mirror of
https://github.com/opnsense/src.git
synced 2026-06-09 00:32:25 -04:00
We need CAP_MMAP_RW on memfd, since init_msix_table() may call mmap().
This commit is contained in:
Gleb Smirnoff
parent
ad81354ceb
commit
007e172d64
1 changed files with 1 additions and 0 deletions
|
|
@ -703,6 +703,7 @@ passthru_init(struct vmctx *ctx, struct pci_devinst *pi, char *opts)
|
|||
|
||||
#ifndef WITHOUT_CAPSICUM
|
||||
cap_rights_clear(&rights, CAP_IOCTL);
|
||||
cap_rights_set(&rights, CAP_MMAP_RW);
|
||||
if (cap_rights_limit(memfd, &rights) == -1 && errno != ENOSYS)
|
||||
errx(EX_OSERR, "Unable to apply rights for sandbox");
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Reference in a new issue