Date: Wed, 12 Sep 2018 10:10:00 +0000 (UTC) From: Hans Petter Selasky <hselasky@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r338613 - head/contrib/tcpdump Message-ID: <201809121010.w8CAA0in074532@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: hselasky Date: Wed Sep 12 10:09:59 2018 New Revision: 338613 URL: https://svnweb.freebsd.org/changeset/base/338613 Log: Fix for backends which doesn't support capsicum. Not all libpcap backends use the BPF compatible set of IOCTLs. For example the mlx5 backend uses libibverbs which is currently not capsicum compatible. Disable sandboxing for such backends. MFC after: 3 days Discussed with: emaste@ Approved by: re (kib) Sponsored by: Mellanox Technologies Modified: head/contrib/tcpdump/tcpdump.c Modified: head/contrib/tcpdump/tcpdump.c ============================================================================== --- head/contrib/tcpdump/tcpdump.c Wed Sep 12 08:56:08 2018 (r338612) +++ head/contrib/tcpdump/tcpdump.c Wed Sep 12 10:09:59 2018 (r338613) @@ -2069,6 +2069,9 @@ main(int argc, char **argv) #else cansandbox = (cansandbox && ndo->ndo_nflag); #endif /* HAVE_CASPER */ + cansandbox = (cansandbox && (pcap_fileno(pd) != -1 || + RFileName != NULL)); + if (cansandbox && cap_enter() < 0 && errno != ENOSYS) error("unable to enter the capability mode"); #endif /* HAVE_CAPSICUM */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201809121010.w8CAA0in074532>