We need CAP_MMAP_RW on memfd, since init_msix_table() may call mmap().

svn path=/head/; revision=317483
2017-04-27 05:48:52 +00:00 · 2017-04-27 05:48:52 +00:00 · 007e172d64 · 2020-12-20 02:59:44 +00:00
commit 007e172d64
parent ad81354ceb
1 changed files with 1 additions and 0 deletions
--- a/usr.sbin/bhyve/pci_passthru.c
+++ b/usr.sbin/bhyve/pci_passthru.c
@ -703,6 +703,7 @@ passthru_init(struct vmctx *ctx, struct pci_devinst *pi, char *opts)

 #ifndef WITHOUT_CAPSICUM
 	cap_rights_clear(&rights, CAP_IOCTL);
+	cap_rights_set(&rights, CAP_MMAP_RW);
 	if (cap_rights_limit(memfd, &rights) == -1 && errno != ENOSYS)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
 #endif