From owner-svn-src-head@freebsd.org Wed Sep 12 10:10:00 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AA464108E522; Wed, 12 Sep 2018 10:10:00 +0000 (UTC) (envelope-from hselasky@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3C1127BB87; Wed, 12 Sep 2018 10:10:00 +0000 (UTC) (envelope-from hselasky@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 371D525050; Wed, 12 Sep 2018 10:10:00 +0000 (UTC) (envelope-from hselasky@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w8CAA0J8074533; Wed, 12 Sep 2018 10:10:00 GMT (envelope-from hselasky@FreeBSD.org) Received: (from hselasky@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w8CAA0in074532; Wed, 12 Sep 2018 10:10:00 GMT (envelope-from hselasky@FreeBSD.org) Message-Id: <201809121010.w8CAA0in074532@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: hselasky set sender to hselasky@FreeBSD.org using -f From: Hans Petter Selasky Date: Wed, 12 Sep 2018 10:10:00 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r338613 - head/contrib/tcpdump X-SVN-Group: head X-SVN-Commit-Author: hselasky X-SVN-Commit-Paths: head/contrib/tcpdump X-SVN-Commit-Revision: 338613 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2018 10:10:00 -0000 Author: hselasky Date: Wed Sep 12 10:09:59 2018 New Revision: 338613 URL: https://svnweb.freebsd.org/changeset/base/338613 Log: Fix for backends which doesn't support capsicum. Not all libpcap backends use the BPF compatible set of IOCTLs. For example the mlx5 backend uses libibverbs which is currently not capsicum compatible. Disable sandboxing for such backends. MFC after: 3 days Discussed with: emaste@ Approved by: re (kib) Sponsored by: Mellanox Technologies Modified: head/contrib/tcpdump/tcpdump.c Modified: head/contrib/tcpdump/tcpdump.c ============================================================================== --- head/contrib/tcpdump/tcpdump.c Wed Sep 12 08:56:08 2018 (r338612) +++ head/contrib/tcpdump/tcpdump.c Wed Sep 12 10:09:59 2018 (r338613) @@ -2069,6 +2069,9 @@ main(int argc, char **argv) #else cansandbox = (cansandbox && ndo->ndo_nflag); #endif /* HAVE_CASPER */ + cansandbox = (cansandbox && (pcap_fileno(pd) != -1 || + RFileName != NULL)); + if (cansandbox && cap_enter() < 0 && errno != ENOSYS) error("unable to enter the capability mode"); #endif /* HAVE_CAPSICUM */