Based on discussions with pjd@, it's better to change the dhclient
to use CAP_EVENT instead of CAP_EVENT_POLL as the latter has been
deprecated.

--- bpf.c.orig	2014-01-02 21:37:12.000000000 +0400
+++ bpf.c	2014-01-02 21:37:38.000000000 +0400
@@ -269,7 +269,7 @@ if_register_receive(struct interface_inf
 	if (ioctl(info->rfdesc, BIOCLOCK, NULL) < 0)
 		error("Cannot lock bpf");
 
-	cap_rights_init(&rights, CAP_IOCTL, CAP_POLL_EVENT, CAP_READ);
+	cap_rights_init(&rights, CAP_IOCTL, CAP_EVENT, CAP_READ);
 	if (cap_rights_limit(info->rfdesc, &rights) < 0 && errno != ENOSYS)
 		error("Can't limit bpf descriptor: %m");
 	if (cap_ioctls_limit(info->rfdesc, cmds, 2) < 0 && errno != ENOSYS)

Comment 2 dfilter service 2014-02-06 21:36:23 UTC

Author: brueffer
Date: Thu Feb  6 21:36:14 2014
New Revision: 261566
URL: http://svnweb.freebsd.org/changeset/base/261566

Log:
  Use CAP_EVENT instead of the deprecated CAP_POLL_EVENT.
  
  PR:		185382 (based on)
  Submitted by:	Loganaden Velvindron
  Reviewed by:	pjd
  MFC after:	1 week

Modified:
  head/sbin/dhclient/bpf.c
  head/sbin/dhclient/dhclient.c
  head/tools/regression/security/cap_test/cap_test_capabilities.c

Modified: head/sbin/dhclient/bpf.c
==============================================================================
--- head/sbin/dhclient/bpf.c	Thu Feb  6 20:35:33 2014	(r261565)
+++ head/sbin/dhclient/bpf.c	Thu Feb  6 21:36:14 2014	(r261566)
@@ -269,7 +269,7 @@ if_register_receive(struct interface_inf
 	if (ioctl(info->rfdesc, BIOCLOCK, NULL) < 0)
 		error("Cannot lock bpf");
 
-	cap_rights_init(&rights, CAP_IOCTL, CAP_POLL_EVENT, CAP_READ);
+	cap_rights_init(&rights, CAP_IOCTL, CAP_EVENT, CAP_READ);
 	if (cap_rights_limit(info->rfdesc, &rights) < 0 && errno != ENOSYS)
 		error("Can't limit bpf descriptor: %m");
 	if (cap_ioctls_limit(info->rfdesc, cmds, 2) < 0 && errno != ENOSYS)

Modified: head/sbin/dhclient/dhclient.c
==============================================================================
--- head/sbin/dhclient/dhclient.c	Thu Feb  6 20:35:33 2014	(r261565)
+++ head/sbin/dhclient/dhclient.c	Thu Feb  6 21:36:14 2014	(r261566)
@@ -494,7 +494,7 @@ main(int argc, char *argv[])
 		add_protocol("AF_ROUTE", routefd, routehandler, ifi);
 	if (shutdown(routefd, SHUT_WR) < 0)
 		error("can't shutdown route socket: %m");
-	cap_rights_init(&rights, CAP_POLL_EVENT, CAP_READ);
+	cap_rights_init(&rights, CAP_EVENT, CAP_READ);
 	if (cap_rights_limit(routefd, &rights) < 0 && errno != ENOSYS)
 		error("can't limit route socket: %m");
 

Modified: head/tools/regression/security/cap_test/cap_test_capabilities.c
==============================================================================
--- head/tools/regression/security/cap_test/cap_test_capabilities.c	Thu Feb  6 20:35:33 2014	(r261565)
+++ head/tools/regression/security/cap_test/cap_test_capabilities.c	Thu Feb  6 21:36:14 2014	(r261566)
@@ -396,7 +396,7 @@ try_file_ops(int filefd, int dirfd, cap_
 	pollfd.revents = 0;
 
 	ret = poll(&pollfd, 1, 0);
-	if (rights & CAP_POLL_EVENT)
+	if (rights & CAP_EVENT)
 		CHECK((pollfd.revents & POLLNVAL) == 0);
 	else
 		CHECK((pollfd.revents & POLLNVAL) != 0);
@@ -546,7 +546,7 @@ test_capabilities(void)
 	TRY(CAP_SEM_POST);
 	TRY(CAP_SEM_WAIT);
 	TRY(CAP_POST_EVENT);
-	TRY(CAP_POLL_EVENT);
+	TRY(CAP_EVENT);
 	TRY(CAP_IOCTL);
 	TRY(CAP_TTYHOOK);
 	TRY(CAP_PDGETPID);
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"

Comment 3 Christian Brueffer 2014-02-06 21:37:25 UTC

State Changed
From-To: open->patched

I committed a little bigger patch that moves all instances of CAP_POLL_EVENT 
to CAP_EVENT, will merge to 10-STABLE soon.  Thanks for the report and prodding! 

Comment 4 Christian Brueffer 2014-02-06 21:37:25 UTC

Responsible Changed
From-To: freebsd-doc->brueffer

MFC reminder.

Comment 5 dfilter service 2014-02-13 09:24:54 UTC

Author: brueffer
Date: Thu Feb 13 09:24:46 2014
New Revision: 261828
URL: http://svnweb.freebsd.org/changeset/base/261828

Log:
  MFC: r261566
  
  Use CAP_EVENT instead of the deprecated CAP_POLL_EVENT.
  
  PR:		185382 (based on)
  Submitted by:	Loganaden Velvindron
  Reviewed by:	pjd

Modified:
  stable/10/sbin/dhclient/bpf.c
  stable/10/sbin/dhclient/dhclient.c
  stable/10/tools/regression/security/cap_test/cap_test_capabilities.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sbin/dhclient/bpf.c
==============================================================================
--- stable/10/sbin/dhclient/bpf.c	Thu Feb 13 09:09:14 2014	(r261827)
+++ stable/10/sbin/dhclient/bpf.c	Thu Feb 13 09:24:46 2014	(r261828)
@@ -269,7 +269,7 @@ if_register_receive(struct interface_inf
 	if (ioctl(info->rfdesc, BIOCLOCK, NULL) < 0)
 		error("Cannot lock bpf");
 
-	cap_rights_init(&rights, CAP_IOCTL, CAP_POLL_EVENT, CAP_READ);
+	cap_rights_init(&rights, CAP_IOCTL, CAP_EVENT, CAP_READ);
 	if (cap_rights_limit(info->rfdesc, &rights) < 0 && errno != ENOSYS)
 		error("Can't limit bpf descriptor: %m");
 	if (cap_ioctls_limit(info->rfdesc, cmds, 2) < 0 && errno != ENOSYS)

Modified: stable/10/sbin/dhclient/dhclient.c
==============================================================================
--- stable/10/sbin/dhclient/dhclient.c	Thu Feb 13 09:09:14 2014	(r261827)
+++ stable/10/sbin/dhclient/dhclient.c	Thu Feb 13 09:24:46 2014	(r261828)
@@ -494,7 +494,7 @@ main(int argc, char *argv[])
 		add_protocol("AF_ROUTE", routefd, routehandler, ifi);
 	if (shutdown(routefd, SHUT_WR) < 0)
 		error("can't shutdown route socket: %m");
-	cap_rights_init(&rights, CAP_POLL_EVENT, CAP_READ);
+	cap_rights_init(&rights, CAP_EVENT, CAP_READ);
 	if (cap_rights_limit(routefd, &rights) < 0 && errno != ENOSYS)
 		error("can't limit route socket: %m");
 

Modified: stable/10/tools/regression/security/cap_test/cap_test_capabilities.c
==============================================================================
--- stable/10/tools/regression/security/cap_test/cap_test_capabilities.c	Thu Feb 13 09:09:14 2014	(r261827)
+++ stable/10/tools/regression/security/cap_test/cap_test_capabilities.c	Thu Feb 13 09:24:46 2014	(r261828)
@@ -396,7 +396,7 @@ try_file_ops(int filefd, int dirfd, cap_
 	pollfd.revents = 0;
 
 	ret = poll(&pollfd, 1, 0);
-	if (rights & CAP_POLL_EVENT)
+	if (rights & CAP_EVENT)
 		CHECK((pollfd.revents & POLLNVAL) == 0);
 	else
 		CHECK((pollfd.revents & POLLNVAL) != 0);
@@ -546,7 +546,7 @@ test_capabilities(void)
 	TRY(CAP_SEM_POST);
 	TRY(CAP_SEM_WAIT);
 	TRY(CAP_POST_EVENT);
-	TRY(CAP_POLL_EVENT);
+	TRY(CAP_EVENT);
 	TRY(CAP_IOCTL);
 	TRY(CAP_TTYHOOK);
 	TRY(CAP_PDGETPID);
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"

Comment 6 Christian Brueffer 2014-02-13 09:25:13 UTC

State Changed
From-To: patched->closed

Merge to 10-STABLE done.  Thanks!