Fix for backends which doesn't support capsicum.

Not all libpcap backends use the BPF compatible set
of IOCTLs. For example the mlx5 backend uses libibverbs
which is currently not capsicum compatible.

Disable sandboxing for such backends.

MFC after:		3 days
Discussed with:		emaste@
Approved by:		re (kib)
Sponsored by:		Mellanox Technologies
This commit is contained in:
hselasky 2018-09-12 10:09:59 +00:00
parent fb9b6e89c2
commit ae781c99bf

View File

@ -2069,6 +2069,9 @@ main(int argc, char **argv)
#else
cansandbox = (cansandbox && ndo->ndo_nflag);
#endif /* HAVE_CASPER */
cansandbox = (cansandbox && (pcap_fileno(pd) != -1 ||
RFileName != NULL));
if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
error("unable to enter the capability mode");
#endif /* HAVE_CAPSICUM */