> logger -h /var/run/log miaow logger: sendto: Not permitted in capability mode > logger -h 100.64.0.0 miaow logger: sendto: Not permitted in capability mode this was committed in r358919 after https://reviews.freebsd.org/D23744 Reading logger.c we open socksetup/4 before entering capsicum so I guess we are missing the CAP_SEND or CAP_WRITE somewhere, but I didn't find that in cap_syslog.* - where is that done?
The problem is not with the missing rights on a descriptor. The problem is that sendto is forbidden when the "to" argument is given. static int sendit(struct thread *td, int s, struct msghdr *mp, int flags) { #ifdef CAPABILITY_MODE if (IN_CAPABILITY_MODE(td) && (mp->msg_name != NULL)) return (ECAPMODE); #endif So I guess we have to revert the part when we enter the Capability mode and fix this with the Casper service.
Or somehow rewrite this part.
(In reply to Mariusz Zaborski from comment #1) Or perhaps for now change to entering cap mode only if nsock == 0, then implement the casper service after.
A commit references this bug: Author: oshogbo Date: Wed Apr 8 18:43:01 UTC 2020 New revision: 359730 URL: https://svnweb.freebsd.org/changeset/base/359730 Log: logger: temporarily disable Capsicum when a host is provided We don't have a way to send a UDP package. PR: 245314 Reported by: dch Discussed with: emaste Changes: head/usr.bin/logger/logger.c
It seems like that check in sendit() is bogus. In kern_sendit(), we permit msg_name == NULL if CAP_CONNECT is present: 730 int 731 kern_sendit(struct thread *td, int s, struct msghdr *mp, int flags, 732 struct mbuf *control, enum uio_seg segflg) 733 { 734 struct file *fp; 735 struct uio auio; 736 struct iovec *iov; 737 struct socket *so; 738 cap_rights_t *rights; 739 #ifdef KTRACE 740 struct uio *ktruio = NULL; 741 #endif 742 ssize_t len; 743 int i, error; 744 745 AUDIT_ARG_FD(s); 746 rights = &cap_send_rights; 747 if (mp->msg_name != NULL) { 748 AUDIT_ARG_SOCKADDR(td, AT_FDCWD, mp->msg_name); 749 rights = &cap_send_connect_rights; 750 } 751 error = getsock_cap(td, s, rights, &fp, NULL, NULL); And sendit() is just a shim around kern_sendit().