aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMariusz Zaborski <oshogbo@FreeBSD.org>2018-06-19 23:43:14 +0000
committerMariusz Zaborski <oshogbo@FreeBSD.org>2018-06-19 23:43:14 +0000
commit7672a0148f79063eac8f8e0beb0db5350d02d5d4 (patch)
tree413e973544ce3e0e8cc69352f5f5824b3a8821d5
parentd18e2bca4b12aba1820c63c125e409418007db49 (diff)
downloadsrc-7672a0148f79063eac8f8e0beb0db5350d02d5d4.tar.gz
src-7672a0148f79063eac8f8e0beb0db5350d02d5d4.zip
Convert `cap_enter() < 0 && errno != ENOSYS` to `caph_enter() < 0`.
No functional change intended.
Notes
Notes: svn path=/head/; revision=335395
-rw-r--r--bin/dd/dd.c2
-rw-r--r--bin/echo/echo.c2
-rw-r--r--bin/sleep/sleep.c2
-rw-r--r--bin/uuidgen/uuidgen.c2
-rw-r--r--contrib/dma/dma-mbox-create.c2
-rw-r--r--sbin/decryptcore/decryptcore.c3
-rw-r--r--sbin/dhclient/dhclient.c4
-rw-r--r--sbin/dumpon/dumpon.c3
-rw-r--r--sbin/md5/md5.c6
-rw-r--r--usr.bin/basename/basename.c2
-rw-r--r--usr.bin/cmp/cmp.c2
-rw-r--r--usr.bin/col/col.c2
-rw-r--r--usr.bin/diff/diffreg.c2
-rw-r--r--usr.bin/diff3/diff3.c2
-rw-r--r--usr.bin/dirname/dirname.c2
-rw-r--r--usr.bin/elfdump/elfdump.c2
-rw-r--r--usr.bin/getopt/getopt.c2
-rw-r--r--usr.bin/hexdump/display.c2
-rw-r--r--usr.bin/iconv/iconv.c4
-rw-r--r--usr.bin/ident/ident.c2
-rw-r--r--usr.bin/indent/indent.c3
-rw-r--r--usr.bin/jot/jot.c2
-rw-r--r--usr.bin/kdump/kdump.c4
-rw-r--r--usr.bin/ktrdump/ktrdump.c2
-rw-r--r--usr.bin/lam/lam.c2
-rw-r--r--usr.bin/last/last.c2
-rw-r--r--usr.bin/locate/bigram/locate.bigram.c3
-rw-r--r--usr.bin/logname/logname.c2
-rw-r--r--usr.bin/ministat/ministat.c2
-rw-r--r--usr.bin/pom/pom.c2
-rw-r--r--usr.bin/primes/primes.c4
-rw-r--r--usr.bin/printenv/printenv.c2
-rw-r--r--usr.bin/rwho/rwho.c3
-rw-r--r--usr.bin/tee/tee.c2
-rw-r--r--usr.bin/tr/tr.c2
-rw-r--r--usr.bin/uniq/uniq.c3
-rw-r--r--usr.bin/units/units.c6
-rw-r--r--usr.bin/write/write.c2
-rw-r--r--usr.bin/yes/yes.c2
-rw-r--r--usr.sbin/bhyve/bhyverun.c2
-rw-r--r--usr.sbin/rwhod/rwhod.c3
41 files changed, 55 insertions, 50 deletions
diff --git a/bin/dd/dd.c b/bin/dd/dd.c
index 590660768810..acec74709896 100644
--- a/bin/dd/dd.c
+++ b/bin/dd/dd.c
@@ -98,7 +98,7 @@ main(int argc __unused, char *argv[])
setup();
caph_cache_catpages();
- if (cap_enter() == -1 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "unable to enter capability mode");
(void)signal(SIGINFO, siginfo_handler);
diff --git a/bin/echo/echo.c b/bin/echo/echo.c
index 807a2105374a..a96542c8aee2 100644
--- a/bin/echo/echo.c
+++ b/bin/echo/echo.c
@@ -82,7 +82,7 @@ main(int argc, char *argv[])
char newline[] = "\n";
char *progname = argv[0];
- if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+ if (caph_limit_stdio() < 0 || caph_enter() < 0)
err(1, "capsicum");
/* This utility may NOT do getopt(3) option parsing. */
diff --git a/bin/sleep/sleep.c b/bin/sleep/sleep.c
index a7c375e91276..0515e944181b 100644
--- a/bin/sleep/sleep.c
+++ b/bin/sleep/sleep.c
@@ -70,7 +70,7 @@ main(int argc, char *argv[])
time_t original;
char buf[2];
- if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+ if (caph_limit_stdio() < 0 || caph_enter() < 0)
err(1, "capsicum");
if (argc != 2)
diff --git a/bin/uuidgen/uuidgen.c b/bin/uuidgen/uuidgen.c
index 23a6fa42bad8..e135dfc4b6e0 100644
--- a/bin/uuidgen/uuidgen.c
+++ b/bin/uuidgen/uuidgen.c
@@ -86,7 +86,7 @@ main(int argc, char *argv[])
caph_cache_catpages();
if (caph_limit_stdio() < 0)
err(1, "Unable to limit stdio");
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "Unable to enter capability mode");
if (count == -1)
diff --git a/contrib/dma/dma-mbox-create.c b/contrib/dma/dma-mbox-create.c
index 75cd741a69a2..2b6d1f14585b 100644
--- a/contrib/dma/dma-mbox-create.c
+++ b/contrib/dma/dma-mbox-create.c
@@ -166,7 +166,7 @@ main(int argc, char **argv)
err(EX_OSERR, "can't limit maildirfd rights");
/* Enter Capsicum capability sandbox */
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(EX_OSERR, "cap_enter");
#endif
diff --git a/sbin/decryptcore/decryptcore.c b/sbin/decryptcore/decryptcore.c
index 0f054d33502d..76003d60a761 100644
--- a/sbin/decryptcore/decryptcore.c
+++ b/sbin/decryptcore/decryptcore.c
@@ -35,6 +35,7 @@ __FBSDID("$FreeBSD$");
#include <sys/wait.h>
#include <ctype.h>
+#include <capsicum_helpers.h>
#include <fcntl.h>
#include <stdbool.h>
#include <stdlib.h>
@@ -167,7 +168,7 @@ decrypt(int ofd, const char *privkeyfile, const char *keyfile,
goto failed;
}
- if (cap_enter() < 0 && errno != ENOSYS) {
+ if (caph_enter() < 0) {
pjdlog_errno(LOG_ERR, "Unable to enter capability mode");
goto failed;
}
diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c
index 7150a0916499..37fd46abbba1 100644
--- a/sbin/dhclient/dhclient.c
+++ b/sbin/dhclient/dhclient.c
@@ -64,6 +64,8 @@ __FBSDID("$FreeBSD$");
#include <sys/capsicum.h>
#include <sys/endian.h>
+#include <capsicum_helpers.h>
+
#include <net80211/ieee80211_freebsd.h>
#ifndef _PATH_VAREMPTY
@@ -539,7 +541,7 @@ main(int argc, char *argv[])
setproctitle("%s", ifi->name);
- if (CASPER_SUPPORT && cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter_casper() < 0)
error("can't enter capability mode: %m");
if (immediate_daemon)
diff --git a/sbin/dumpon/dumpon.c b/sbin/dumpon/dumpon.c
index cc5622bcd229..998d0d48c256 100644
--- a/sbin/dumpon/dumpon.c
+++ b/sbin/dumpon/dumpon.c
@@ -50,6 +50,7 @@ __FBSDID("$FreeBSD$");
#include <sys/sysctl.h>
#include <assert.h>
+#include <capsicum_helpers.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
@@ -227,7 +228,7 @@ genkey(const char *pubkeyfile, struct diocskerneldump_arg *kdap)
if (fp == NULL)
err(1, "Unable to open %s", pubkeyfile);
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "Unable to enter capability mode");
pubkey = RSA_new();
diff --git a/sbin/md5/md5.c b/sbin/md5/md5.c
index 858e80b5d010..06f322a65fb1 100644
--- a/sbin/md5/md5.c
+++ b/sbin/md5/md5.c
@@ -228,8 +228,7 @@ main(int argc, char *argv[])
if (*(argv + 1) == NULL) {
cap_rights_init(&rights, CAP_READ);
if ((cap_rights_limit(fd, &rights) < 0 &&
- errno != ENOSYS) ||
- (cap_enter() < 0 && errno != ENOSYS))
+ errno != ENOSYS) || caph_enter() < 0)
err(1, "capsicum");
}
if ((p = Algorithm[digest].Fd(fd, buf)) == NULL) {
@@ -253,8 +252,7 @@ main(int argc, char *argv[])
}
} while (*++argv);
} else if (!sflag && (optind == 1 || qflag || rflag)) {
- if (caph_limit_stdin() < 0 ||
- (cap_enter() < 0 && errno != ENOSYS))
+ if (caph_limit_stdin() < 0 || caph_enter() < 0)
err(1, "capsicum");
MDFilter(&Algorithm[digest], 0);
}
diff --git a/usr.bin/basename/basename.c b/usr.bin/basename/basename.c
index 28bc8045818f..78f6d52e8647 100644
--- a/usr.bin/basename/basename.c
+++ b/usr.bin/basename/basename.c
@@ -67,7 +67,7 @@ main(int argc, char **argv)
setlocale(LC_ALL, "");
- if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+ if (caph_limit_stdio() < 0 || caph_enter() < 0)
err(1, "capsicum");
aflag = 0;
diff --git a/usr.bin/cmp/cmp.c b/usr.bin/cmp/cmp.c
index b47df0c8da7a..0915bab63e51 100644
--- a/usr.bin/cmp/cmp.c
+++ b/usr.bin/cmp/cmp.c
@@ -188,7 +188,7 @@ main(int argc, char *argv[])
caph_cache_catpages();
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(ERR_EXIT, "unable to enter capability mode");
if (!special) {
diff --git a/usr.bin/col/col.c b/usr.bin/col/col.c
index c79289499e10..564e5e34b2ab 100644
--- a/usr.bin/col/col.c
+++ b/usr.bin/col/col.c
@@ -144,7 +144,7 @@ main(int argc, char **argv)
if (caph_limit_stdio() == -1)
err(1, "unable to limit stdio");
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "unable to enter capability mode");
max_bufd_lines = 256;
diff --git a/usr.bin/diff/diffreg.c b/usr.bin/diff/diffreg.c
index 84cb4ac58c21..1450da77df03 100644
--- a/usr.bin/diff/diffreg.c
+++ b/usr.bin/diff/diffreg.c
@@ -334,7 +334,7 @@ diffreg(char *file1, char *file2, int flags, int capsicum)
caph_cache_catpages();
caph_cache_tzdata();
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(2, "unable to enter capability mode");
}
diff --git a/usr.bin/diff3/diff3.c b/usr.bin/diff3/diff3.c
index 3b762855fb2a..4b1346f85097 100644
--- a/usr.bin/diff3/diff3.c
+++ b/usr.bin/diff3/diff3.c
@@ -756,7 +756,7 @@ main(int argc, char **argv)
nleft++;
caph_cache_catpages();
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(2, "unable to enter capability mode");
/* parse diffs */
diff --git a/usr.bin/dirname/dirname.c b/usr.bin/dirname/dirname.c
index 4a3a17c229b2..38028423dd45 100644
--- a/usr.bin/dirname/dirname.c
+++ b/usr.bin/dirname/dirname.c
@@ -56,7 +56,7 @@ main(int argc, char **argv)
char *p;
int ch;
- if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+ if (caph_limit_stdio() < 0 || caph_enter() < 0)
err(1, "capsicum");
while ((ch = getopt(argc, argv, "")) != -1)
diff --git a/usr.bin/elfdump/elfdump.c b/usr.bin/elfdump/elfdump.c
index e4240663786d..ed2a8e230ac7 100644
--- a/usr.bin/elfdump/elfdump.c
+++ b/usr.bin/elfdump/elfdump.c
@@ -579,7 +579,7 @@ main(int ac, char **av)
caph_limit_stdout() < 0 || caph_limit_stderr() < 0) {
err(1, "unable to limit rights for stdio");
}
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "unable to enter capability mode");
e = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
if (e == MAP_FAILED)
diff --git a/usr.bin/getopt/getopt.c b/usr.bin/getopt/getopt.c
index 3f55a34f6d50..970a4c7659af 100644
--- a/usr.bin/getopt/getopt.c
+++ b/usr.bin/getopt/getopt.c
@@ -19,7 +19,7 @@ main(int argc, char *argv[])
int c;
int status = 0;
- if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+ if (caph_limit_stdio() < 0 || caph_enter() < 0)
err(1, "capsicum");
optind = 2; /* Past the program name and the option letters. */
diff --git a/usr.bin/hexdump/display.c b/usr.bin/hexdump/display.c
index 0b2df2e02805..697443693d8e 100644
--- a/usr.bin/hexdump/display.c
+++ b/usr.bin/hexdump/display.c
@@ -372,7 +372,7 @@ next(char **argv)
* We've opened our last input file; enter capsicum sandbox.
*/
if (statok == 0 || *(_argv + 1) == NULL) {
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "unable to enter capability mode");
}
diff --git a/usr.bin/iconv/iconv.c b/usr.bin/iconv/iconv.c
index 23d691e8ee12..7e911b4432e5 100644
--- a/usr.bin/iconv/iconv.c
+++ b/usr.bin/iconv/iconv.c
@@ -216,7 +216,7 @@ main(int argc, char **argv)
err(EXIT_FAILURE, "iconv_open(%s, %s)", opt_t, opt_f);
if (argc == 0) {
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(EXIT_FAILURE, "unable to enter capability mode");
res = do_conv(stdin, cd, opt_s, opt_c);
} else {
@@ -228,7 +228,7 @@ main(int argc, char **argv)
err(EXIT_FAILURE, "Cannot open `%s'",
argv[i]);
/* Enter Capsicum sandbox for final input file. */
- if (i + 1 == argc && cap_enter() < 0 && errno != ENOSYS)
+ if (i + 1 == argc && caph_enter() < 0)
err(EXIT_FAILURE,
"unable to enter capability mode");
res |= do_conv(fp, cd, opt_s, opt_c);
diff --git a/usr.bin/ident/ident.c b/usr.bin/ident/ident.c
index d2417b6717b6..aa9612d2fce1 100644
--- a/usr.bin/ident/ident.c
+++ b/usr.bin/ident/ident.c
@@ -256,7 +256,7 @@ main(int argc, char **argv)
}
/* Enter Capsicum sandbox. */
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(EXIT_FAILURE, "unable to enter capability mode");
for (i = 0; i < (int)nfds; i++) {
diff --git a/usr.bin/indent/indent.c b/usr.bin/indent/indent.c
index dab0f2597d9b..03e557ee807b 100644
--- a/usr.bin/indent/indent.c
+++ b/usr.bin/indent/indent.c
@@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/capsicum.h>
+#include <capsicum_helpers.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
@@ -248,7 +249,7 @@ main(int argc, char **argv)
cap_rights_init(&rights, CAP_FSTAT, CAP_READ);
if (cap_rights_limit(fileno(input), &rights) < 0 && errno != ENOSYS)
err(EXIT_FAILURE, "unable to limit rights for %s", in_name);
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(EXIT_FAILURE, "unable to enter capability mode");
if (opt.com_ind <= 1)
diff --git a/usr.bin/jot/jot.c b/usr.bin/jot/jot.c
index ef6f84b92b11..c7f7a31278c1 100644
--- a/usr.bin/jot/jot.c
+++ b/usr.bin/jot/jot.c
@@ -123,7 +123,7 @@ main(int argc, char **argv)
*/
caph_cache_catpages();
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "unable to enter capability mode");
while ((ch = getopt(argc, argv, "b:cnp:rs:w:")) != -1)
diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c
index a1b92445f9bd..794930bf4862 100644
--- a/usr.bin/kdump/kdump.c
+++ b/usr.bin/kdump/kdump.c
@@ -434,12 +434,12 @@ main(int argc, char *argv[])
}
}
if (resolv == 0 || (cappwd != NULL && capgrp != NULL)) {
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "unable to enter capability mode");
}
#else
if (resolv == 0) {
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "unable to enter capability mode");
}
#endif
diff --git a/usr.bin/ktrdump/ktrdump.c b/usr.bin/ktrdump/ktrdump.c
index f45e4bb290b5..c67498581a4e 100644
--- a/usr.bin/ktrdump/ktrdump.c
+++ b/usr.bin/ktrdump/ktrdump.c
@@ -203,7 +203,7 @@ main(int ac, char **av)
* kvm_nlist() above uses kldsym(2) for native kernels, and that isn't
* allowed in the sandbox.
*/
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "unable to enter capability mode");
if (iflag) {
diff --git a/usr.bin/lam/lam.c b/usr.bin/lam/lam.c
index ff0308548aef..4f42921ad388 100644
--- a/usr.bin/lam/lam.c
+++ b/usr.bin/lam/lam.c
@@ -99,7 +99,7 @@ main(int argc, char *argv[])
* mode.
*/
caph_cache_catpages();
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "unable to enter capability mode");
for (;;) {
diff --git a/usr.bin/last/last.c b/usr.bin/last/last.c
index ea93897abce0..42177e278718 100644
--- a/usr.bin/last/last.c
+++ b/usr.bin/last/last.c
@@ -190,7 +190,7 @@ main(int argc, char *argv[])
if (setutxdb(UTXDB_LOG, file) != 0)
err(1, "%s", file != NULL ? file : "(default utx db)");
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "cap_enter");
if (sflag && width == 8) usage();
diff --git a/usr.bin/locate/bigram/locate.bigram.c b/usr.bin/locate/bigram/locate.bigram.c
index 24bd0009e97d..d92677b426c6 100644
--- a/usr.bin/locate/bigram/locate.bigram.c
+++ b/usr.bin/locate/bigram/locate.bigram.c
@@ -61,7 +61,6 @@ static char sccsid[] = "@(#)locate.bigram.c 8.1 (Berkeley) 6/6/93";
#include <capsicum_helpers.h>
#include <err.h>
-#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/param.h> /* for MAXPATHLEN */
@@ -78,7 +77,7 @@ main(void)
u_char *oldpath = buf1, *path = buf2;
u_int i, j;
- if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+ if (caph_limit_stdio() < 0 || caph_enter() < 0)
err(1, "capsicum");
while (fgets(path, sizeof(buf2), stdin) != NULL) {
diff --git a/usr.bin/logname/logname.c b/usr.bin/logname/logname.c
index 3d5cf2b262a6..c939e49eddfc 100644
--- a/usr.bin/logname/logname.c
+++ b/usr.bin/logname/logname.c
@@ -54,7 +54,7 @@ main(int argc, char *argv[] __unused)
{
char *p;
- if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+ if (caph_limit_stdio() < 0 || caph_enter() < 0)
err(1, "capsicum");
if (argc != 1)
diff --git a/usr.bin/ministat/ministat.c b/usr.bin/ministat/ministat.c
index 150593e5be95..502ed9c7e804 100644
--- a/usr.bin/ministat/ministat.c
+++ b/usr.bin/ministat/ministat.c
@@ -634,7 +634,7 @@ main(int argc, char **argv)
setfilenames[i]);
/* Enter Capsicum sandbox. */
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(2, "unable to enter capability mode");
for (i = 0; i < nds; i++) {
diff --git a/usr.bin/pom/pom.c b/usr.bin/pom/pom.c
index f0c214d2da32..5c95dcda6add 100644
--- a/usr.bin/pom/pom.c
+++ b/usr.bin/pom/pom.c
@@ -97,7 +97,7 @@ main(int argc, char **argv)
err(1, "unable to limit capabitilities for stdio");
caph_cache_catpages();
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "unable to enter capability mode");
while ((ch = getopt(argc, argv, "d:pt:")) != -1)
diff --git a/usr.bin/primes/primes.c b/usr.bin/primes/primes.c
index c0ac538fb7d4..33fcfd3cb679 100644
--- a/usr.bin/primes/primes.c
+++ b/usr.bin/primes/primes.c
@@ -61,7 +61,7 @@ static const char rcsid[] =
* validation check: there are 664579 primes between 0 and 10^7
*/
-#include <sys/capsicum.h>
+#include <capsicum_helpers.h>
#include <ctype.h>
#include <err.h>
#include <errno.h>
@@ -104,7 +104,7 @@ main(int argc, char *argv[])
/* Cache NLS data, for strerror, for err(3), before cap_enter. */
(void)catopen("libc", NL_CAT_LOCALE);
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "cap_enter");
while ((ch = getopt(argc, argv, "h")) != -1)
diff --git a/usr.bin/printenv/printenv.c b/usr.bin/printenv/printenv.c
index 9e3e2be95def..485e4da2f252 100644
--- a/usr.bin/printenv/printenv.c
+++ b/usr.bin/printenv/printenv.c
@@ -69,7 +69,7 @@ main(int argc, char *argv[])
size_t len;
int ch;
- if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+ if (caph_limit_stdio() < 0 || caph_enter() < 0)
err(1, "capsicum");
while ((ch = getopt(argc, argv, "")) != -1)
diff --git a/usr.bin/rwho/rwho.c b/usr.bin/rwho/rwho.c
index 09b5bc1eb14b..6326b2ce251a 100644
--- a/usr.bin/rwho/rwho.c
+++ b/usr.bin/rwho/rwho.c
@@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$");
#include <protocols/rwhod.h>
+#include <capsicum_helpers.h>
#include <dirent.h>
#include <err.h>
#include <errno.h>
@@ -136,7 +137,7 @@ main(int argc, char *argv[])
*/
(void) time(&ct);
(void) localtime(&ct);
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "cap_enter");
(void) time(&now);
cap_rights_init(&rights, CAP_READ);
diff --git a/usr.bin/tee/tee.c b/usr.bin/tee/tee.c
index 6e30881012f9..b6d438afd96d 100644
--- a/usr.bin/tee/tee.c
+++ b/usr.bin/tee/tee.c
@@ -109,7 +109,7 @@ main(int argc, char *argv[])
} else
add(fd, *argv);
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(EXIT_FAILURE, "unable to enter capability mode");
while ((rval = read(STDIN_FILENO, buf, BSIZE)) > 0)
for (p = head; p; p = p->next) {
diff --git a/usr.bin/tr/tr.c b/usr.bin/tr/tr.c
index f5f413056706..2d1baad2ac09 100644
--- a/usr.bin/tr/tr.c
+++ b/usr.bin/tr/tr.c
@@ -84,7 +84,7 @@ main(int argc, char **argv)
if (caph_limit_stdio() == -1)
err(1, "unable to limit stdio");
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "unable to enter capability mode");
Cflag = cflag = dflag = sflag = 0;
diff --git a/usr.bin/uniq/uniq.c b/usr.bin/uniq/uniq.c
index e92e597b3da8..d47893ca5578 100644
--- a/usr.bin/uniq/uniq.c
+++ b/usr.bin/uniq/uniq.c
@@ -48,6 +48,7 @@ static const char rcsid[] =
#include <sys/capsicum.h>
+#include <capsicum_helpers.h>
#include <ctype.h>
#include <err.h>
#include <errno.h>
@@ -177,7 +178,7 @@ main (int argc, char *argv[])
}
strerror_init();
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "unable to enter capability mode");
prevbuflen = thisbuflen = 0;
diff --git a/usr.bin/units/units.c b/usr.bin/units/units.c
index e0365cf34283..e0807c56077d 100644
--- a/usr.bin/units/units.c
+++ b/usr.bin/units/units.c
@@ -33,7 +33,7 @@ static const char rcsid[] =
#include <string.h>
#include <unistd.h>
-#include <sys/capsicum.h>
+#include <capsicum_helpers.h>
#ifndef UNITSFILE
#define UNITSFILE "/usr/share/misc/definitions.units"
@@ -819,7 +819,7 @@ main(int argc, char **argv)
readunits(NULL);
if (optind == argc - 2) {
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "unable to enter capability mode");
havestr = argv[optind];
@@ -843,7 +843,7 @@ main(int argc, char **argv)
if (inhistory == 0)
err(1, "Could not initialize history");
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "unable to enter capability mode");
if (!quiet)
diff --git a/usr.bin/write/write.c b/usr.bin/write/write.c
index b80c37a2c9a5..3f0f1a1aa9cd 100644
--- a/usr.bin/write/write.c
+++ b/usr.bin/write/write.c
@@ -137,7 +137,7 @@ main(int argc, char **argv)
login = "???";
}
- if (cap_enter() < 0 && errno != ENOSYS)
+ if (caph_enter() < 0)
err(1, "cap_enter");
while (getopt(argc, argv, "") != -1)
diff --git a/usr.bin/yes/yes.c b/usr.bin/yes/yes.c
index 26af8d7cbb3d..03111ed53fc1 100644
--- a/usr.bin/yes/yes.c
+++ b/usr.bin/yes/yes.c
@@ -60,7 +60,7 @@ main(int argc, char **argv)
size_t more;
ssize_t ret;
- if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+ if (caph_limit_stdio() < 0 || caph_enter() < 0)
err(1, "capsicum");
if (argc > 1) {
diff --git a/usr.sbin/bhyve/bhyverun.c b/usr.sbin/bhyve/bhyverun.c
index b714b558977b..1d16559936e5 100644
--- a/usr.sbin/bhyve/bhyverun.c
+++ b/usr.sbin/bhyve/bhyverun.c
@@ -1114,7 +1114,7 @@ main(int argc, char *argv[])
if (caph_limit_stdout() == -1 || caph_limit_stderr() == -1)
errx(EX_OSERR, "Unable to apply rights for sandbox");
- if (cap_enter() == -1 && errno != ENOSYS)
+ if (caph_enter() == -1)
errx(EX_OSERR, "cap_enter() failed");
#endif
diff --git a/usr.sbin/rwhod/rwhod.c b/usr.sbin/rwhod/rwhod.c
index 9e028f20bca7..7bb15f7d6f07 100644
--- a/usr.sbin/rwhod/rwhod.c
+++ b/usr.sbin/rwhod/rwhod.c
@@ -63,6 +63,7 @@ __FBSDID("$FreeBSD$");
#include <protocols/rwhod.h>
#include <ctype.h>
+#include <capsicum_helpers.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
@@ -372,7 +373,7 @@ receiver_process(void)
syslog(LOG_WARNING, "cap_rights_limit: %m");
exit(1);
}
- if (cap_enter() < 0 && errno != ENOSYS) {
+ if (caph_enter() < 0) {
syslog(LOG_ERR, "cap_enter: %m");
exit(1);
}