From 841f7da89ae8b367bb502d61c5c41916c6e7ae4c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 18 Jan 2014 22:12:15 +1100 Subject: - (dtucker) [sandbox-capsicum.c] Correct some error messages and make the return value check for cap_enter() consistent with the other uses in FreeBSD. From by Loganaden Velvindron @ AfriNIC via bz#2140. --- ChangeLog | 3 +++ sandbox-capsicum.c | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index ebe80e5c..5d9b9d10 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,9 @@ declspec(dllimport). The least intrusive way to get rid of these warnings is to disable warnings for GCC compiler attributes when building on Cygwin. Patch from vinschen at redhat.com. + - (dtucker) [sandbox-capsicum.c] Correct some error messages and make the + return value check for cap_enter() consistent with the other uses in + FreeBSD. From by Loganaden Velvindron @ AfriNIC via bz#2140. 20140117 - (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchain diff --git a/sandbox-capsicum.c b/sandbox-capsicum.c index 5853a13e..f648c6ec 100644 --- a/sandbox-capsicum.c +++ b/sandbox-capsicum.c @@ -87,9 +87,9 @@ ssh_sandbox_child(struct ssh_sandbox *box) if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) fatal("can't limit stdin: %m"); if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) - fatal("can't limit stdin: %m"); + fatal("can't limit stdout: %m"); if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) - fatal("can't limit stdin: %m"); + fatal("can't limit stderr: %m"); cap_rights_init(&rights, CAP_READ, CAP_WRITE); if (cap_rights_limit(box->monitor->m_recvfd, &rights) == -1) @@ -97,7 +97,7 @@ ssh_sandbox_child(struct ssh_sandbox *box) cap_rights_init(&rights, CAP_WRITE); if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) == -1) fatal("%s: failed to limit the logging socket", __func__); - if (cap_enter() != 0 && errno != ENOSYS) + if (cap_enter() < 0 && errno != ENOSYS) fatal("%s: failed to enter capability mode", __func__); } -- cgit v1.2.3