d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add CAP_FCNTL to the lease file capsicum rights, and limit to

Browse Source 
CAP_FCNTL_GETFL.  Without CAP_FCNTL_GETFL, the lease file truncation
in rewrite_client_leases() will fail to trim old data when rewriting
the file with a lesser amount of data.

Reviewed by: pjd, rwatson
Approved by: jmallett (mentor)
MFC after: 1 week
This commit is contained in:
Patrick Kelsey 2015-05-28 05:38:07 +00:00
parent c803f24b28
commit 19342eee9d
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sbin/dhclient/dhclient.c
View File

@ -1845,12 +1845,16 @@ rewrite_client_leases(void)
leaseFile = fopen(path_dhclient_db, "w"); leaseFile = fopen(path_dhclient_db, "w");
if (!leaseFile) if (!leaseFile)
error("can't create %s: %m", path_dhclient_db); error("can't create %s: %m", path_dhclient_db);
cap_rights_init(&rights, CAP_FSTAT, CAP_FSYNC, CAP_FTRUNCATE, cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_FSYNC,
CAP_SEEK, CAP_WRITE); CAP_FTRUNCATE, CAP_SEEK, CAP_WRITE);
if (cap_rights_limit(fileno(leaseFile), &rights) < 0 && if (cap_rights_limit(fileno(leaseFile), &rights) < 0 &&
errno != ENOSYS) { errno != ENOSYS) {
error("can't limit lease descriptor: %m"); error("can't limit lease descriptor: %m");
} }
if (cap_fcntls_limit(fileno(leaseFile), CAP_FCNTL_GETFL) < 0 &&
errno != ENOSYS) {
error("can't limit lease descriptor fcntls: %m");
}
} else { } else {
fflush(leaseFile); fflush(leaseFile);
rewind(leaseFile); rewind(leaseFile);