diff options
| author | Pawel Jakub Dawidek <pjd@FreeBSD.org> | 2013-07-03 22:23:25 +0000 |
|---|---|---|
| committer | Pawel Jakub Dawidek <pjd@FreeBSD.org> | 2013-07-03 22:23:25 +0000 |
| commit | 8da93e68616426d704ca3ea8f289d2fb52c4a84c (patch) | |
| tree | 95576411c5fa3d7df69527e7311af2be03dbb0f0 /sbin/dhclient/dhclient.c | |
| parent | a6f38228d451a192e2a07986831e8d37426995e5 (diff) | |
| download | src-8da93e68616426d704ca3ea8f289d2fb52c4a84c.tar.gz src-8da93e68616426d704ca3ea8f289d2fb52c4a84c.zip | |
MFp4 @229488:
Sandbox unprivileged process using capability mode.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Notes
Notes:
svn path=/head/; revision=252634
Diffstat (limited to 'sbin/dhclient/dhclient.c')
| -rw-r--r-- | sbin/dhclient/dhclient.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c index 2305d973cc3d..cd4a41bfa146 100644 --- a/sbin/dhclient/dhclient.c +++ b/sbin/dhclient/dhclient.c @@ -511,6 +511,9 @@ main(int argc, char *argv[]) setproctitle("%s", ifi->name); + if (cap_enter() < 0 && errno != ENOSYS) + error("can't enter capability mode: %m"); + if (immediate_daemon) go_daemon(); |