FreeBSD Mail Archives

Date:      Mon, 17 Sep 2018 11:24:16 +0000 (UTC)
From:      Hans Petter Selasky <hselasky@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r338709 - stable/11/contrib/tcpdump
Message-ID:  <201809171124.w8HBOG5D015374@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: hselasky
Date: Mon Sep 17 11:24:16 2018
New Revision: 338709
URL: https://svnweb.freebsd.org/changeset/base/338709

Log:
  MFC r338613:
  Fix for backends which doesn't support capsicum.
  
  Not all libpcap backends use the BPF compatible set
  of IOCTLs. For example the mlx5 backend uses libibverbs
  which is currently not capsicum compatible.
  
  Disable sandboxing for such backends.
  
  Discussed with:		emaste@
  Sponsored by:		Mellanox Technologies

Modified:
  stable/11/contrib/tcpdump/tcpdump.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/contrib/tcpdump/tcpdump.c
==============================================================================
--- stable/11/contrib/tcpdump/tcpdump.c	Mon Sep 17 10:10:14 2018	(r338708)
+++ stable/11/contrib/tcpdump/tcpdump.c	Mon Sep 17 11:24:16 2018	(r338709)
@@ -2069,6 +2069,9 @@ main(int argc, char **argv)
 #else
 	cansandbox = (cansandbox && ndo->ndo_nflag);
 #endif	/* HAVE_CASPER */
+	cansandbox = (cansandbox && (pcap_fileno(pd) != -1 ||
+	    RFileName != NULL));
+
 	if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
 		error("unable to enter the capability mode");
 #endif	/* HAVE_CAPSICUM */

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201809171124.w8HBOG5D015374>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation