D21053.1779450323.diff
No OneTemporary
Actions

Size

17 KB

Referenced Files

None

Subscribers

None

D21053.1779450323.diff
View Options

	Index: usr.sbin/bhyve/audio.c
	===================================================================
	--- usr.sbin/bhyve/audio.c
	+++ usr.sbin/bhyve/audio.c
	@@ -30,10 +30,7 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#ifndef WITHOUT_CAPSICUM
	-#include <sys/capsicum.h>
	#include <capsicum_helpers.h>
	-#endif

	#include <stdio.h>
	#include <stdlib.h>
	@@ -72,7 +69,6 @@
	audio_init(const char *dev_name, uint8_t dir)
	{
	struct audio *aud = NULL;
	-#ifndef WITHOUT_CAPSICUM
	cap_rights_t rights;
	cap_ioctl_t cmds[] = {
	SNDCTL_DSP_RESET, SNDCTL_DSP_SETFMT, SNDCTL_DSP_CHANNELS,
	@@ -81,7 +77,6 @@
	SNDCTL_DSP_GETOSPACE, SNDCTL_DSP_GETISPACE,
	#endif
	};
	-#endif

	assert(dev_name);

	@@ -107,13 +102,11 @@
	return (NULL);
	}

	-#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_IOCTL, CAP_READ, CAP_WRITE);
	if (caph_rights_limit(aud->fd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	if (caph_ioctls_limit(aud->fd, cmds, nitems(cmds)) == -1)
	errx(EX_OSERR, "Unable to limit ioctl rights for sandbox");
	-#endif

	return aud;
	}
	Index: usr.sbin/bhyve/bhyverun.c
	===================================================================
	--- usr.sbin/bhyve/bhyverun.c
	+++ usr.sbin/bhyve/bhyverun.c
	@@ -32,9 +32,6 @@
	__FBSDID("$FreeBSD$");

	#include <sys/types.h>
	-#ifndef WITHOUT_CAPSICUM
	-#include <sys/capsicum.h>
	-#endif
	#include <sys/mman.h>
	#include <sys/time.h>

	@@ -43,9 +40,7 @@
	#include <machine/atomic.h>
	#include <machine/segments.h>

	-#ifndef WITHOUT_CAPSICUM
	#include <capsicum_helpers.h>
	-#endif
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	@@ -61,9 +56,7 @@
	#include <stdint.h>

	#include <machine/vmm.h>
	-#ifndef WITHOUT_CAPSICUM
	#include <machine/vmm_dev.h>
	-#endif
	#include <vmmapi.h>

	#include "bhyverun.h"
	@@ -903,11 +896,9 @@
	struct vmctx *ctx;
	int error;
	bool reinit, romboot;
	-#ifndef WITHOUT_CAPSICUM
	cap_rights_t rights;
	const cap_ioctl_t *cmds;
	size_t ncmds;
	-#endif

	reinit = romboot = false;

	@@ -946,7 +937,6 @@
	exit(4);
	}

	-#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_IOCTL, CAP_MMAP_RW);
	if (caph_rights_limit(vm_get_device_fd(ctx), &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	@@ -957,7 +947,6 @@
	if (caph_ioctls_limit(vm_get_device_fd(ctx), cmds, ncmds) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	free((cap_ioctl_t *)cmds);
	-#endif

	if (reinit) {
	error = vm_reinit(ctx);
	@@ -1198,7 +1187,6 @@
	*/
	setproctitle("%s", vmname);

	-#ifndef WITHOUT_CAPSICUM
	caph_cache_catpages();

	if (caph_limit_stdout() == -1 \|\| caph_limit_stderr() == -1)
	@@ -1206,7 +1194,6 @@

	if (caph_enter() == -1)
	errx(EX_OSERR, "cap_enter() failed");
	-#endif

	/*
	* Add CPU 0
	Index: usr.sbin/bhyve/block_if.c
	===================================================================
	--- usr.sbin/bhyve/block_if.c
	+++ usr.sbin/bhyve/block_if.c
	@@ -32,9 +32,6 @@
	__FBSDID("$FreeBSD$");

	#include <sys/param.h>
	-#ifndef WITHOUT_CAPSICUM
	-#include <sys/capsicum.h>
	-#endif
	#include <sys/queue.h>
	#include <sys/errno.h>
	#include <sys/stat.h>
	@@ -42,9 +39,7 @@
	#include <sys/disk.h>

	#include <assert.h>
	-#ifndef WITHOUT_CAPSICUM
	#include <capsicum_helpers.h>
	-#endif
	#include <err.h>
	#include <fcntl.h>
	#include <stdio.h>
	@@ -409,10 +404,8 @@
	off_t size, psectsz, psectoff;
	int extra, fd, i, sectsz;
	int nocache, sync, ro, candelete, geom, ssopt, pssopt;
	-#ifndef WITHOUT_CAPSICUM
	cap_rights_t rights;
	cap_ioctl_t cmds[] = { DIOCGFLUSH, DIOCGDELETE };
	-#endif

	pthread_once(&blockif_once, blockif_init);

	@@ -470,7 +463,6 @@
	goto err;
	}

	-#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_FSYNC, CAP_IOCTL, CAP_READ, CAP_SEEK,
	CAP_WRITE);
	if (ro)
	@@ -478,7 +470,6 @@

	if (caph_rights_limit(fd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	-#endif

	/*
	* Deal with raw devices
	@@ -506,10 +497,8 @@
	} else
	psectsz = sbuf.st_blksize;

	-#ifndef WITHOUT_CAPSICUM
	if (caph_ioctls_limit(fd, cmds, nitems(cmds)) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	-#endif

	if (ssopt != 0) {
	if (!powerof2(ssopt) \|\| !powerof2(pssopt) \|\| ssopt < 512 \|\|
	Index: usr.sbin/bhyve/consport.c
	===================================================================
	--- usr.sbin/bhyve/consport.c
	+++ usr.sbin/bhyve/consport.c
	@@ -32,14 +32,9 @@
	__FBSDID("$FreeBSD$");

	#include <sys/types.h>
	-#ifndef WITHOUT_CAPSICUM
	-#include <sys/capsicum.h>
	-#endif
	#include <sys/select.h>

	-#ifndef WITHOUT_CAPSICUM
	#include <capsicum_helpers.h>
	-#endif
	#include <err.h>
	#include <errno.h>
	#include <stdio.h>
	@@ -115,10 +110,8 @@
	uint32_t eax, void arg)
	{
	static int opened;
	-#ifndef WITHOUT_CAPSICUM
	cap_rights_t rights;
	cap_ioctl_t cmds[] = { TIOCGETA, TIOCSETA, TIOCGWINSZ };
	-#endif

	if (bytes == 2 && in) {
	*eax = BVM_CONS_SIG;
	@@ -138,14 +131,12 @@
	return (-1);

	if (!opened) {
	-#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_EVENT, CAP_IOCTL, CAP_READ,
	CAP_WRITE);
	if (caph_rights_limit(STDIN_FILENO, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	if (caph_ioctls_limit(STDIN_FILENO, cmds, nitems(cmds)) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	-#endif
	ttyopen();
	opened = 1;
	}
	Index: usr.sbin/bhyve/dbgport.c
	===================================================================
	--- usr.sbin/bhyve/dbgport.c
	+++ usr.sbin/bhyve/dbgport.c
	@@ -32,17 +32,12 @@
	__FBSDID("$FreeBSD$");

	#include <sys/types.h>
	-#ifndef WITHOUT_CAPSICUM
	-#include <sys/capsicum.h>
	-#endif
	#include <sys/socket.h>
	#include <netinet/in.h>
	#include <netinet/tcp.h>
	#include <sys/uio.h>

	-#ifndef WITHOUT_CAPSICUM
	#include <capsicum_helpers.h>
	-#endif
	#include <err.h>
	#include <stdio.h>
	#include <stdlib.h>
	@@ -135,9 +130,7 @@
	init_dbgport(int sport)
	{
	int reuse;
	-#ifndef WITHOUT_CAPSICUM
	cap_rights_t rights;
	-#endif

	conn_fd = -1;

	@@ -168,11 +161,9 @@
	exit(4);
	}

	-#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_ACCEPT, CAP_READ, CAP_WRITE);
	if (caph_rights_limit(listen_fd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	-#endif

	register_inout(&dbgport);
	}
	Index: usr.sbin/bhyve/gdb.c
	===================================================================
	--- usr.sbin/bhyve/gdb.c
	+++ usr.sbin/bhyve/gdb.c
	@@ -29,9 +29,6 @@
	__FBSDID("$FreeBSD$");

	#include <sys/param.h>
	-#ifndef WITHOUT_CAPSICUM
	-#include <sys/capsicum.h>
	-#endif
	#include <sys/endian.h>
	#include <sys/ioctl.h>
	#include <sys/mman.h>
	@@ -41,9 +38,7 @@
	#include <machine/vmm.h>
	#include <netinet/in.h>
	#include <assert.h>
	-#ifndef WITHOUT_CAPSICUM
	#include <capsicum_helpers.h>
	-#endif
	#include <err.h>
	#include <errno.h>
	#include <fcntl.h>
	@@ -166,13 +161,11 @@
	logfile = fopen("/tmp/bhyve_gdb.log", "w");
	if (logfile == NULL)
	return;
	-#ifndef WITHOUT_CAPSICUM
	if (caph_limit_stream(fileno(logfile), CAPH_WRITE) == -1) {
	fclose(logfile);
	logfile = NULL;
	return;
	}
	-#endif
	setlinebuf(logfile);
	}
	va_start(ap, fmt);
	@@ -1426,7 +1419,6 @@
	pthread_mutex_unlock(&gdb_lock);
	}

	-#ifndef WITHOUT_CAPSICUM
	void
	limit_gdb_socket(int s)
	{
	@@ -1440,7 +1432,6 @@
	if (caph_ioctls_limit(s, ioctls, nitems(ioctls)) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	}
	-#endif

	void
	init_gdb(struct vmctx *_ctx, int sport, bool wait)
	@@ -1489,8 +1480,6 @@
	if (fcntl(s, F_SETFL, flags \| O_NONBLOCK) == -1)
	err(1, "Failed to mark gdb socket non-blocking");

	-#ifndef WITHOUT_CAPSICUM
	limit_gdb_socket(s);
	-#endif
	mevent_add(s, EVF_READ, new_connection, NULL);
	}
	Index: usr.sbin/bhyve/mevent.c
	===================================================================
	--- usr.sbin/bhyve/mevent.c
	+++ usr.sbin/bhyve/mevent.c
	@@ -37,9 +37,7 @@
	__FBSDID("$FreeBSD$");

	#include <assert.h>
	-#ifndef WITHOUT_CAPSICUM
	#include <capsicum_helpers.h>
	-#endif
	#include <err.h>
	#include <errno.h>
	#include <stdlib.h>
	@@ -49,9 +47,6 @@
	#include <unistd.h>

	#include <sys/types.h>
	-#ifndef WITHOUT_CAPSICUM
	-#include <sys/capsicum.h>
	-#endif
	#include <sys/event.h>
	#include <sys/time.h>

	@@ -411,9 +406,7 @@
	int mfd;
	int numev;
	int ret;
	-#ifndef WITHOUT_CAPSICUM
	cap_rights_t rights;
	-#endif

	mevent_tid = pthread_self();
	mevent_set_name();
	@@ -421,11 +414,9 @@
	mfd = kqueue();
	assert(mfd > 0);

	-#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_KQUEUE);
	if (caph_rights_limit(mfd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	-#endif

	/*
	* Open the pipe that will be used for other threads to force
	@@ -438,13 +429,11 @@
	exit(0);
	}

	-#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_WRITE);
	if (caph_rights_limit(mevent_pipefd[0], &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	if (caph_rights_limit(mevent_pipefd[1], &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	-#endif

	/*
	* Add internal event handler for the pipe write fd
	Index: usr.sbin/bhyve/net_backends.c
	===================================================================
	--- usr.sbin/bhyve/net_backends.c
	+++ usr.sbin/bhyve/net_backends.c
	@@ -38,9 +38,6 @@
	__FBSDID("$FreeBSD$");

	#include <sys/types.h> /* u_short etc */
	-#ifndef WITHOUT_CAPSICUM
	-#include <sys/capsicum.h>
	-#endif
	#include <sys/ioctl.h>
	#include <sys/mman.h>
	#include <sys/uio.h>
	@@ -51,9 +48,7 @@
	#define NETMAP_WITH_LIBS
	#include <net/netmap_user.h>

	-#ifndef WITHOUT_CAPSICUM
	#include <capsicum_helpers.h>
	-#endif
	#include <err.h>
	#include <errno.h>
	#include <fcntl.h>
	@@ -176,9 +171,7 @@
	struct tap_priv priv = (struct tap_priv )be->opaque;
	char tbuf[80];
	int opt = 1;
	-#ifndef WITHOUT_CAPSICUM
	cap_rights_t rights;
	-#endif

	if (cb == NULL) {
	WPRINTF(("TAP backend requires non-NULL callback\n"));
	@@ -203,11 +196,9 @@
	goto error;
	}

	-#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_WRITE);
	if (caph_rights_limit(be->fd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	-#endif

	priv->mevp = mevent_add(be->fd, EVF_READ, cb, param);
	if (priv->mevp == NULL) {
	Index: usr.sbin/bhyve/pci_e82545.c
	===================================================================
	--- usr.sbin/bhyve/pci_e82545.c
	+++ usr.sbin/bhyve/pci_e82545.c
	@@ -33,9 +33,6 @@
	__FBSDID("$FreeBSD$");

	#include <sys/types.h>
	-#ifndef WITHOUT_CAPSICUM
	-#include <sys/capsicum.h>
	-#endif
	#include <sys/limits.h>
	#include <sys/ioctl.h>
	#include <sys/uio.h>
	@@ -43,9 +40,6 @@
	#include <netinet/in.h>
	#include <netinet/tcp.h>

	-#ifndef WITHOUT_CAPSICUM
	-#include <capsicum_helpers.h>
	-#endif
	#include <err.h>
	#include <errno.h>
	#include <fcntl.h>
	Index: usr.sbin/bhyve/pci_passthru.c
	===================================================================
	--- usr.sbin/bhyve/pci_passthru.c
	+++ usr.sbin/bhyve/pci_passthru.c
	@@ -32,9 +32,6 @@
	__FBSDID("$FreeBSD$");

	#include <sys/param.h>
	-#ifndef WITHOUT_CAPSICUM
	-#include <sys/capsicum.h>
	-#endif
	#include <sys/types.h>
	#include <sys/mman.h>
	#include <sys/pciio.h>
	@@ -45,9 +42,7 @@

	#include <machine/iodev.h>

	-#ifndef WITHOUT_CAPSICUM
	#include <capsicum_helpers.h>
	-#endif
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	@@ -652,18 +647,14 @@
	{
	int bus, slot, func, error, memflags;
	struct passthru_softc *sc;
	-#ifndef WITHOUT_CAPSICUM
	cap_rights_t rights;
	cap_ioctl_t pci_ioctls[] = { PCIOCREAD, PCIOCWRITE, PCIOCGETBAR };
	cap_ioctl_t io_ioctls[] = { IODEV_PIO };
	-#endif

	sc = NULL;
	error = 1;

	-#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_IOCTL, CAP_READ, CAP_WRITE);
	-#endif

	memflags = vm_get_memflags(ctx);
	if (!(memflags & VM_MEM_F_WIRED)) {
	@@ -679,12 +670,10 @@
	}
	}

	-#ifndef WITHOUT_CAPSICUM
	if (caph_rights_limit(pcifd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	if (caph_ioctls_limit(pcifd, pci_ioctls, nitems(pci_ioctls)) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	-#endif

	if (iofd < 0) {
	iofd = open(_PATH_DEVIO, O_RDWR, 0);
	@@ -694,12 +683,10 @@
	}
	}

	-#ifndef WITHOUT_CAPSICUM
	if (caph_rights_limit(iofd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	if (caph_ioctls_limit(iofd, io_ioctls, nitems(io_ioctls)) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	-#endif

	if (memfd < 0) {
	memfd = open(_PATH_MEM, O_RDWR, 0);
	@@ -709,12 +696,10 @@
	}
	}

	-#ifndef WITHOUT_CAPSICUM
	cap_rights_clear(&rights, CAP_IOCTL);
	cap_rights_set(&rights, CAP_MMAP_RW);
	if (caph_rights_limit(memfd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	-#endif

	if (opts == NULL \|\|
	sscanf(opts, "%d/%d/%d", &bus, &slot, &func) != 3) {
	Index: usr.sbin/bhyve/pci_virtio_console.c
	===================================================================
	--- usr.sbin/bhyve/pci_virtio_console.c
	+++ usr.sbin/bhyve/pci_virtio_console.c
	@@ -34,18 +34,13 @@
	__FBSDID("$FreeBSD$");

	#include <sys/param.h>
	-#ifndef WITHOUT_CAPSICUM
	-#include <sys/capsicum.h>
	-#endif
	#include <sys/linker_set.h>
	#include <sys/uio.h>
	#include <sys/types.h>
	#include <sys/socket.h>
	#include <sys/un.h>

	-#ifndef WITHOUT_CAPSICUM
	#include <capsicum_helpers.h>
	-#endif
	#include <err.h>
	#include <errno.h>
	#include <fcntl.h>
	@@ -279,9 +274,7 @@
	struct sockaddr_un sun;
	char *pathcopy;
	int s = -1, fd = -1, error = 0;
	-#ifndef WITHOUT_CAPSICUM
	cap_rights_t rights;
	-#endif

	sock = calloc(1, sizeof(struct pci_vtcon_sock));
	if (sock == NULL) {
	@@ -329,11 +322,9 @@
	goto out;
	}

	-#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE);
	if (caph_rights_limit(s, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	-#endif

	sock->vss_port = pci_vtcon_port_add(sc, name, pci_vtcon_sock_tx, sock);
	if (sock->vss_port == NULL) {
	Index: usr.sbin/bhyve/pci_virtio_rnd.c
	===================================================================
	--- usr.sbin/bhyve/pci_virtio_rnd.c
	+++ usr.sbin/bhyve/pci_virtio_rnd.c
	@@ -37,15 +37,10 @@
	__FBSDID("$FreeBSD$");

	#include <sys/param.h>
	-#ifndef WITHOUT_CAPSICUM
	-#include <sys/capsicum.h>
	-#endif
	#include <sys/linker_set.h>
	#include <sys/uio.h>

	-#ifndef WITHOUT_CAPSICUM
	#include <capsicum_helpers.h>
	-#endif
	#include <err.h>
	#include <errno.h>
	#include <fcntl.h>
	@@ -148,9 +143,7 @@
	int fd;
	int len;
	uint8_t v;
	-#ifndef WITHOUT_CAPSICUM
	cap_rights_t rights;
	-#endif

	/*
	* Should always be able to open /dev/random.
	@@ -159,11 +152,9 @@

	assert(fd >= 0);

	-#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_READ);
	if (caph_rights_limit(fd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	-#endif

	/*
	* Check that device is seeded and non-blocking.
	Index: usr.sbin/bhyve/rfb.c
	===================================================================
	--- usr.sbin/bhyve/rfb.c
	+++ usr.sbin/bhyve/rfb.c
	@@ -31,9 +31,6 @@
	__FBSDID("$FreeBSD$");

	#include <sys/param.h>
	-#ifndef WITHOUT_CAPSICUM
	-#include <sys/capsicum.h>
	-#endif
	#include <sys/endian.h>
	#include <sys/socket.h>
	#include <sys/select.h>
	@@ -45,9 +42,7 @@
	#include <netdb.h>

	#include <assert.h>
	-#ifndef WITHOUT_CAPSICUM
	#include <capsicum_helpers.h>
	-#endif
	#include <err.h>
	#include <errno.h>
	#include <pthread.h>
	@@ -972,9 +967,7 @@
	struct addrinfo *ai = NULL;
	struct addrinfo hints;
	int on = 1;
	-#ifndef WITHOUT_CAPSICUM
	cap_rights_t rights;
	-#endif

	rc = calloc(1, sizeof(struct rfb_softc));

	@@ -1025,11 +1018,9 @@
	goto error;
	}

	-#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE);
	if (caph_rights_limit(rc->sfd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	-#endif

	rc->hw_crc = sse42_supported();

	Index: usr.sbin/bhyve/uart_emul.c
	===================================================================
	--- usr.sbin/bhyve/uart_emul.c
	+++ usr.sbin/bhyve/uart_emul.c
	@@ -34,10 +34,7 @@

	#include <sys/types.h>
	#include <dev/ic/ns16550.h>
	-#ifndef WITHOUT_CAPSICUM
	-#include <sys/capsicum.h>
	#include <capsicum_helpers.h>
	-#endif

	#include <stdio.h>
	#include <stdlib.h>
	@@ -638,10 +635,8 @@
	static int
	uart_stdio_backend(struct uart_softc *sc)
	{
	-#ifndef WITHOUT_CAPSICUM
	cap_rights_t rights;
	cap_ioctl_t cmds[] = { TIOCGETA, TIOCSETA, TIOCGWINSZ };
	-#endif

	if (uart_stdio)
	return (-1);
	@@ -655,13 +650,11 @@
	if (fcntl(sc->tty.wfd, F_SETFL, O_NONBLOCK) != 0)
	return (-1);

	-#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_EVENT, CAP_IOCTL, CAP_READ);
	if (caph_rights_limit(sc->tty.rfd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	if (caph_ioctls_limit(sc->tty.rfd, cmds, nitems(cmds)) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	-#endif

	uart_stdio = true;

	@@ -671,10 +664,8 @@
	static int
	uart_tty_backend(struct uart_softc sc, const char opts)
	{
	-#ifndef WITHOUT_CAPSICUM
	cap_rights_t rights;
	cap_ioctl_t cmds[] = { TIOCGETA, TIOCSETA, TIOCGWINSZ };
	-#endif
	int fd;

	fd = open(opts, O_RDWR \| O_NONBLOCK);
	@@ -689,13 +680,11 @@
	sc->tty.rfd = sc->tty.wfd = fd;
	sc->tty.opened = true;

	-#ifndef WITHOUT_CAPSICUM
	cap_rights_init(&rights, CAP_EVENT, CAP_IOCTL, CAP_READ, CAP_WRITE);
	if (caph_rights_limit(fd, &rights) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	if (caph_ioctls_limit(fd, cmds, nitems(cmds)) == -1)
	errx(EX_OSERR, "Unable to apply rights for sandbox");
	-#endif

	return (0);
	}

File Metadata

Mime Type: text/plain
Expires: Fri, May 22, 11:45 AM (10 h, 35 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 28758937
Default Alt Text: D21053.1779450323.diff (17 KB)

D21053.1779450323.diffNo OneTemporaryActions

D21053.1779450323.diffView Options

File Metadata

Event Timeline

D21053.1779450323.diff
No OneTemporary
Actions

D21053.1779450323.diff
View Options