Index: head/usr.sbin/ctld/kernel.c =================================================================== --- head/usr.sbin/ctld/kernel.c +++ head/usr.sbin/ctld/kernel.c @@ -52,6 +52,7 @@ #include #include #include +#include #include #include #include @@ -1313,22 +1314,17 @@ void kernel_capsicate(void) { - int error; cap_rights_t rights; const unsigned long cmds[] = { CTL_ISCSI }; cap_rights_init(&rights, CAP_IOCTL); - error = cap_rights_limit(ctl_fd, &rights); - if (error != 0 && errno != ENOSYS) + if (caph_rights_limit(ctl_fd, &rights) < 0) log_err(1, "cap_rights_limit"); - error = cap_ioctls_limit(ctl_fd, cmds, nitems(cmds)); - - if (error != 0 && errno != ENOSYS) + if (caph_ioctls_limit(ctl_fd, cmds, nitems(cmds)) < 0) log_err(1, "cap_ioctls_limit"); - error = cap_enter(); - if (error != 0 && errno != ENOSYS) + if (caph_enter() < 0) log_err(1, "cap_enter"); if (cap_sandboxed()) Index: head/usr.sbin/iscsid/iscsid.c =================================================================== --- head/usr.sbin/iscsid/iscsid.c +++ head/usr.sbin/iscsid/iscsid.c @@ -42,6 +42,7 @@ #include #include #include +#include #include #include #include @@ -349,7 +350,6 @@ static void capsicate(struct connection *conn) { - int error; cap_rights_t rights; #ifdef ICL_KERNEL_PROXY const unsigned long cmds[] = { ISCSIDCONNECT, ISCSIDSEND, ISCSIDRECEIVE, @@ -360,17 +360,13 @@ #endif cap_rights_init(&rights, CAP_IOCTL); - error = cap_rights_limit(conn->conn_iscsi_fd, &rights); - if (error != 0 && errno != ENOSYS) + if (caph_rights_limit(conn->conn_iscsi_fd, &rights) < 0) log_err(1, "cap_rights_limit"); - error = cap_ioctls_limit(conn->conn_iscsi_fd, cmds, nitems(cmds)); - - if (error != 0 && errno != ENOSYS) + if (caph_ioctls_limit(conn->conn_iscsi_fd, cmds, nitems(cmds)) < 0) log_err(1, "cap_ioctls_limit"); - error = cap_enter(); - if (error != 0 && errno != ENOSYS) + if (caph_enter() != 0) log_err(1, "cap_enter"); if (cap_sandboxed())