iscsi: simplify the capsicumization
Approved by: trasz Differential Revision: https://reviews.freebsd.org/D17962
This commit is contained in:
oshogbo
parent
60bf522bf6
commit
b1a82c58d4
@ -52,6 +52,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/stat.h>
|
||||
#include <assert.h>
|
||||
#include <bsdxml.h>
|
||||
#include <capsicum_helpers.h>
|
||||
#include <ctype.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
@ -1313,22 +1314,17 @@ kernel_receive(struct pdu *pdu)
|
||||
void
|
||||
kernel_capsicate(void)
|
||||
{
|
||||
int error;
|
||||
cap_rights_t rights;
|
||||
const unsigned long cmds[] = { CTL_ISCSI };
|
||||
|
||||
cap_rights_init(&rights, CAP_IOCTL);
|
||||
error = cap_rights_limit(ctl_fd, &rights);
|
||||
if (error != 0 && errno != ENOSYS)
|
||||
if (caph_rights_limit(ctl_fd, &rights) < 0)
|
||||
log_err(1, "cap_rights_limit");
|
||||
|
||||
error = cap_ioctls_limit(ctl_fd, cmds, nitems(cmds));
|
||||
|
||||
if (error != 0 && errno != ENOSYS)
|
||||
if (caph_ioctls_limit(ctl_fd, cmds, nitems(cmds)) < 0)
|
||||
log_err(1, "cap_ioctls_limit");
|
||||
|
||||
error = cap_enter();
|
||||
if (error != 0 && errno != ENOSYS)
|
||||
if (caph_enter() < 0)
|
||||
log_err(1, "cap_enter");
|
||||
|
||||
if (cap_sandboxed())
|
||||
|
||||
@ -42,6 +42,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/capsicum.h>
|
||||
#include <sys/wait.h>
|
||||
#include <assert.h>
|
||||
#include <capsicum_helpers.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <libutil.h>
|
||||
@ -349,7 +350,6 @@ fail(const struct connection *conn, const char *reason)
|
||||
static void
|
||||
capsicate(struct connection *conn)
|
||||
{
|
||||
int error;
|
||||
cap_rights_t rights;
|
||||
#ifdef ICL_KERNEL_PROXY
|
||||
const unsigned long cmds[] = { ISCSIDCONNECT, ISCSIDSEND, ISCSIDRECEIVE,
|
||||
@ -360,17 +360,13 @@ capsicate(struct connection *conn)
|
||||
#endif
|
||||
|
||||
cap_rights_init(&rights, CAP_IOCTL);
|
||||
error = cap_rights_limit(conn->conn_iscsi_fd, &rights);
|
||||
if (error != 0 && errno != ENOSYS)
|
||||
if (caph_rights_limit(conn->conn_iscsi_fd, &rights) < 0)
|
||||
log_err(1, "cap_rights_limit");
|
||||
|
||||
error = cap_ioctls_limit(conn->conn_iscsi_fd, cmds, nitems(cmds));
|
||||
|
||||
if (error != 0 && errno != ENOSYS)
|
||||
if (caph_ioctls_limit(conn->conn_iscsi_fd, cmds, nitems(cmds)) < 0)
|
||||
log_err(1, "cap_ioctls_limit");
|
||||
|
||||
error = cap_enter();
|
||||
if (error != 0 && errno != ENOSYS)
|
||||
if (caph_enter() != 0)
|
||||
log_err(1, "cap_enter");
|
||||
|
||||
if (cap_sandboxed())
|
||||
|
||||
Loading…
Reference in New Issue
Block a user