diff options
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/kern/subr_capability.c | 2 | ||||
| -rw-r--r-- | sys/kern/uipc_syscalls.c | 8 | ||||
| -rw-r--r-- | sys/sys/capsicum.h | 1 |
3 files changed, 7 insertions, 4 deletions
diff --git a/sys/kern/subr_capability.c b/sys/kern/subr_capability.c index 22dcfa930256..677e3a498408 100644 --- a/sys/kern/subr_capability.c +++ b/sys/kern/subr_capability.c @@ -92,6 +92,7 @@ __read_mostly cap_rights_t cap_renameat_source_rights; __read_mostly cap_rights_t cap_renameat_target_rights; __read_mostly cap_rights_t cap_seek_rights; __read_mostly cap_rights_t cap_send_rights; +__read_mostly cap_rights_t cap_send_connect_rights; __read_mostly cap_rights_t cap_setsockopt_rights; __read_mostly cap_rights_t cap_shutdown_rights; __read_mostly cap_rights_t cap_symlinkat_rights; @@ -140,6 +141,7 @@ __cap_rights_sysinit1(void *arg) cap_rights_init(&cap_renameat_target_rights, CAP_RENAMEAT_TARGET); cap_rights_init(&cap_seek_rights, CAP_SEEK); cap_rights_init(&cap_send_rights, CAP_SEND); + cap_rights_init(&cap_send_connect_rights, CAP_SEND, CAP_CONNECT); cap_rights_init(&cap_setsockopt_rights, CAP_SETSOCKOPT); cap_rights_init(&cap_shutdown_rights, CAP_SHUTDOWN); cap_rights_init(&cap_symlinkat_rights, CAP_SYMLINKAT); diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c index 9ed75f253ab3..2e05de78037e 100644 --- a/sys/kern/uipc_syscalls.c +++ b/sys/kern/uipc_syscalls.c @@ -722,7 +722,7 @@ kern_sendit(struct thread *td, int s, struct msghdr *mp, int flags, struct uio auio; struct iovec *iov; struct socket *so; - cap_rights_t rights; + cap_rights_t *rights; #ifdef KTRACE struct uio *ktruio = NULL; #endif @@ -730,12 +730,12 @@ kern_sendit(struct thread *td, int s, struct msghdr *mp, int flags, int i, error; AUDIT_ARG_FD(s); - cap_rights_init(&rights, CAP_SEND); + rights = &cap_send_rights; if (mp->msg_name != NULL) { AUDIT_ARG_SOCKADDR(td, AT_FDCWD, mp->msg_name); - cap_rights_set(&rights, CAP_CONNECT); + rights = &cap_send_connect_rights; } - error = getsock_cap(td, s, &rights, &fp, NULL, NULL); + error = getsock_cap(td, s, rights, &fp, NULL, NULL); if (error != 0) { m_freem(control); return (error); diff --git a/sys/sys/capsicum.h b/sys/sys/capsicum.h index 5152227ccbb1..e85ef75eeec5 100644 --- a/sys/sys/capsicum.h +++ b/sys/sys/capsicum.h @@ -441,6 +441,7 @@ extern cap_rights_t cap_renameat_source_rights; extern cap_rights_t cap_renameat_target_rights; extern cap_rights_t cap_seek_rights; extern cap_rights_t cap_send_rights; +extern cap_rights_t cap_send_connect_rights; extern cap_rights_t cap_setsockopt_rights; extern cap_rights_t cap_shutdown_rights; extern cap_rights_t cap_symlinkat_rights; |