From owner-svn-src-all@FreeBSD.ORG Sat May 14 16:55:25 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 01020106566C; Sat, 14 May 2011 16:55:25 +0000 (UTC) (envelope-from pjd@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id E4D908FC12; Sat, 14 May 2011 16:55:24 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p4EGtO5S009500; Sat, 14 May 2011 16:55:24 GMT (envelope-from pjd@svn.freebsd.org) Received: (from pjd@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p4EGtO34009498; Sat, 14 May 2011 16:55:24 GMT (envelope-from pjd@svn.freebsd.org) Message-Id: <201105141655.p4EGtO34009498@svn.freebsd.org> From: Pawel Jakub Dawidek Date: Sat, 14 May 2011 16:55:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r221898 - head/sbin/hastd X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 May 2011 16:55:25 -0000 Author: pjd Date: Sat May 14 16:55:24 2011 New Revision: 221898 URL: http://svn.freebsd.org/changeset/base/221898 Log: When using capsicum to sanbox, still use other methods first, just in case one of them have some problems. Modified: head/sbin/hastd/subr.c Modified: head/sbin/hastd/subr.c ============================================================================== --- head/sbin/hastd/subr.c Sat May 14 15:24:15 2011 (r221897) +++ head/sbin/hastd/subr.c Sat May 14 16:55:24 2011 (r221898) @@ -153,15 +153,7 @@ drop_privs(bool usecapsicum) uid_t ruid, euid, suid; gid_t rgid, egid, sgid; gid_t gidset[1]; - - if (usecapsicum) { - if (cap_enter() == 0) { - pjdlog_debug(1, - "Privileges successfully dropped using capsicum."); - return (0); - } - pjdlog_errno(LOG_WARNING, "Unable to sandbox using capsicum"); - } + bool capsicum; /* * According to getpwnam(3) we have to clear errno before calling the @@ -205,6 +197,16 @@ drop_privs(bool usecapsicum) return (-1); } + capsicum = false; + if (usecapsicum) { + if (cap_enter() == 0) { + capsicum = true; + } else { + pjdlog_errno(LOG_WARNING, + "Unable to sandbox using capsicum"); + } + } + /* * Better be sure that everything succeeded. */ @@ -221,7 +223,8 @@ drop_privs(bool usecapsicum) PJDLOG_VERIFY(gidset[0] == pw->pw_gid); pjdlog_debug(1, - "Privileges successfully dropped using chroot+setgid+setuid."); + "Privileges successfully dropped using %schroot+setgid+setuid.", + capsicum ? "capsicum+" : ""); return (0); }