Index: head/usr.sbin/bhyve/bhyverun.c =================================================================== --- head/usr.sbin/bhyve/bhyverun.c +++ head/usr.sbin/bhyve/bhyverun.c @@ -54,7 +54,6 @@ #include #include #include -#include #include #include #include @@ -949,15 +948,13 @@ #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_IOCTL, CAP_MMAP_RW); - if (cap_rights_limit(vm_get_device_fd(ctx), &rights) == -1 && - errno != ENOSYS) + if (caph_rights_limit(vm_get_device_fd(ctx), &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); vm_get_ioctls(&ncmds); cmds = vm_get_ioctls(NULL); if (cmds == NULL) errx(EX_OSERR, "out of memory"); - if (cap_ioctls_limit(vm_get_device_fd(ctx), cmds, ncmds) == -1 && - errno != ENOSYS) + if (caph_ioctls_limit(vm_get_device_fd(ctx), cmds, ncmds) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); free((cap_ioctl_t *)cmds); #endif Index: head/usr.sbin/bhyve/block_if.c =================================================================== --- head/usr.sbin/bhyve/block_if.c +++ head/usr.sbin/bhyve/block_if.c @@ -42,6 +42,9 @@ #include #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -473,7 +476,7 @@ if (ro) cap_rights_clear(&rights, CAP_FSYNC, CAP_WRITE); - if (cap_rights_limit(fd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(fd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif @@ -504,7 +507,7 @@ psectsz = sbuf.st_blksize; #ifndef WITHOUT_CAPSICUM - if (cap_ioctls_limit(fd, cmds, nitems(cmds)) == -1 && errno != ENOSYS) + if (caph_ioctls_limit(fd, cmds, nitems(cmds)) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif Index: head/usr.sbin/bhyve/consport.c =================================================================== --- head/usr.sbin/bhyve/consport.c +++ head/usr.sbin/bhyve/consport.c @@ -37,6 +37,9 @@ #endif #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -138,11 +141,9 @@ #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_EVENT, CAP_IOCTL, CAP_READ, CAP_WRITE); - if (cap_rights_limit(STDIN_FILENO, &rights) == -1 && - errno != ENOSYS) + if (caph_rights_limit(STDIN_FILENO, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); - if (cap_ioctls_limit(STDIN_FILENO, cmds, nitems(cmds)) == -1 && - errno != ENOSYS) + if (caph_ioctls_limit(STDIN_FILENO, cmds, nitems(cmds)) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif ttyopen(); Index: head/usr.sbin/bhyve/dbgport.c =================================================================== --- head/usr.sbin/bhyve/dbgport.c +++ head/usr.sbin/bhyve/dbgport.c @@ -40,6 +40,9 @@ #include #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -167,7 +170,7 @@ #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_ACCEPT, CAP_READ, CAP_WRITE); - if (cap_rights_limit(listen_fd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(listen_fd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif Index: head/usr.sbin/bhyve/gdb.c =================================================================== --- head/usr.sbin/bhyve/gdb.c +++ head/usr.sbin/bhyve/gdb.c @@ -1252,9 +1252,9 @@ cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE, CAP_SETSOCKOPT, CAP_IOCTL); - if (cap_rights_limit(s, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(s, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); - if (cap_ioctls_limit(s, ioctls, nitems(ioctls)) == -1 && errno != ENOSYS) + if (caph_ioctls_limit(s, ioctls, nitems(ioctls)) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); } #endif Index: head/usr.sbin/bhyve/mevent.c =================================================================== --- head/usr.sbin/bhyve/mevent.c +++ head/usr.sbin/bhyve/mevent.c @@ -37,6 +37,9 @@ __FBSDID("$FreeBSD$"); #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -420,7 +423,7 @@ #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_KQUEUE); - if (cap_rights_limit(mfd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(mfd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif @@ -437,9 +440,9 @@ #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_WRITE); - if (cap_rights_limit(mevent_pipefd[0], &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(mevent_pipefd[0], &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); - if (cap_rights_limit(mevent_pipefd[1], &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(mevent_pipefd[1], &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif Index: head/usr.sbin/bhyve/pci_e82545.c =================================================================== --- head/usr.sbin/bhyve/pci_e82545.c +++ head/usr.sbin/bhyve/pci_e82545.c @@ -43,6 +43,9 @@ #include #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -2240,7 +2243,7 @@ #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_WRITE); - if (cap_rights_limit(sc->esc_tapfd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(sc->esc_tapfd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif Index: head/usr.sbin/bhyve/pci_passthru.c =================================================================== --- head/usr.sbin/bhyve/pci_passthru.c +++ head/usr.sbin/bhyve/pci_passthru.c @@ -45,6 +45,9 @@ #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -674,9 +677,9 @@ } #ifndef WITHOUT_CAPSICUM - if (cap_rights_limit(pcifd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(pcifd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); - if (cap_ioctls_limit(pcifd, pci_ioctls, nitems(pci_ioctls)) == -1 && errno != ENOSYS) + if (caph_ioctls_limit(pcifd, pci_ioctls, nitems(pci_ioctls)) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif @@ -689,9 +692,9 @@ } #ifndef WITHOUT_CAPSICUM - if (cap_rights_limit(iofd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(iofd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); - if (cap_ioctls_limit(iofd, io_ioctls, nitems(io_ioctls)) == -1 && errno != ENOSYS) + if (caph_ioctls_limit(iofd, io_ioctls, nitems(io_ioctls)) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif @@ -706,7 +709,7 @@ #ifndef WITHOUT_CAPSICUM cap_rights_clear(&rights, CAP_IOCTL); cap_rights_set(&rights, CAP_MMAP_RW); - if (cap_rights_limit(memfd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(memfd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif Index: head/usr.sbin/bhyve/pci_virtio_console.c =================================================================== --- head/usr.sbin/bhyve/pci_virtio_console.c +++ head/usr.sbin/bhyve/pci_virtio_console.c @@ -43,6 +43,9 @@ #include #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -328,7 +331,7 @@ #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE); - if (cap_rights_limit(s, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(s, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif Index: head/usr.sbin/bhyve/pci_virtio_net.c =================================================================== --- head/usr.sbin/bhyve/pci_virtio_net.c +++ head/usr.sbin/bhyve/pci_virtio_net.c @@ -46,6 +46,9 @@ #endif #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -779,7 +782,7 @@ #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_WRITE); - if (cap_rights_limit(sc->vsc_tapfd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(sc->vsc_tapfd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif Index: head/usr.sbin/bhyve/pci_virtio_rnd.c =================================================================== --- head/usr.sbin/bhyve/pci_virtio_rnd.c +++ head/usr.sbin/bhyve/pci_virtio_rnd.c @@ -43,6 +43,9 @@ #include #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -158,7 +161,7 @@ #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_READ); - if (cap_rights_limit(fd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(fd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif Index: head/usr.sbin/bhyve/rfb.c =================================================================== --- head/usr.sbin/bhyve/rfb.c +++ head/usr.sbin/bhyve/rfb.c @@ -45,6 +45,9 @@ #include #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -1024,7 +1027,7 @@ #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE); - if (cap_rights_limit(rc->sfd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(rc->sfd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif Index: head/usr.sbin/bhyve/uart_emul.c =================================================================== --- head/usr.sbin/bhyve/uart_emul.c +++ head/usr.sbin/bhyve/uart_emul.c @@ -684,14 +684,12 @@ #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_EVENT, CAP_IOCTL, CAP_READ, CAP_WRITE); - if (cap_rights_limit(sc->tty.fd, &rights) == -1 && - errno != ENOSYS) + if (caph_rights_limit(sc->tty.fd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); - if (cap_ioctls_limit(sc->tty.fd, cmds, nitems(cmds)) == -1 && - errno != ENOSYS) + if (caph_ioctls_limit(sc->tty.fd, cmds, nitems(cmds)) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); if (!uart_stdio) { - if (caph_limit_stdin() == -1 && errno != ENOSYS) + if (caph_limit_stdin() == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); }