diff options
Diffstat (limited to 'sbin/hastd/subr.c')
| -rw-r--r-- | sbin/hastd/subr.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/sbin/hastd/subr.c b/sbin/hastd/subr.c index 806338b..89ffda0 100644 --- a/sbin/hastd/subr.c +++ b/sbin/hastd/subr.c @@ -31,7 +31,9 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); +#ifdef HAVE_CAPSICUM #include <sys/capability.h> +#endif #include <sys/param.h> #include <sys/disk.h> #include <sys/ioctl.h> @@ -230,9 +232,15 @@ drop_privs(struct hast_resource *res) * ioctls and secondary uses ioctls to handle BIO_DELETE and BIO_FLUSH. * For now capsicum is only used to sandbox hastctl. */ - if (res == NULL) +#ifdef HAVE_CAPSICUM + if (res == NULL) { capsicum = (cap_enter() == 0); - else + if (!capsicum) { + pjdlog_common(LOG_DEBUG, 1, errno, + "Unable to sandbox using capsicum"); + } + } else +#endif capsicum = false; /* |
