Author: hselasky
Date: Mon Sep 17 11:24:16 2018
New Revision: 338709
URL: https://svnweb.freebsd.org/changeset/base/338709
Log:
MFC r338613:
Fix for backends which doesn't support capsicum.
Not all libpcap backends use the BPF compatible set
of IOCTLs. For example the mlx5 backend uses libibverbs
which is currently not capsicum compatible.
Disable sandboxing for such backends.
Discussed with: emaste@
Sponsored by: Mellanox Technologies
Modified:
stable/11/contrib/tcpdump/tcpdump.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/contrib/tcpdump/tcpdump.c
==============================================================================
--- stable/11/contrib/tcpdump/tcpdump.c Mon Sep 17 10:10:14 2018
(r338708)
+++ stable/11/contrib/tcpdump/tcpdump.c Mon Sep 17 11:24:16 2018
(r338709)
@@ -2069,6 +2069,9 @@ main(int argc, char **argv)
#else
cansandbox = (cansandbox && ndo->ndo_nflag);
#endif /* HAVE_CASPER */
+ cansandbox = (cansandbox && (pcap_fileno(pd) != -1 ||
+ RFileName != NULL));
+
if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
error("unable to enter the capability mode");
#endif /* HAVE_CAPSICUM */
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
