, "cap_rights_limit ssend");
 
        /* record route option */
@@ -814,14 +807,14 @@ main(int argc, char *const *argv)
            sizeof(hold));
        /* CAP_SETSOCKOPT removed */
        cap_rights_init(&rights, CAP_RECV, CAP_EVENT);
-       if (cap_rights_limit(srecv, &rights) < 0 && errno != ENOSYS)
+       if (caph_rights_limit(srecv, &rights) < 0)
                err(1, "cap_rights_limit srecv setsockopt");
        if (uid == 0)
                (void)setsockopt(ssend, SOL_SOCKET, SO_SNDBUF, (char *)&hold,
                    sizeof(hold));
        /* CAP_SETSOCKOPT removed */
        cap_rights_init(&rights, CAP_SEND);
-       if (cap_rights_limit(ssend, &rights) < 0 && errno != ENOSYS)
+       if (caph_rights_limit(ssend, &rights) < 0)
                err(1, "cap_rights_limit ssend setsockopt");
 
        if (to->sin_family == AF_INET) {
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to