diff options
| author | Pawel Jakub Dawidek <pjd@FreeBSD.org> | 2013-12-19 00:51:48 +0000 |
|---|---|---|
| committer | Pawel Jakub Dawidek <pjd@FreeBSD.org> | 2013-12-19 00:51:48 +0000 |
| commit | 8ff3952b7279d437be574f7c7a5d083b1a9bfe41 (patch) | |
| tree | d9b0eac01a14f6e2d24b5d263f6f218e82ddc555 /usr.bin/kdump | |
| parent | 41067328826a1d41163d95920a830e0f52da173a (diff) | |
| download | src-8ff3952b7279d437be574f7c7a5d083b1a9bfe41.tar.gz src-8ff3952b7279d437be574f7c7a5d083b1a9bfe41.zip | |
If we cannot connect to casperd we don't enter sandbox, but if we can connect
to casperd, but we cannot access the service we need we exit with an error.
This should not happen and just indicates some configuration error which
should be fixed, so we force the user to do it by failing.
Discussed with: emaste
Notes
Notes:
svn path=/head/; revision=259580
Diffstat (limited to 'usr.bin/kdump')
| -rw-r--r-- | usr.bin/kdump/kdump.c | 34 |
1 files changed, 10 insertions, 24 deletions
diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c index 238f8fc16a13..3a9ba0e3f4e3 100644 --- a/usr.bin/kdump/kdump.c +++ b/usr.bin/kdump/kdump.c @@ -215,7 +215,7 @@ cappwdgrp_setup(cap_channel_t **cappwdp, cap_channel_t **capgrpp) capcas = cap_init(); if (capcas == NULL) { warn("unable to contact casperd"); - return (NULL); + return (-1); } cappwdloc = cap_service_open(capcas, "system.pwd"); capgrploc = cap_service_open(capcas, "system.grp"); @@ -226,40 +226,26 @@ cappwdgrp_setup(cap_channel_t **cappwdp, cap_channel_t **capgrpp) warn("unable to open system.pwd service"); if (capgrploc == NULL) warn("unable to open system.grp service"); - goto fail; + exit(1); } /* Limit system.pwd to only getpwuid() function and pw_name field. */ cmds[0] = "getpwuid"; - if (cap_pwd_limit_cmds(cappwdloc, cmds, 1) < 0) { - warn("unable to limit access to system.pwd service"); - goto fail; - } + if (cap_pwd_limit_cmds(cappwdloc, cmds, 1) < 0) + err(1, "unable to limit system.pwd service"); fields[0] = "pw_name"; - if (cap_pwd_limit_fields(cappwdloc, fields, 1) < 0) { - warn("unable to limit access to system.pwd service"); - goto fail; - } + if (cap_pwd_limit_fields(cappwdloc, fields, 1) < 0) + err(1, "unable to limit system.pwd service"); /* Limit system.grp to only getgrgid() function and gr_name field. */ cmds[0] = "getgrgid"; - if (cap_grp_limit_cmds(capgrploc, cmds, 1) < 0) { - warn("unable to limit access to system.grp service"); - goto fail; - } + if (cap_grp_limit_cmds(capgrploc, cmds, 1) < 0) + err(1, "unable to limit system.grp service"); fields[0] = "gr_name"; - if (cap_grp_limit_fields(capgrploc, fields, 1) < 0) { - warn("unable to limit access to system.grp service"); - goto fail; - } + if (cap_grp_limit_fields(capgrploc, fields, 1) < 0) + err(1, "unable to limit system.grp service"); *cappwdp = cappwdloc; *capgrpp = capgrploc; return (0); -fail: - if (capgrploc == NULL) - cap_close(cappwdloc); - if (capgrploc == NULL) - cap_close(capgrploc); - return (-1); } #endif /* HAVE_LIBCAPSICUM */ |