svn commit: r341348 - in head/usr.sbin: ctld iscsid

[Mariusz Zaborski]

Author: oshogbo
Date: Fri Nov 30 19:40:16 2018
New Revision: 341348
URL: https://svnweb.freebsd.org/changeset/base/341348

Log:
  iscsi: simplify the capsicumization
  
  Approved by:	trasz
  Differential Revision:	https://reviews.freebsd.org/D17962

Modified:
  head/usr.sbin/ctld/kernel.c
  head/usr.sbin/iscsid/iscsid.c

Modified: head/usr.sbin/ctld/kernel.c
==============================================================================
--- head/usr.sbin/ctld/kernel.c	Fri Nov 30 19:27:14 2018	(r341347)
+++ head/usr.sbin/ctld/kernel.c	Fri Nov 30 19:40:16 2018	(r341348)
@@ -52,6 +52,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/stat.h>
 #include <assert.h>
 #include <bsdxml.h>
+#include <capsicum_helpers.h>
 #include <ctype.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -1313,22 +1314,17 @@ kernel_receive(struct pdu *pdu)
 void
 kernel_capsicate(void)
 {
-	int error;
 	cap_rights_t rights;
 	const unsigned long cmds[] = { CTL_ISCSI };
 
 	cap_rights_init(&rights, CAP_IOCTL);
-	error = cap_rights_limit(ctl_fd, &rights);
-	if (error != 0 && errno != ENOSYS)
+	if (caph_rights_limit(ctl_fd, &rights) < 0)
 		log_err(1, "cap_rights_limit");
 
-	error = cap_ioctls_limit(ctl_fd, cmds, nitems(cmds));
-
-	if (error != 0 && errno != ENOSYS)
+	if (caph_ioctls_limit(ctl_fd, cmds, nitems(cmds)) < 0)
 		log_err(1, "cap_ioctls_limit");
 
-	error = cap_enter();
-	if (error != 0 && errno != ENOSYS)
+	if (caph_enter() < 0)
 		log_err(1, "cap_enter");
 
 	if (cap_sandboxed())

Modified: head/usr.sbin/iscsid/iscsid.c
==============================================================================
--- head/usr.sbin/iscsid/iscsid.c	Fri Nov 30 19:27:14 2018	(r341347)
+++ head/usr.sbin/iscsid/iscsid.c	Fri Nov 30 19:40:16 2018	(r341348)
@@ -42,6 +42,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/capsicum.h>
 #include <sys/wait.h>
 #include <assert.h>
+#include <capsicum_helpers.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <libutil.h>
@@ -349,7 +350,6 @@ fail(const struct connection *conn, const char *reason
 static void
 capsicate(struct connection *conn)
 {
-	int error;
 	cap_rights_t rights;
 #ifdef ICL_KERNEL_PROXY
 	const unsigned long cmds[] = { ISCSIDCONNECT, ISCSIDSEND, ISCSIDRECEIVE,
@@ -360,17 +360,13 @@ capsicate(struct connection *conn)
 #endif
 
 	cap_rights_init(&rights, CAP_IOCTL);
-	error = cap_rights_limit(conn->conn_iscsi_fd, &rights);
-	if (error != 0 && errno != ENOSYS)
+	if (caph_rights_limit(conn->conn_iscsi_fd, &rights) < 0)
 		log_err(1, "cap_rights_limit");
 
-	error = cap_ioctls_limit(conn->conn_iscsi_fd, cmds, nitems(cmds));
-
-	if (error != 0 && errno != ENOSYS)
+	if (caph_ioctls_limit(conn->conn_iscsi_fd, cmds, nitems(cmds)) < 0)
 		log_err(1, "cap_ioctls_limit");
 
-	error = cap_enter();
-	if (error != 0 && errno != ENOSYS)
+	if (caph_enter() != 0)
 		log_err(1, "cap_enter");
 
 	if (cap_sandboxed())