diff options
author | pjd <pjd@FreeBSD.org> | 2013-12-19 00:51:48 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2013-12-19 00:51:48 +0000 |
commit | 6eb6964b97c547e904307221837bf891e0baa063 (patch) | |
tree | d9b0eac01a14f6e2d24b5d263f6f218e82ddc555 /contrib/tcpdump/tcpdump.c | |
parent | f052ba0c916b09694516ca67a3475b5b6aa7eab9 (diff) | |
download | FreeBSD-src-6eb6964b97c547e904307221837bf891e0baa063.zip FreeBSD-src-6eb6964b97c547e904307221837bf891e0baa063.tar.gz |
If we cannot connect to casperd we don't enter sandbox, but if we can connect
to casperd, but we cannot access the service we need we exit with an error.
This should not happen and just indicates some configuration error which
should be fixed, so we force the user to do it by failing.
Discussed with: emaste
Diffstat (limited to 'contrib/tcpdump/tcpdump.c')
-rw-r--r-- | contrib/tcpdump/tcpdump.c | 20 |
1 files changed, 6 insertions, 14 deletions
diff --git a/contrib/tcpdump/tcpdump.c b/contrib/tcpdump/tcpdump.c index e1a34f4..f1e696f 100644 --- a/contrib/tcpdump/tcpdump.c +++ b/contrib/tcpdump/tcpdump.c @@ -710,24 +710,16 @@ capdns_setup(void) capdnsloc = cap_service_open(capcas, "system.dns"); /* Casper capability no longer needed. */ cap_close(capcas); - if (capdnsloc == NULL) { - warning("unable to open system.dns service"); - return (NULL); - } + if (capdnsloc == NULL) + error("unable to open system.dns service"); /* Limit system.dns to reverse DNS lookups. */ types[0] = "ADDR"; - if (cap_dns_type_limit(capdnsloc, types, 1) < 0) { - warning("unable to limit access to system.dns service"); - cap_close(capdnsloc); - return (NULL); - } + if (cap_dns_type_limit(capdnsloc, types, 1) < 0) + error("unable to limit access to system.dns service"); families[0] = AF_INET; families[1] = AF_INET6; - if (cap_dns_family_limit(capdnsloc, families, 2) < 0) { - warning("unable to limit access to system.dns service"); - cap_close(capdnsloc); - return (NULL); - } + if (cap_dns_family_limit(capdnsloc, families, 2) < 0) + error("unable to limit access to system.dns service"); return (capdnsloc); } |