Fix for backends which doesn't support capsicum.

Not all libpcap backends use the BPF compatible set of IOCTLs. For example the mlx5 backend uses libibverbs which is currently not capsicum compatible. Disable sandboxing for such backends. MFC after: 3 days Discussed with: emaste@ Approved by: re (kib) Sponsored by: Mellanox Technologies
svn path=/head/; revision=338613
2018-09-12 10:09:59 +00:00 · 2018-09-12 10:09:59 +00:00 · e6895e8049 · 2020-12-20 02:59:44 +00:00
commit e6895e8049
parent bd528a398e
1 changed files with 3 additions and 0 deletions
--- a/contrib/tcpdump/tcpdump.c
+++ b/contrib/tcpdump/tcpdump.c
@ -2069,6 +2069,9 @@ main(int argc, char **argv)
 #else
 	cansandbox = (cansandbox && ndo->ndo_nflag);
 #endif	/* HAVE_CASPER */
+	cansandbox = (cansandbox && (pcap_fileno(pd) != -1 ||
+	    RFileName != NULL));
+
 	if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
 		error("unable to enter the capability mode");
 #endif	/* HAVE_CAPSICUM */