PERFORCE change 163830 for review
Robert Watson
rwatson at FreeBSD.org
Mon Jun 8 20:44:52 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=163830
Change 163830 by rwatson at rwatson_freebsd_capabilities on 2009/06/08 20:44:45
Supplement existing privilege separation in dhclient using
capability mode.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/sbin/dhclient/dhclient.c#4 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/sbin/dhclient/dhclient.c#4 (text+ko) ====
@@ -61,6 +61,8 @@
#include <net80211/ieee80211_freebsd.h>
+#include <sys/capability.h>
+
#ifndef _PATH_VAREMPTY
#define _PATH_VAREMPTY "/var/empty"
#endif
@@ -438,6 +440,9 @@
if (immediate_daemon)
go_daemon();
+ if (cap_enter() != 0 && errno != ENOSYS)
+ error("cap_enter");
+
ifi->client->state = S_INIT;
state_reboot(ifi);
More information about the p4-projects
mailing list