Changeset View
Changeset View
Standalone View
Standalone View
head/usr.sbin/ctld/kernel.c
| Show First 20 Lines • Show All 46 Lines • ▼ Show 20 Lines | |||||
| #include <sys/linker.h> | #include <sys/linker.h> | ||||
| #include <sys/module.h> | #include <sys/module.h> | ||||
| #include <sys/queue.h> | #include <sys/queue.h> | ||||
| #include <sys/sbuf.h> | #include <sys/sbuf.h> | ||||
| #include <sys/nv.h> | #include <sys/nv.h> | ||||
| #include <sys/stat.h> | #include <sys/stat.h> | ||||
| #include <assert.h> | #include <assert.h> | ||||
| #include <bsdxml.h> | #include <bsdxml.h> | ||||
| #include <capsicum_helpers.h> | |||||
| #include <ctype.h> | #include <ctype.h> | ||||
| #include <errno.h> | #include <errno.h> | ||||
| #include <fcntl.h> | #include <fcntl.h> | ||||
| #include <stdint.h> | #include <stdint.h> | ||||
| #include <stdio.h> | #include <stdio.h> | ||||
| #include <stdlib.h> | #include <stdlib.h> | ||||
| #include <string.h> | #include <string.h> | ||||
| #include <strings.h> | #include <strings.h> | ||||
| ▲ Show 20 Lines • Show All 1,245 Lines • ▼ Show 20 Lines | |||||
| #endif /* ICL_KERNEL_PROXY */ | #endif /* ICL_KERNEL_PROXY */ | ||||
| /* | /* | ||||
| * XXX: I CANT INTO LATIN | * XXX: I CANT INTO LATIN | ||||
| */ | */ | ||||
| void | void | ||||
| kernel_capsicate(void) | kernel_capsicate(void) | ||||
| { | { | ||||
| int error; | |||||
| cap_rights_t rights; | cap_rights_t rights; | ||||
| const unsigned long cmds[] = { CTL_ISCSI }; | const unsigned long cmds[] = { CTL_ISCSI }; | ||||
| cap_rights_init(&rights, CAP_IOCTL); | cap_rights_init(&rights, CAP_IOCTL); | ||||
| error = cap_rights_limit(ctl_fd, &rights); | if (caph_rights_limit(ctl_fd, &rights) < 0) | ||||
| if (error != 0 && errno != ENOSYS) | |||||
| log_err(1, "cap_rights_limit"); | log_err(1, "cap_rights_limit"); | ||||
| error = cap_ioctls_limit(ctl_fd, cmds, nitems(cmds)); | if (caph_ioctls_limit(ctl_fd, cmds, nitems(cmds)) < 0) | ||||
| if (error != 0 && errno != ENOSYS) | |||||
| log_err(1, "cap_ioctls_limit"); | log_err(1, "cap_ioctls_limit"); | ||||
| error = cap_enter(); | if (caph_enter() < 0) | ||||
| if (error != 0 && errno != ENOSYS) | |||||
| log_err(1, "cap_enter"); | log_err(1, "cap_enter"); | ||||
| if (cap_sandboxed()) | if (cap_sandboxed()) | ||||
| log_debugx("Capsicum capability mode enabled"); | log_debugx("Capsicum capability mode enabled"); | ||||
| else | else | ||||
| log_warnx("Capsicum capability mode not supported"); | log_warnx("Capsicum capability mode not supported"); | ||||
| } | } | ||||