Date: Sun, 4 Nov 2018 19:24:49 +0000 (UTC) From: Mariusz Zaborski <oshogbo@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r340138 - in head: bin/dd sbin/dhclient sbin/md5 usr.bin/cmp usr.bin/diff usr.bin/diff3 usr.bin/elfdump usr.bin/indent usr.bin/jot usr.bin/ktrdump usr.bin/lam usr.bin/rwho usr.bin/tee u... Message-ID: <201811041924.wA4JOnGL016303@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: oshogbo Date: Sun Nov 4 19:24:49 2018 New Revision: 340138 URL: https://svnweb.freebsd.org/changeset/base/340138 Log: capsicum: use a new capsicum helpers in tools Use caph_{rights,ioctls,fcntls}_limit to simplify the code. Modified: head/bin/dd/dd.c head/sbin/dhclient/bpf.c head/sbin/dhclient/dhclient.c head/sbin/md5/md5.c head/usr.bin/cmp/cmp.c head/usr.bin/diff/diffreg.c head/usr.bin/diff3/diff3.c head/usr.bin/elfdump/elfdump.c head/usr.bin/indent/indent.c head/usr.bin/jot/jot.c head/usr.bin/ktrdump/ktrdump.c head/usr.bin/lam/lam.c head/usr.bin/rwho/rwho.c head/usr.bin/tee/tee.c head/usr.bin/uniq/uniq.c head/usr.bin/units/units.c head/usr.bin/write/write.c head/usr.sbin/rwhod/rwhod.c Modified: head/bin/dd/dd.c ============================================================================== --- head/bin/dd/dd.c Sun Nov 4 19:21:12 2018 (r340137) +++ head/bin/dd/dd.c Sun Nov 4 19:24:49 2018 (r340138) @@ -157,7 +157,7 @@ setup(void) getfdtype(&in); cap_rights_init(&rights, CAP_READ, CAP_SEEK); - if (cap_rights_limit(in.fd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(in.fd, &rights) == -1) err(1, "unable to limit capability rights"); if (files_cnt > 1 && !(in.flags & ISTAPE)) @@ -188,10 +188,9 @@ setup(void) getfdtype(&out); - if (cap_rights_limit(out.fd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(out.fd, &rights) == -1) err(1, "unable to limit capability rights"); - if (cap_ioctls_limit(out.fd, cmds, nitems(cmds)) == -1 && - errno != ENOSYS) + if (caph_ioctls_limit(out.fd, cmds, nitems(cmds)) == -1) err(1, "unable to limit capability rights"); if (in.fd != STDIN_FILENO && out.fd != STDIN_FILENO) { Modified: head/sbin/dhclient/bpf.c ============================================================================== --- head/sbin/dhclient/bpf.c Sun Nov 4 19:21:12 2018 (r340137) +++ head/sbin/dhclient/bpf.c Sun Nov 4 19:24:49 2018 (r340138) @@ -57,6 +57,8 @@ __FBSDID("$FreeBSD$"); #include <netinet/udp.h> #include <netinet/if_ether.h> +#include <capsicum_helpers.h> + #define BPF_FORMAT "/dev/bpf%d" /* @@ -164,7 +166,7 @@ if_register_send(struct interface_info *info) error("Cannot lock bpf"); cap_rights_init(&rights, CAP_WRITE); - if (cap_rights_limit(info->wfdesc, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(info->wfdesc, &rights) < 0) error("Can't limit bpf descriptor: %m"); /* @@ -270,9 +272,9 @@ if_register_receive(struct interface_info *info) error("Cannot lock bpf"); cap_rights_init(&rights, CAP_IOCTL, CAP_EVENT, CAP_READ); - if (cap_rights_limit(info->rfdesc, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(info->rfdesc, &rights) < 0) error("Can't limit bpf descriptor: %m"); - if (cap_ioctls_limit(info->rfdesc, cmds, 2) < 0 && errno != ENOSYS) + if (caph_ioctls_limit(info->rfdesc, cmds, 2) < 0) error("Can't limit ioctls for bpf descriptor: %m"); } Modified: head/sbin/dhclient/dhclient.c ============================================================================== --- head/sbin/dhclient/dhclient.c Sun Nov 4 19:21:12 2018 (r340137) +++ head/sbin/dhclient/dhclient.c Sun Nov 4 19:24:49 2018 (r340138) @@ -512,7 +512,7 @@ main(int argc, char *argv[]) close(pipe_fd[0]); privfd = pipe_fd[1]; cap_rights_init(&rights, CAP_READ, CAP_WRITE); - if (cap_rights_limit(privfd, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(privfd, &rights) < 0) error("can't limit private descriptor: %m"); if ((fd = open(path_dhclient_db, O_RDONLY|O_EXLOCK|O_CREAT, 0)) == -1) @@ -526,7 +526,7 @@ main(int argc, char *argv[]) if (shutdown(routefd, SHUT_WR) < 0) error("can't shutdown route socket: %m"); cap_rights_init(&rights, CAP_EVENT, CAP_READ); - if (cap_rights_limit(routefd, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(routefd, &rights) < 0) error("can't limit route socket: %m"); endpwent(); @@ -1928,12 +1928,10 @@ rewrite_client_leases(void) error("can't create %s: %m", path_dhclient_db); cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_FSYNC, CAP_FTRUNCATE, CAP_SEEK, CAP_WRITE); - if (cap_rights_limit(fileno(leaseFile), &rights) < 0 && - errno != ENOSYS) { + if (caph_rights_limit(fileno(leaseFile), &rights) < 0) { error("can't limit lease descriptor: %m"); } - if (cap_fcntls_limit(fileno(leaseFile), CAP_FCNTL_GETFL) < 0 && - errno != ENOSYS) { + if (caph_fcntls_limit(fileno(leaseFile), CAP_FCNTL_GETFL) < 0) { error("can't limit lease descriptor fcntls: %m"); } } else { @@ -2460,20 +2458,24 @@ go_daemon(void) cap_rights_init(&rights); - if (pidfile != NULL) + if (pidfile != NULL) { pidfile_write(pidfile); + if (caph_rights_limit(pidfile_fileno(pidfile), &rights) < 0) + error("can't limit pidfile descriptor: %m"); + } + if (nullfd != -1) { close(nullfd); nullfd = -1; } - if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(STDIN_FILENO, &rights) < 0) error("can't limit stdin: %m"); cap_rights_init(&rights, CAP_WRITE); - if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(STDOUT_FILENO, &rights) < 0) error("can't limit stdout: %m"); - if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(STDERR_FILENO, &rights) < 0) error("can't limit stderr: %m"); } Modified: head/sbin/md5/md5.c ============================================================================== --- head/sbin/md5/md5.c Sun Nov 4 19:21:12 2018 (r340137) +++ head/sbin/md5/md5.c Sun Nov 4 19:24:49 2018 (r340138) @@ -242,8 +242,8 @@ main(int argc, char *argv[]) if (*(argv + 1) == NULL) { #ifdef HAVE_CAPSICUM cap_rights_init(&rights, CAP_READ); - if ((cap_rights_limit(fd, &rights) < 0 && - errno != ENOSYS) || caph_enter() < 0) + if (caph_rights_limit(fd, &rights) < 0 || + caph_enter() < 0) err(1, "capsicum"); #endif } Modified: head/usr.bin/cmp/cmp.c ============================================================================== --- head/usr.bin/cmp/cmp.c Sun Nov 4 19:21:12 2018 (r340137) +++ head/usr.bin/cmp/cmp.c Sun Nov 4 19:24:49 2018 (r340138) @@ -163,22 +163,21 @@ main(int argc, char *argv[]) } cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_MMAP_R); - if (cap_rights_limit(fd1, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(fd1, &rights) < 0) err(ERR_EXIT, "unable to limit rights for %s", file1); - if (cap_rights_limit(fd2, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(fd2, &rights) < 0) err(ERR_EXIT, "unable to limit rights for %s", file2); /* Required for fdopen(3). */ fcntls = CAP_FCNTL_GETFL; - if (cap_fcntls_limit(fd1, fcntls) < 0 && errno != ENOSYS) + if (caph_fcntls_limit(fd1, fcntls) < 0) err(ERR_EXIT, "unable to limit fcntls for %s", file1); - if (cap_fcntls_limit(fd2, fcntls) < 0 && errno != ENOSYS) + if (caph_fcntls_limit(fd2, fcntls) < 0) err(ERR_EXIT, "unable to limit fcntls for %s", file2); if (!special) { cap_rights_init(&rights); - if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && - errno != ENOSYS) { + if (caph_rights_limit(STDIN_FILENO, &rights) < 0) { err(ERR_EXIT, "unable to limit stdio"); } } Modified: head/usr.bin/diff/diffreg.c ============================================================================== --- head/usr.bin/diff/diffreg.c Sun Nov 4 19:21:12 2018 (r340137) +++ head/usr.bin/diff/diffreg.c Sun Nov 4 19:24:49 2018 (r340138) @@ -319,11 +319,9 @@ diffreg(char *file1, char *file2, int flags, int capsi if (capsicum) { cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK); - if (cap_rights_limit(fileno(f1), &rights_ro) < 0 - && errno != ENOSYS) + if (caph_rights_limit(fileno(f1), &rights_ro) < 0) err(2, "unable to limit rights on: %s", file1); - if (cap_rights_limit(fileno(f2), &rights_ro) < 0 && - errno != ENOSYS) + if (caph_rights_limit(fileno(f2), &rights_ro) < 0) err(2, "unable to limit rights on: %s", file2); if (fileno(f1) == STDIN_FILENO || fileno(f2) == STDIN_FILENO) { /* stding has already been limited */ Modified: head/usr.bin/diff3/diff3.c ============================================================================== --- head/usr.bin/diff3/diff3.c Sun Nov 4 19:21:12 2018 (r340137) +++ head/usr.bin/diff3/diff3.c Sun Nov 4 19:24:49 2018 (r340138) @@ -717,19 +717,19 @@ main(int argc, char **argv) fp[0] = fopen(file1, "r"); if (fp[0] == NULL) err(2, "Can't open %s", file1); - if (cap_rights_limit(fileno(fp[0]), &rights_ro) < 0) + if (caph_rights_limit(fileno(fp[0]), &rights_ro) < 0) err(2, "unable to limit rights on: %s", file1); fp[1] = fopen(file2, "r"); if (fp[1] == NULL) err(2, "Can't open %s", file2); - if (cap_rights_limit(fileno(fp[1]), &rights_ro) < 0) + if (caph_rights_limit(fileno(fp[1]), &rights_ro) < 0) err(2, "unable to limit rights on: %s", file2); fp[2] = fopen(file3, "r"); if (fp[2] == NULL) err(2, "Can't open %s", file3); - if (cap_rights_limit(fileno(fp[2]), &rights_ro) < 0) + if (caph_rights_limit(fileno(fp[2]), &rights_ro) < 0) err(2, "unable to limit rights on: %s", file3); if (pipe(fd13)) Modified: head/usr.bin/elfdump/elfdump.c ============================================================================== --- head/usr.bin/elfdump/elfdump.c Sun Nov 4 19:21:12 2018 (r340137) +++ head/usr.bin/elfdump/elfdump.c Sun Nov 4 19:24:49 2018 (r340138) @@ -557,7 +557,7 @@ main(int ac, char **av) if ((out = fopen(optarg, "w")) == NULL) err(1, "%s", optarg); cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE); - if (cap_rights_limit(fileno(out), &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(fileno(out), &rights) < 0) err(1, "unable to limit rights for %s", optarg); break; case '?': @@ -572,10 +572,10 @@ main(int ac, char **av) fstat(fd, &sb) < 0) err(1, "%s", *av); cap_rights_init(&rights, CAP_MMAP_R); - if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(fd, &rights) < 0) err(1, "unable to limit rights for %s", *av); cap_rights_init(&rights); - if ((cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) || + if (caph_rights_limit(STDIN_FILENO, &rights) < 0 || caph_limit_stdout() < 0 || caph_limit_stderr() < 0) { err(1, "unable to limit rights for stdio"); } Modified: head/usr.bin/indent/indent.c ============================================================================== --- head/usr.bin/indent/indent.c Sun Nov 4 19:21:12 2018 (r340137) +++ head/usr.bin/indent/indent.c Sun Nov 4 19:24:49 2018 (r340138) @@ -245,10 +245,10 @@ main(int argc, char **argv) /* Restrict input/output descriptors and enter Capsicum sandbox. */ cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE); - if (cap_rights_limit(fileno(output), &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(fileno(output), &rights) < 0) err(EXIT_FAILURE, "unable to limit rights for %s", out_name); cap_rights_init(&rights, CAP_FSTAT, CAP_READ); - if (cap_rights_limit(fileno(input), &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(fileno(input), &rights) < 0) err(EXIT_FAILURE, "unable to limit rights for %s", in_name); if (caph_enter() < 0) err(EXIT_FAILURE, "unable to enter capability mode"); Modified: head/usr.bin/jot/jot.c ============================================================================== --- head/usr.bin/jot/jot.c Sun Nov 4 19:21:12 2018 (r340137) +++ head/usr.bin/jot/jot.c Sun Nov 4 19:24:49 2018 (r340138) @@ -114,7 +114,7 @@ main(int argc, char **argv) if (caph_limit_stdio() < 0) err(1, "unable to limit rights for stdio"); cap_rights_init(&rights); - if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(STDIN_FILENO, &rights) < 0) err(1, "unable to limit rights for stdin"); /* Modified: head/usr.bin/ktrdump/ktrdump.c ============================================================================== --- head/usr.bin/ktrdump/ktrdump.c Sun Nov 4 19:21:12 2018 (r340137) +++ head/usr.bin/ktrdump/ktrdump.c Sun Nov 4 19:24:49 2018 (r340138) @@ -132,8 +132,7 @@ main(int ac, char **av) if ((in = open(optarg, O_RDONLY)) == -1) err(1, "%s", optarg); cap_rights_init(&rights, CAP_FSTAT, CAP_MMAP_R); - if (cap_rights_limit(in, &rights) < 0 && - errno != ENOSYS) + if (caph_rights_limit(in, &rights) < 0) err(1, "unable to limit rights for %s", optarg); break; Modified: head/usr.bin/lam/lam.c ============================================================================== --- head/usr.bin/lam/lam.c Sun Nov 4 19:21:12 2018 (r340137) +++ head/usr.bin/lam/lam.c Sun Nov 4 19:24:49 2018 (r340138) @@ -136,8 +136,7 @@ getargs(char *av[]) else if ((ip->fp = fopen(p, "r")) == NULL) { err(1, "%s", p); } - if (cap_rights_limit(fileno(ip->fp), &rights_ro) < 0 - && errno != ENOSYS) + if (caph_rights_limit(fileno(ip->fp), &rights_ro) < 0) err(1, "unable to limit rights on: %s", p); ip->pad = P; if (!ip->sepstring) Modified: head/usr.bin/rwho/rwho.c ============================================================================== --- head/usr.bin/rwho/rwho.c Sun Nov 4 19:21:12 2018 (r340137) +++ head/usr.bin/rwho/rwho.c Sun Nov 4 19:24:49 2018 (r340138) @@ -129,7 +129,7 @@ main(int argc, char *argv[]) dfd = dirfd(dirp); mp = myutmp; cap_rights_init(&rights, CAP_READ, CAP_LOOKUP); - if (cap_rights_limit(dfd, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(dfd, &rights) < 0) err(1, "cap_rights_limit failed: %s", _PATH_RWHODIR); /* * Cache files required for time(3) and localtime(3) before entering @@ -147,7 +147,7 @@ main(int argc, char *argv[]) f = openat(dfd, dp->d_name, O_RDONLY); if (f < 0) continue; - if (cap_rights_limit(f, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(f, &rights) < 0) err(1, "cap_rights_limit failed: %s", dp->d_name); cc = read(f, (char *)&wd, sizeof(struct whod)); if (cc < WHDRSIZE) { Modified: head/usr.bin/tee/tee.c ============================================================================== --- head/usr.bin/tee/tee.c Sun Nov 4 19:21:12 2018 (r340137) +++ head/usr.bin/tee/tee.c Sun Nov 4 19:24:49 2018 (r340138) @@ -147,7 +147,7 @@ add(int fd, const char *name) err(EXIT_FAILURE, "unable to limit stdout"); } else { cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT); - if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(fd, &rights) < 0) err(EXIT_FAILURE, "unable to limit rights"); } Modified: head/usr.bin/uniq/uniq.c ============================================================================== --- head/usr.bin/uniq/uniq.c Sun Nov 4 19:21:12 2018 (r340137) +++ head/usr.bin/uniq/uniq.c Sun Nov 4 19:24:49 2018 (r340138) @@ -143,14 +143,14 @@ main (int argc, char *argv[]) if (argc > 0 && strcmp(argv[0], "-") != 0) ifp = file(ifn = argv[0], "r"); cap_rights_init(&rights, CAP_FSTAT, CAP_READ); - if (cap_rights_limit(fileno(ifp), &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(fileno(ifp), &rights) < 0) err(1, "unable to limit rights for %s", ifn); cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE); if (argc > 1) ofp = file(argv[1], "w"); else cap_rights_set(&rights, CAP_IOCTL); - if (cap_rights_limit(fileno(ofp), &rights) < 0 && errno != ENOSYS) { + if (caph_rights_limit(fileno(ofp), &rights) < 0) { err(1, "unable to limit rights for %s", argc > 1 ? argv[1] : "stdout"); } @@ -159,8 +159,7 @@ main (int argc, char *argv[]) cmd = TIOCGETA; /* required by isatty(3) in printf(3) */ - if (cap_ioctls_limit(fileno(ofp), &cmd, 1) < 0 && - errno != ENOSYS) { + if (caph_ioctls_limit(fileno(ofp), &cmd, 1) < 0) { err(1, "unable to limit ioctls for %s", argc > 1 ? argv[1] : "stdout"); } Modified: head/usr.bin/units/units.c ============================================================================== --- head/usr.bin/units/units.c Sun Nov 4 19:21:12 2018 (r340137) +++ head/usr.bin/units/units.c Sun Nov 4 19:24:49 2018 (r340138) @@ -156,8 +156,7 @@ readunits(const char *userfile) } } cap_rights_init(&unitfilerights, CAP_READ, CAP_FSTAT); - if (cap_rights_limit(fileno(unitfile), &unitfilerights) < 0 - && errno != ENOSYS) + if (caph_rights_limit(fileno(unitfile), &unitfilerights) < 0) err(1, "cap_rights_limit() failed"); while (!feof(unitfile)) { if (!fgets(line, sizeof(line), unitfile)) Modified: head/usr.bin/write/write.c ============================================================================== --- head/usr.bin/write/write.c Sun Nov 4 19:21:12 2018 (r340137) +++ head/usr.bin/write/write.c Sun Nov 4 19:24:49 2018 (r340138) @@ -97,7 +97,7 @@ main(int argc, char **argv) err(1, "open(/dev)"); cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_IOCTL, CAP_LOOKUP, CAP_PWRITE); - if (cap_rights_limit(devfd, &rights) < 0 && errno != ENOSYS) + if (caph_rights_limit(devfd, &rights) < 0) err(1, "can't limit devfd rights"); /* @@ -106,15 +106,15 @@ main(int argc, char **argv) */ cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_IOCTL, CAP_READ, CAP_WRITE); - if ((cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) || - (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) || - (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) || - (cap_ioctls_limit(STDIN_FILENO, cmds, nitems(cmds)) < 0 && errno != ENOSYS) || - (cap_ioctls_limit(STDOUT_FILENO, cmds, nitems(cmds)) < 0 && errno != ENOSYS) || - (cap_ioctls_limit(STDERR_FILENO, cmds, nitems(cmds)) < 0 && errno != ENOSYS) || - (cap_fcntls_limit(STDIN_FILENO, CAP_FCNTL_GETFL) < 0 && errno != ENOSYS) || - (cap_fcntls_limit(STDOUT_FILENO, CAP_FCNTL_GETFL) < 0 && errno != ENOSYS) || - (cap_fcntls_limit(STDERR_FILENO, CAP_FCNTL_GETFL) < 0 && errno != ENOSYS)) + if (caph_rights_limit(STDIN_FILENO, &rights) < 0 || + caph_rights_limit(STDOUT_FILENO, &rights) < 0 || + caph_rights_limit(STDERR_FILENO, &rights) < 0 || + caph_ioctls_limit(STDIN_FILENO, cmds, nitems(cmds)) < 0 || + caph_ioctls_limit(STDOUT_FILENO, cmds, nitems(cmds)) < 0 || + caph_ioctls_limit(STDERR_FILENO, cmds, nitems(cmds)) < 0 || + caph_fcntls_limit(STDIN_FILENO, CAP_FCNTL_GETFL) < 0 || + caph_fcntls_limit(STDOUT_FILENO, CAP_FCNTL_GETFL) < 0 || + caph_fcntls_limit(STDERR_FILENO, CAP_FCNTL_GETFL) < 0) err(1, "can't limit stdio rights"); caph_cache_catpages(); Modified: head/usr.sbin/rwhod/rwhod.c ============================================================================== --- head/usr.sbin/rwhod/rwhod.c Sun Nov 4 19:21:12 2018 (r340137) +++ head/usr.sbin/rwhod/rwhod.c Sun Nov 4 19:24:49 2018 (r340138) @@ -369,7 +369,7 @@ receiver_process(void) } cap_rights_init(&rights, CAP_CREATE, CAP_FSTAT, CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK, CAP_WRITE); - if (cap_rights_limit(dirfd, &rights) < 0 && errno != ENOSYS) { + if (caph_rights_limit(dirfd, &rights) < 0) { syslog(LOG_WARNING, "cap_rights_limit: %m"); exit(1); } @@ -415,7 +415,7 @@ receiver_process(void) continue; } cap_rights_init(&rights, CAP_FSTAT, CAP_FTRUNCATE, CAP_WRITE); - if (cap_rights_limit(whod, &rights) < 0 && errno != ENOSYS) { + if (caph_rights_limit(whod, &rights) < 0) { syslog(LOG_WARNING, "cap_rights_limit: %m"); exit(1); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811041924.wA4JOnGL016303>