From owner-svn-src-all@freebsd.org Mon Sep 17 11:24:16 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C90551099E20; Mon, 17 Sep 2018 11:24:16 +0000 (UTC) (envelope-from hselasky@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7EE0D78455; Mon, 17 Sep 2018 11:24:16 +0000 (UTC) (envelope-from hselasky@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 79B7B105EF; Mon, 17 Sep 2018 11:24:16 +0000 (UTC) (envelope-from hselasky@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w8HBOGJA015375; Mon, 17 Sep 2018 11:24:16 GMT (envelope-from hselasky@FreeBSD.org) Received: (from hselasky@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w8HBOG5D015374; Mon, 17 Sep 2018 11:24:16 GMT (envelope-from hselasky@FreeBSD.org) Message-Id: <201809171124.w8HBOG5D015374@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: hselasky set sender to hselasky@FreeBSD.org using -f From: Hans Petter Selasky Date: Mon, 17 Sep 2018 11:24:16 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r338709 - stable/11/contrib/tcpdump X-SVN-Group: stable-11 X-SVN-Commit-Author: hselasky X-SVN-Commit-Paths: stable/11/contrib/tcpdump X-SVN-Commit-Revision: 338709 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Sep 2018 11:24:17 -0000 Author: hselasky Date: Mon Sep 17 11:24:16 2018 New Revision: 338709 URL: https://svnweb.freebsd.org/changeset/base/338709 Log: MFC r338613: Fix for backends which doesn't support capsicum. Not all libpcap backends use the BPF compatible set of IOCTLs. For example the mlx5 backend uses libibverbs which is currently not capsicum compatible. Disable sandboxing for such backends. Discussed with: emaste@ Sponsored by: Mellanox Technologies Modified: stable/11/contrib/tcpdump/tcpdump.c Directory Properties: stable/11/ (props changed) Modified: stable/11/contrib/tcpdump/tcpdump.c ============================================================================== --- stable/11/contrib/tcpdump/tcpdump.c Mon Sep 17 10:10:14 2018 (r338708) +++ stable/11/contrib/tcpdump/tcpdump.c Mon Sep 17 11:24:16 2018 (r338709) @@ -2069,6 +2069,9 @@ main(int argc, char **argv) #else cansandbox = (cansandbox && ndo->ndo_nflag); #endif /* HAVE_CASPER */ + cansandbox = (cansandbox && (pcap_fileno(pd) != -1 || + RFileName != NULL)); + if (cansandbox && cap_enter() < 0 && errno != ENOSYS) error("unable to enter the capability mode"); #endif /* HAVE_CAPSICUM */