Date: Fri, 30 Nov 2018 19:40:16 +0000 (UTC) From: Mariusz Zaborski <oshogbo@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r341348 - in head/usr.sbin: ctld iscsid Message-ID: <201811301940.wAUJeGJl079044@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: oshogbo Date: Fri Nov 30 19:40:16 2018 New Revision: 341348 URL: https://svnweb.freebsd.org/changeset/base/341348 Log: iscsi: simplify the capsicumization Approved by: trasz Differential Revision: https://reviews.freebsd.org/D17962 Modified: head/usr.sbin/ctld/kernel.c head/usr.sbin/iscsid/iscsid.c Modified: head/usr.sbin/ctld/kernel.c ============================================================================== --- head/usr.sbin/ctld/kernel.c Fri Nov 30 19:27:14 2018 (r341347) +++ head/usr.sbin/ctld/kernel.c Fri Nov 30 19:40:16 2018 (r341348) @@ -52,6 +52,7 @@ __FBSDID("$FreeBSD$"); #include <sys/stat.h> #include <assert.h> #include <bsdxml.h> +#include <capsicum_helpers.h> #include <ctype.h> #include <errno.h> #include <fcntl.h> @@ -1313,22 +1314,17 @@ kernel_receive(struct pdu *pdu) void kernel_capsicate(void) { - int error; cap_rights_t rights; const unsigned long cmds[] = { CTL_ISCSI }; cap_rights_init(&rights, CAP_IOCTL); - error = cap_rights_limit(ctl_fd, &rights); - if (error != 0 && errno != ENOSYS) + if (caph_rights_limit(ctl_fd, &rights) < 0) log_err(1, "cap_rights_limit"); - error = cap_ioctls_limit(ctl_fd, cmds, nitems(cmds)); - - if (error != 0 && errno != ENOSYS) + if (caph_ioctls_limit(ctl_fd, cmds, nitems(cmds)) < 0) log_err(1, "cap_ioctls_limit"); - error = cap_enter(); - if (error != 0 && errno != ENOSYS) + if (caph_enter() < 0) log_err(1, "cap_enter"); if (cap_sandboxed()) Modified: head/usr.sbin/iscsid/iscsid.c ============================================================================== --- head/usr.sbin/iscsid/iscsid.c Fri Nov 30 19:27:14 2018 (r341347) +++ head/usr.sbin/iscsid/iscsid.c Fri Nov 30 19:40:16 2018 (r341348) @@ -42,6 +42,7 @@ __FBSDID("$FreeBSD$"); #include <sys/capsicum.h> #include <sys/wait.h> #include <assert.h> +#include <capsicum_helpers.h> #include <errno.h> #include <fcntl.h> #include <libutil.h> @@ -349,7 +350,6 @@ fail(const struct connection *conn, const char *reason static void capsicate(struct connection *conn) { - int error; cap_rights_t rights; #ifdef ICL_KERNEL_PROXY const unsigned long cmds[] = { ISCSIDCONNECT, ISCSIDSEND, ISCSIDRECEIVE, @@ -360,17 +360,13 @@ capsicate(struct connection *conn) #endif cap_rights_init(&rights, CAP_IOCTL); - error = cap_rights_limit(conn->conn_iscsi_fd, &rights); - if (error != 0 && errno != ENOSYS) + if (caph_rights_limit(conn->conn_iscsi_fd, &rights) < 0) log_err(1, "cap_rights_limit"); - error = cap_ioctls_limit(conn->conn_iscsi_fd, cmds, nitems(cmds)); - - if (error != 0 && errno != ENOSYS) + if (caph_ioctls_limit(conn->conn_iscsi_fd, cmds, nitems(cmds)) < 0) log_err(1, "cap_ioctls_limit"); - error = cap_enter(); - if (error != 0 && errno != ENOSYS) + if (caph_enter() != 0) log_err(1, "cap_enter"); if (cap_sandboxed())
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811301940.wAUJeGJl079044>