From ae3d7e27abc98d7325d506a55af6a3ea2e028738 Mon Sep 17 00:00:00 2001
From: Ed Maste <emaste@FreeBSD.org>
Date: Thu, 3 Oct 2024 07:54:44 -0400
Subject: [PATCH] sctp: propagate cap rights on sctp_peeloff

PR:		201052
Reviewed by:	oshogbo, tuexen
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46884

(cherry picked from commit 91a9e4e01dab7a740b8e3b7c39c59a537e71e5d2)
---
 sys/netinet/sctp_syscalls.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/sys/netinet/sctp_syscalls.c b/sys/netinet/sctp_syscalls.c
index d67e260b6f9..9d85576e259 100644
--- a/sys/netinet/sctp_syscalls.c
+++ b/sys/netinet/sctp_syscalls.c
@@ -141,13 +141,14 @@ sys_sctp_peeloff(struct thread *td, struct sctp_peeloff_args *uap)
 {
 	struct file *headfp, *nfp = NULL;
 	struct socket *head, *so;
+	struct filecaps fcaps;
 	cap_rights_t rights;
 	u_int fflag;
 	int error, fd;
 
 	AUDIT_ARG_FD(uap->sd);
-	error = getsock(td, uap->sd, cap_rights_init_one(&rights, CAP_PEELOFF),
-	    &headfp);
+	error = getsock_cap(td, uap->sd,
+	    cap_rights_init_one(&rights, CAP_PEELOFF), &headfp, &fcaps);
 	if (error != 0)
 		goto done2;
 	fflag = atomic_load_int(&headfp->f_flag);
@@ -165,7 +166,7 @@ sys_sctp_peeloff(struct thread *td, struct sctp_peeloff_args *uap)
 	 * but that is ok.
 	 */
 
-	error = falloc(td, &nfp, &fd, 0);
+	error = falloc_caps(td, &nfp, &fd, 0, &fcaps);
 	if (error != 0)
 		goto done;
 	td->td_retval[0] = fd;