upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 08:43:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix installations that use kernels without CAPABILITIES support.

Browse source 
Approved by:	des
This commit is contained in:
Pawel Jakub Dawidek 2014-02-04 21:48:09 +00:00
parent 49133c6d52
commit d62289d013
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
crypto/openssh/sandbox-capsicum.c
View file

@ -94,10 +94,12 @@ ssh_sandbox_child(struct ssh_sandbox *box)
fatal("can't limit stderr: %m");
cap_rights_init(&rights, CAP_READ, CAP_WRITE);
if (cap_rights_limit(box->monitor->m_recvfd, &rights) == -1)
if (cap_rights_limit(box->monitor->m_recvfd, &rights) == -1 &&
errno != ENOSYS)
fatal("%s: failed to limit the network socket", __func__);
cap_rights_init(&rights, CAP_WRITE);
if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) == -1)
if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) == -1 &&
errno != ENOSYS)
fatal("%s: failed to limit the logging socket", __func__);
if (cap_enter() < 0 && errno != ENOSYS)
fatal("%s: failed to enter capability mode", __func__);