tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by 

headers/libc but not supported by the kernel. Patch from Loganaden
   Velvindron @ AfriNIC
This commit is contained in:
Damien Miller 2014-02-05 10:33:45 +11:00
parent 9c449bc183
commit a0959da368
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -1,3 +1,8 @@
20140205
- (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by
headers/libc but not supported by the kernel. Patch from Loganaden
Velvindron @ AfriNIC
20140204
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2014/01/27 18:58:14

6
sandbox-capsicum.c
View File

@ -94,10 +94,12 @@ ssh_sandbox_child(struct ssh_sandbox *box)
fatal("can't limit stderr: %m");
cap_rights_init(&rights, CAP_READ, CAP_WRITE);
if (cap_rights_limit(box->monitor->m_recvfd, &rights) == -1)
if (cap_rights_limit(box->monitor->m_recvfd, &rights) < 0 &&
errno != ENOSYS)
fatal("%s: failed to limit the network socket", __func__);
cap_rights_init(&rights, CAP_WRITE);
if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) == -1)
if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) < 0 &&
errno != ENOSYS)
fatal("%s: failed to limit the logging socket", __func__);
if (cap_enter() < 0 && errno != ENOSYS)
fatal("%s: failed to enter capability mode", __func__);