Differential D15939 Diff 44188 usr.sbin/iscsid/iscsid.c

Changeset View

Standalone View

usr.sbin/iscsid/iscsid.c

	Show All 36 Lines
	#include <sys/time.h>			#include <sys/time.h>
	#include <sys/ioctl.h>			#include <sys/ioctl.h>
	#include <sys/param.h>			#include <sys/param.h>
	#include <sys/linker.h>			#include <sys/linker.h>
	#include <sys/socket.h>			#include <sys/socket.h>
	#include <sys/capsicum.h>			#include <sys/capsicum.h>
	#include <sys/wait.h>			#include <sys/wait.h>
	#include <assert.h>			#include <assert.h>
				#include <capsicum_helpers.h>
	#include <errno.h>			#include <errno.h>
	#include <fcntl.h>			#include <fcntl.h>
	#include <libutil.h>			#include <libutil.h>
	#include <netdb.h>			#include <netdb.h>
	#include <signal.h>			#include <signal.h>
	#include <stdbool.h>			#include <stdbool.h>
	#include <stdint.h>			#include <stdint.h>
	#include <stdio.h>			#include <stdio.h>
	▲ Show 20 Lines • Show All 291 Lines • ▼ Show 20 Lines
	}			}

	/*			/*
	* XXX: I CANT INTO LATIN			* XXX: I CANT INTO LATIN
	*/			*/
	static void			static void
	capsicate(struct connection *conn)			capsicate(struct connection *conn)
	{			{
	int error;
	cap_rights_t rights;			cap_rights_t rights;
	#ifdef ICL_KERNEL_PROXY			#ifdef ICL_KERNEL_PROXY
	const unsigned long cmds[] = { ISCSIDCONNECT, ISCSIDSEND, ISCSIDRECEIVE,			const unsigned long cmds[] = { ISCSIDCONNECT, ISCSIDSEND, ISCSIDRECEIVE,
	ISCSIDHANDOFF, ISCSIDFAIL, ISCSISADD, ISCSISREMOVE, ISCSISMODIFY };			ISCSIDHANDOFF, ISCSIDFAIL, ISCSISADD, ISCSISREMOVE, ISCSISMODIFY };
	#else			#else
	const unsigned long cmds[] = { ISCSIDHANDOFF, ISCSIDFAIL, ISCSISADD,			const unsigned long cmds[] = { ISCSIDHANDOFF, ISCSIDFAIL, ISCSISADD,
	ISCSISREMOVE, ISCSISMODIFY };			ISCSISREMOVE, ISCSISMODIFY };
	#endif			#endif

				if (caph_enter() < 0)
				log_err(1, "cap_enter");

	cap_rights_init(&rights, CAP_IOCTL);			cap_rights_init(&rights, CAP_IOCTL);
	error = cap_rights_limit(conn->conn_iscsi_fd, &rights);			if (cap_rights_limit(conn->conn_iscsi_fd, &rights) < 0)
	if (error != 0 && errno != ENOSYS)
	log_err(1, "cap_rights_limit");			log_err(1, "cap_rights_limit");

	error = cap_ioctls_limit(conn->conn_iscsi_fd, cmds, nitems(cmds));			if (cap_ioctls_limit(conn->conn_iscsi_fd, cmds, nitems(cmds)) < 0)

	if (error != 0 && errno != ENOSYS)
	log_err(1, "cap_ioctls_limit");			log_err(1, "cap_ioctls_limit");

	error = cap_enter();
	if (error != 0 && errno != ENOSYS)
	log_err(1, "cap_enter");

	if (cap_sandboxed())			if (cap_sandboxed())
	log_debugx("Capsicum capability mode enabled");			log_debugx("Capsicum capability mode enabled");
	else			else
	log_warnx("Capsicum capability mode not supported");			log_warnx("Capsicum capability mode not supported");
	}			}

	bool			bool
	▲ Show 20 Lines • Show All 262 Lines • Show Last 20 Lines