Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 24 Oct 2022 21:33:48 GMT
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: fb7ce0a95ef1 - main - bhyve: Use the new vm_limit_rights() interface
Message-ID:  <202210242133.29OLXmB5038630@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=fb7ce0a95ef1e796c10def3ed660e487ffb77c75

commit fb7ce0a95ef1e796c10def3ed660e487ffb77c75
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2022-10-24 21:32:04 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2022-10-24 21:33:13 +0000

    bhyve: Use the new vm_limit_rights() interface
    
    This addresses a compiler warning arising from the fact that bhyve
    needs to cast away a const qualifier in order to call free().
    
    No functional change intended.
    
    Reviewed by:    jhb
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D37099
---
 usr.sbin/bhyve/bhyverun.c | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/usr.sbin/bhyve/bhyverun.c b/usr.sbin/bhyve/bhyverun.c
index 6e7eed747e97..a0261e755cfc 100644
--- a/usr.sbin/bhyve/bhyverun.c
+++ b/usr.sbin/bhyve/bhyverun.c
@@ -1103,11 +1103,6 @@ do_open(const char *vmname)
 	struct vmctx *ctx;
 	int error;
 	bool reinit, romboot;
-#ifndef WITHOUT_CAPSICUM
-	cap_rights_t rights;
-	const cap_ioctl_t *cmds;
-	size_t ncmds;
-#endif
 
 	reinit = romboot = false;
 
@@ -1147,16 +1142,8 @@ do_open(const char *vmname)
 	}
 
 #ifndef WITHOUT_CAPSICUM
-	cap_rights_init(&rights, CAP_IOCTL, CAP_MMAP_RW);
-	if (caph_rights_limit(vm_get_device_fd(ctx), &rights) == -1)
-		errx(EX_OSERR, "Unable to apply rights for sandbox");
-	vm_get_ioctls(&ncmds);
-	cmds = vm_get_ioctls(NULL);
-	if (cmds == NULL)
-		errx(EX_OSERR, "out of memory");
-	if (caph_ioctls_limit(vm_get_device_fd(ctx), cmds, ncmds) == -1)
-		errx(EX_OSERR, "Unable to apply rights for sandbox");
-	free((cap_ioctl_t *)cmds);
+	if (vm_limit_rights(ctx) != 0)
+		err(EX_OSERR, "vm_limit_rights");
 #endif
 
 	if (reinit) {

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202210242133.29OLXmB5038630>