CAP_EVENT_POLL is missing in rights(4). Further examination shows that it's an alias to CAP_EVENT How-To-Repeat: man 4 rights
Based on discussions with pjd@, it's better to change the dhclient to use CAP_EVENT instead of CAP_EVENT_POLL as the latter has been deprecated. --- bpf.c.orig 2014-01-02 21:37:12.000000000 +0400 +++ bpf.c 2014-01-02 21:37:38.000000000 +0400 @@ -269,7 +269,7 @@ if_register_receive(struct interface_inf if (ioctl(info->rfdesc, BIOCLOCK, NULL) < 0) error("Cannot lock bpf"); - cap_rights_init(&rights, CAP_IOCTL, CAP_POLL_EVENT, CAP_READ); + cap_rights_init(&rights, CAP_IOCTL, CAP_EVENT, CAP_READ); if (cap_rights_limit(info->rfdesc, &rights) < 0 && errno != ENOSYS) error("Can't limit bpf descriptor: %m"); if (cap_ioctls_limit(info->rfdesc, cmds, 2) < 0 && errno != ENOSYS)
Author: brueffer Date: Thu Feb 6 21:36:14 2014 New Revision: 261566 URL: http://svnweb.freebsd.org/changeset/base/261566 Log: Use CAP_EVENT instead of the deprecated CAP_POLL_EVENT. PR: 185382 (based on) Submitted by: Loganaden Velvindron Reviewed by: pjd MFC after: 1 week Modified: head/sbin/dhclient/bpf.c head/sbin/dhclient/dhclient.c head/tools/regression/security/cap_test/cap_test_capabilities.c Modified: head/sbin/dhclient/bpf.c ============================================================================== --- head/sbin/dhclient/bpf.c Thu Feb 6 20:35:33 2014 (r261565) +++ head/sbin/dhclient/bpf.c Thu Feb 6 21:36:14 2014 (r261566) @@ -269,7 +269,7 @@ if_register_receive(struct interface_inf if (ioctl(info->rfdesc, BIOCLOCK, NULL) < 0) error("Cannot lock bpf"); - cap_rights_init(&rights, CAP_IOCTL, CAP_POLL_EVENT, CAP_READ); + cap_rights_init(&rights, CAP_IOCTL, CAP_EVENT, CAP_READ); if (cap_rights_limit(info->rfdesc, &rights) < 0 && errno != ENOSYS) error("Can't limit bpf descriptor: %m"); if (cap_ioctls_limit(info->rfdesc, cmds, 2) < 0 && errno != ENOSYS) Modified: head/sbin/dhclient/dhclient.c ============================================================================== --- head/sbin/dhclient/dhclient.c Thu Feb 6 20:35:33 2014 (r261565) +++ head/sbin/dhclient/dhclient.c Thu Feb 6 21:36:14 2014 (r261566) @@ -494,7 +494,7 @@ main(int argc, char *argv[]) add_protocol("AF_ROUTE", routefd, routehandler, ifi); if (shutdown(routefd, SHUT_WR) < 0) error("can't shutdown route socket: %m"); - cap_rights_init(&rights, CAP_POLL_EVENT, CAP_READ); + cap_rights_init(&rights, CAP_EVENT, CAP_READ); if (cap_rights_limit(routefd, &rights) < 0 && errno != ENOSYS) error("can't limit route socket: %m"); Modified: head/tools/regression/security/cap_test/cap_test_capabilities.c ============================================================================== --- head/tools/regression/security/cap_test/cap_test_capabilities.c Thu Feb 6 20:35:33 2014 (r261565) +++ head/tools/regression/security/cap_test/cap_test_capabilities.c Thu Feb 6 21:36:14 2014 (r261566) @@ -396,7 +396,7 @@ try_file_ops(int filefd, int dirfd, cap_ pollfd.revents = 0; ret = poll(&pollfd, 1, 0); - if (rights & CAP_POLL_EVENT) + if (rights & CAP_EVENT) CHECK((pollfd.revents & POLLNVAL) == 0); else CHECK((pollfd.revents & POLLNVAL) != 0); @@ -546,7 +546,7 @@ test_capabilities(void) TRY(CAP_SEM_POST); TRY(CAP_SEM_WAIT); TRY(CAP_POST_EVENT); - TRY(CAP_POLL_EVENT); + TRY(CAP_EVENT); TRY(CAP_IOCTL); TRY(CAP_TTYHOOK); TRY(CAP_PDGETPID); _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
State Changed From-To: open->patched I committed a little bigger patch that moves all instances of CAP_POLL_EVENT to CAP_EVENT, will merge to 10-STABLE soon. Thanks for the report and prodding!
Responsible Changed From-To: freebsd-doc->brueffer MFC reminder.
Author: brueffer Date: Thu Feb 13 09:24:46 2014 New Revision: 261828 URL: http://svnweb.freebsd.org/changeset/base/261828 Log: MFC: r261566 Use CAP_EVENT instead of the deprecated CAP_POLL_EVENT. PR: 185382 (based on) Submitted by: Loganaden Velvindron Reviewed by: pjd Modified: stable/10/sbin/dhclient/bpf.c stable/10/sbin/dhclient/dhclient.c stable/10/tools/regression/security/cap_test/cap_test_capabilities.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sbin/dhclient/bpf.c ============================================================================== --- stable/10/sbin/dhclient/bpf.c Thu Feb 13 09:09:14 2014 (r261827) +++ stable/10/sbin/dhclient/bpf.c Thu Feb 13 09:24:46 2014 (r261828) @@ -269,7 +269,7 @@ if_register_receive(struct interface_inf if (ioctl(info->rfdesc, BIOCLOCK, NULL) < 0) error("Cannot lock bpf"); - cap_rights_init(&rights, CAP_IOCTL, CAP_POLL_EVENT, CAP_READ); + cap_rights_init(&rights, CAP_IOCTL, CAP_EVENT, CAP_READ); if (cap_rights_limit(info->rfdesc, &rights) < 0 && errno != ENOSYS) error("Can't limit bpf descriptor: %m"); if (cap_ioctls_limit(info->rfdesc, cmds, 2) < 0 && errno != ENOSYS) Modified: stable/10/sbin/dhclient/dhclient.c ============================================================================== --- stable/10/sbin/dhclient/dhclient.c Thu Feb 13 09:09:14 2014 (r261827) +++ stable/10/sbin/dhclient/dhclient.c Thu Feb 13 09:24:46 2014 (r261828) @@ -494,7 +494,7 @@ main(int argc, char *argv[]) add_protocol("AF_ROUTE", routefd, routehandler, ifi); if (shutdown(routefd, SHUT_WR) < 0) error("can't shutdown route socket: %m"); - cap_rights_init(&rights, CAP_POLL_EVENT, CAP_READ); + cap_rights_init(&rights, CAP_EVENT, CAP_READ); if (cap_rights_limit(routefd, &rights) < 0 && errno != ENOSYS) error("can't limit route socket: %m"); Modified: stable/10/tools/regression/security/cap_test/cap_test_capabilities.c ============================================================================== --- stable/10/tools/regression/security/cap_test/cap_test_capabilities.c Thu Feb 13 09:09:14 2014 (r261827) +++ stable/10/tools/regression/security/cap_test/cap_test_capabilities.c Thu Feb 13 09:24:46 2014 (r261828) @@ -396,7 +396,7 @@ try_file_ops(int filefd, int dirfd, cap_ pollfd.revents = 0; ret = poll(&pollfd, 1, 0); - if (rights & CAP_POLL_EVENT) + if (rights & CAP_EVENT) CHECK((pollfd.revents & POLLNVAL) == 0); else CHECK((pollfd.revents & POLLNVAL) != 0); @@ -546,7 +546,7 @@ test_capabilities(void) TRY(CAP_SEM_POST); TRY(CAP_SEM_WAIT); TRY(CAP_POST_EVENT); - TRY(CAP_POLL_EVENT); + TRY(CAP_EVENT); TRY(CAP_IOCTL); TRY(CAP_TTYHOOK); TRY(CAP_PDGETPID); _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
State Changed From-To: patched->closed Merge to 10-STABLE done. Thanks!