Make sure CAP_BINDAT and CAP_CONNECTAT are part of CAP_ALL0.

This makes sure that file descriptors of opened directories will actually get these capabilities. Without this change, bindat() and connectat() don't seem to work for me. MFC after: 2 weeks Reviewed by: rwatson, pjd
2015-01-14 13:03:03 +00:00 · 2015-01-14 13:03:03 +00:00 · c24341d2e3
commit c24341d2e3
parent d95b3509e1
1 changed files with 2 additions and 2 deletions
--- a/sys/sys/capsicum.h
+++ b/sys/sys/capsicum.h
@ -206,10 +206,10 @@
 	 CAP_SETSOCKOPT | CAP_SHUTDOWN)

 /* All used bits for index 0. */
-#define	CAP_ALL0		CAPRIGHT(0, 0x0000007FFFFFFFFFULL)
+#define	CAP_ALL0		CAPRIGHT(0, 0x000001FFFFFFFFFFULL)

 /* Available bits for index 0. */
-#define	CAP_UNUSED0_40		CAPRIGHT(0, 0x0000008000000000ULL)
+#define	CAP_UNUSED0_42		CAPRIGHT(0, 0x0000020000000000ULL)
 /* ... */
 #define	CAP_UNUSED0_57		CAPRIGHT(0, 0x0100000000000000ULL)