1 files changed, 11 insertions, 5 deletions

diff --git a/sys/compat/svr4/svr4_fcntl.c b/sys/compat/svr4/svr4_fcntl.c
index 86fab78..8d0b715 100644
--- a/sys/compat/svr4/svr4_fcntl.c
+++ b/sys/compat/svr4/svr4_fcntl.c
@@ -259,6 +259,7 @@ fd_revoke(td, fd)
 	struct vnode *vp;
 	struct mount *mp;
 	struct vattr vattr;
+	cap_rights_t rights;
 	int error, *retval;
 
 	retval = td->td_retval;
@@ -267,12 +268,13 @@ fd_revoke(td, fd)
 	 * or FreeBSD grows a native frevoke() (more likely), we will need a
 	 * CAP_FREVOKE here.
 	 *
-	 * In the meantime, use CAP_ALL: if a SVR4 process wants to
+	 * In the meantime, use CAP_ALL(): if a SVR4 process wants to
 	 * do an frevoke(), it needs to do it on either a regular file
 	 * descriptor or a fully-privileged capability (which is effectively
 	 * the same as a non-capability-restricted file descriptor).
 	 */
-	if ((error = fgetvp(td, fd, CAP_ALL, &vp)) != 0)
+	CAP_ALL(&rights);
+	if ((error = fgetvp(td, fd, &rights, &vp)) != 0)
 		return (error);
 
 	if (vp->v_type != VCHR && vp->v_type != VBLK) {
@@ -318,13 +320,15 @@ fd_truncate(td, fd, flp)
 	struct vattr vattr;
 	int error, *retval;
 	struct ftruncate_args ft;
+	cap_rights_t rights;
 
 	retval = td->td_retval;
 
 	/*
 	 * We only support truncating the file.
 	 */
-	if ((error = fget(td, fd, CAP_FTRUNCATE, &fp)) != 0)
+	error = fget(td, fd, cap_rights_init(&rights, CAP_FTRUNCATE), &fp);
+	if (error != 0)
 		return (error);
 
 	vp = fp->f_vnode;
@@ -401,9 +405,11 @@ svr4_sys_open(td, uap)
 	if (!(bsd_flags & O_NOCTTY) && SESS_LEADER(p) &&
 	    !(p->p_flag & P_CONTROLT)) {
 #if defined(NOTYET)
-		struct file	*fp;
+		cap_rights_t rights;
+		struct file *fp;
 
-		error = fget(td, retval, CAP_IOCTL, &fp);
+		error = fget(td, retval,
+		    cap_rights_init(&rights, CAP_IOCTL), &fp);
 		PROC_UNLOCK(p);
 		/*
 		 * we may have lost a race the above open() and