D18744.id.diff
No OneTemporary
Actions

Size

10 KB

Referenced Files

None

Subscribers

None

D18744.id.diff
View Options

	Index: head/usr.sbin/bhyve/bhyverun.c
	===================================================================
	--- head/usr.sbin/bhyve/bhyverun.c
	+++ head/usr.sbin/bhyve/bhyverun.c
	@@ -54,7 +54,6 @@
	#include <libgen.h>
	#include <unistd.h>
	#include <assert.h>
	-#include <errno.h>
	#include <pthread.h>
	#include <pthread_np.h>
	#include <sysexits.h>
	@@ -949,15 +948,13 @@

	#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_IOCTL, CAP_MMAP_RW);
	- if (cap_rights_limit(vm_get_device_fd(ctx), &rights) == -1 &&
	- errno != ENOSYS)
	+ if (caph_rights_limit(vm_get_device_fd(ctx), &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	vm_get_ioctls(&ncmds);
	cmds = vm_get_ioctls(NULL);
	if (cmds == NULL)
	errx(EX_OSERR, "out of memory");
	- if (cap_ioctls_limit(vm_get_device_fd(ctx), cmds, ncmds) == -1 &&
	- errno != ENOSYS)
	+ if (caph_ioctls_limit(vm_get_device_fd(ctx), cmds, ncmds) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	free((cap_ioctl_t *)cmds);
	#endif
	Index: head/usr.sbin/bhyve/block_if.c
	===================================================================
	--- head/usr.sbin/bhyve/block_if.c
	+++ head/usr.sbin/bhyve/block_if.c
	@@ -42,6 +42,9 @@
	#include <sys/disk.h>

	#include <assert.h>
	+#ifndef WITHOUT_CAPSICUM
	+#include <capsicum_helpers.h>
	+#endif
	#include <err.h>
	#include <fcntl.h>
	#include <stdio.h>
	@@ -473,7 +476,7 @@
	if (ro)
	cap_rights_clear(&rights, CAP_FSYNC, CAP_WRITE);

	- if (cap_rights_limit(fd, &rights) == -1 && errno != ENOSYS)
	+ if (caph_rights_limit(fd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	#endif

	@@ -504,7 +507,7 @@
	psectsz = sbuf.st_blksize;

	#ifndef WITHOUT_CAPSICUM
	- if (cap_ioctls_limit(fd, cmds, nitems(cmds)) == -1 && errno != ENOSYS)
	+ if (caph_ioctls_limit(fd, cmds, nitems(cmds)) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	#endif

	Index: head/usr.sbin/bhyve/consport.c
	===================================================================
	--- head/usr.sbin/bhyve/consport.c
	+++ head/usr.sbin/bhyve/consport.c
	@@ -37,6 +37,9 @@
	#endif
	#include <sys/select.h>

	+#ifndef WITHOUT_CAPSICUM
	+#include <capsicum_helpers.h>
	+#endif
	#include <err.h>
	#include <errno.h>
	#include <stdio.h>
	@@ -138,11 +141,9 @@
	#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_EVENT, CAP_IOCTL, CAP_READ,
	CAP_WRITE);
	- if (cap_rights_limit(STDIN_FILENO, &rights) == -1 &&
	- errno != ENOSYS)
	+ if (caph_rights_limit(STDIN_FILENO, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	- if (cap_ioctls_limit(STDIN_FILENO, cmds, nitems(cmds)) == -1 &&
	- errno != ENOSYS)
	+ if (caph_ioctls_limit(STDIN_FILENO, cmds, nitems(cmds)) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	#endif
	ttyopen();
	Index: head/usr.sbin/bhyve/dbgport.c
	===================================================================
	--- head/usr.sbin/bhyve/dbgport.c
	+++ head/usr.sbin/bhyve/dbgport.c
	@@ -40,6 +40,9 @@
	#include <netinet/tcp.h>
	#include <sys/uio.h>

	+#ifndef WITHOUT_CAPSICUM
	+#include <capsicum_helpers.h>
	+#endif
	#include <err.h>
	#include <stdio.h>
	#include <stdlib.h>
	@@ -167,7 +170,7 @@

	#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_ACCEPT, CAP_READ, CAP_WRITE);
	- if (cap_rights_limit(listen_fd, &rights) == -1 && errno != ENOSYS)
	+ if (caph_rights_limit(listen_fd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	#endif

	Index: head/usr.sbin/bhyve/gdb.c
	===================================================================
	--- head/usr.sbin/bhyve/gdb.c
	+++ head/usr.sbin/bhyve/gdb.c
	@@ -1252,9 +1252,9 @@

	cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE,
	CAP_SETSOCKOPT, CAP_IOCTL);
	- if (cap_rights_limit(s, &rights) == -1 && errno != ENOSYS)
	+ if (caph_rights_limit(s, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	- if (cap_ioctls_limit(s, ioctls, nitems(ioctls)) == -1 && errno != ENOSYS)
	+ if (caph_ioctls_limit(s, ioctls, nitems(ioctls)) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	}
	#endif
	Index: head/usr.sbin/bhyve/mevent.c
	===================================================================
	--- head/usr.sbin/bhyve/mevent.c
	+++ head/usr.sbin/bhyve/mevent.c
	@@ -37,6 +37,9 @@
	__FBSDID("$FreeBSD$");

	#include <assert.h>
	+#ifndef WITHOUT_CAPSICUM
	+#include <capsicum_helpers.h>
	+#endif
	#include <err.h>
	#include <errno.h>
	#include <stdlib.h>
	@@ -420,7 +423,7 @@

	#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_KQUEUE);
	- if (cap_rights_limit(mfd, &rights) == -1 && errno != ENOSYS)
	+ if (caph_rights_limit(mfd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	#endif

	@@ -437,9 +440,9 @@

	#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_WRITE);
	- if (cap_rights_limit(mevent_pipefd[0], &rights) == -1 && errno != ENOSYS)
	+ if (caph_rights_limit(mevent_pipefd[0], &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	- if (cap_rights_limit(mevent_pipefd[1], &rights) == -1 && errno != ENOSYS)
	+ if (caph_rights_limit(mevent_pipefd[1], &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	#endif

	Index: head/usr.sbin/bhyve/pci_e82545.c
	===================================================================
	--- head/usr.sbin/bhyve/pci_e82545.c
	+++ head/usr.sbin/bhyve/pci_e82545.c
	@@ -43,6 +43,9 @@
	#include <netinet/in.h>
	#include <netinet/tcp.h>

	+#ifndef WITHOUT_CAPSICUM
	+#include <capsicum_helpers.h>
	+#endif
	#include <err.h>
	#include <errno.h>
	#include <fcntl.h>
	@@ -2240,7 +2243,7 @@

	#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_WRITE);
	- if (cap_rights_limit(sc->esc_tapfd, &rights) == -1 && errno != ENOSYS)
	+ if (caph_rights_limit(sc->esc_tapfd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	#endif

	Index: head/usr.sbin/bhyve/pci_passthru.c
	===================================================================
	--- head/usr.sbin/bhyve/pci_passthru.c
	+++ head/usr.sbin/bhyve/pci_passthru.c
	@@ -45,6 +45,9 @@

	#include <machine/iodev.h>

	+#ifndef WITHOUT_CAPSICUM
	+#include <capsicum_helpers.h>
	+#endif
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	@@ -674,9 +677,9 @@
	}

	#ifndef WITHOUT_CAPSICUM
	- if (cap_rights_limit(pcifd, &rights) == -1 && errno != ENOSYS)
	+ if (caph_rights_limit(pcifd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	- if (cap_ioctls_limit(pcifd, pci_ioctls, nitems(pci_ioctls)) == -1 && errno != ENOSYS)
	+ if (caph_ioctls_limit(pcifd, pci_ioctls, nitems(pci_ioctls)) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	#endif

	@@ -689,9 +692,9 @@
	}

	#ifndef WITHOUT_CAPSICUM
	- if (cap_rights_limit(iofd, &rights) == -1 && errno != ENOSYS)
	+ if (caph_rights_limit(iofd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	- if (cap_ioctls_limit(iofd, io_ioctls, nitems(io_ioctls)) == -1 && errno != ENOSYS)
	+ if (caph_ioctls_limit(iofd, io_ioctls, nitems(io_ioctls)) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	#endif

	@@ -706,7 +709,7 @@
	#ifndef WITHOUT_CAPSICUM
	cap_rights_clear(&rights, CAP_IOCTL);
	cap_rights_set(&rights, CAP_MMAP_RW);
	- if (cap_rights_limit(memfd, &rights) == -1 && errno != ENOSYS)
	+ if (caph_rights_limit(memfd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	#endif

	Index: head/usr.sbin/bhyve/pci_virtio_console.c
	===================================================================
	--- head/usr.sbin/bhyve/pci_virtio_console.c
	+++ head/usr.sbin/bhyve/pci_virtio_console.c
	@@ -43,6 +43,9 @@
	#include <sys/socket.h>
	#include <sys/un.h>

	+#ifndef WITHOUT_CAPSICUM
	+#include <capsicum_helpers.h>
	+#endif
	#include <err.h>
	#include <errno.h>
	#include <fcntl.h>
	@@ -328,7 +331,7 @@

	#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE);
	- if (cap_rights_limit(s, &rights) == -1 && errno != ENOSYS)
	+ if (caph_rights_limit(s, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	#endif

	Index: head/usr.sbin/bhyve/pci_virtio_net.c
	===================================================================
	--- head/usr.sbin/bhyve/pci_virtio_net.c
	+++ head/usr.sbin/bhyve/pci_virtio_net.c
	@@ -46,6 +46,9 @@
	#endif
	#include <net/netmap_user.h>

	+#ifndef WITHOUT_CAPSICUM
	+#include <capsicum_helpers.h>
	+#endif
	#include <err.h>
	#include <errno.h>
	#include <fcntl.h>
	@@ -779,7 +782,7 @@

	#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_WRITE);
	- if (cap_rights_limit(sc->vsc_tapfd, &rights) == -1 && errno != ENOSYS)
	+ if (caph_rights_limit(sc->vsc_tapfd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	#endif

	Index: head/usr.sbin/bhyve/pci_virtio_rnd.c
	===================================================================
	--- head/usr.sbin/bhyve/pci_virtio_rnd.c
	+++ head/usr.sbin/bhyve/pci_virtio_rnd.c
	@@ -43,6 +43,9 @@
	#include <sys/linker_set.h>
	#include <sys/uio.h>

	+#ifndef WITHOUT_CAPSICUM
	+#include <capsicum_helpers.h>
	+#endif
	#include <err.h>
	#include <errno.h>
	#include <fcntl.h>
	@@ -158,7 +161,7 @@

	#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_READ);
	- if (cap_rights_limit(fd, &rights) == -1 && errno != ENOSYS)
	+ if (caph_rights_limit(fd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	#endif

	Index: head/usr.sbin/bhyve/rfb.c
	===================================================================
	--- head/usr.sbin/bhyve/rfb.c
	+++ head/usr.sbin/bhyve/rfb.c
	@@ -45,6 +45,9 @@
	#include <netdb.h>

	#include <assert.h>
	+#ifndef WITHOUT_CAPSICUM
	+#include <capsicum_helpers.h>
	+#endif
	#include <err.h>
	#include <errno.h>
	#include <pthread.h>
	@@ -1024,7 +1027,7 @@

	#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE);
	- if (cap_rights_limit(rc->sfd, &rights) == -1 && errno != ENOSYS)
	+ if (caph_rights_limit(rc->sfd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	#endif

	Index: head/usr.sbin/bhyve/uart_emul.c
	===================================================================
	--- head/usr.sbin/bhyve/uart_emul.c
	+++ head/usr.sbin/bhyve/uart_emul.c
	@@ -684,14 +684,12 @@
	#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_EVENT, CAP_IOCTL, CAP_READ,
	CAP_WRITE);
	- if (cap_rights_limit(sc->tty.fd, &rights) == -1 &&
	- errno != ENOSYS)
	+ if (caph_rights_limit(sc->tty.fd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	- if (cap_ioctls_limit(sc->tty.fd, cmds, nitems(cmds)) == -1 &&
	- errno != ENOSYS)
	+ if (caph_ioctls_limit(sc->tty.fd, cmds, nitems(cmds)) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	if (!uart_stdio) {
	- if (caph_limit_stdin() == -1 && errno != ENOSYS)
	+ if (caph_limit_stdin() == -1)
	errx(EX_OSERR,
	"Unable to apply rights for sandbox");
	}

File Metadata

Mime Type: text/plain
Expires: Sat, Jan 31, 9:44 PM (1 h, 33 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 28195079
Default Alt Text: D18744.id.diff (10 KB)

D18744.id.diffNo OneTemporaryActions

D18744.id.diffView Options

File Metadata

Event Timeline

D18744.id.diff
No OneTemporary
Actions

D18744.id.diff
View Options