privsep: Fold capsicum and pledge entry points into ps_entersandbox

author: Roy Marples <roy@marples.name> 2020-09-19 18:58:52 +0100
committer: Roy Marples <roy@marples.name> 2020-09-19 18:58:52 +0100
commit: 7a83026997582f5ec23a292dd0b0a4248bc1c141 (patch)
tree: 488c8a9cb35fa67cf0543ad77deeb0a0952bb4bc /src/privsep-inet.c
parent: 8f78bde8042dace0e0330a58d430a0c7c8a32199 (diff)
download: dhcpcd-7a83026997582f5ec23a292dd0b0a4248bc1c141.tar.xz
1 files changed, 3 insertions, 20 deletions
diff --git a/src/privsep-inet.c b/src/privsep-inet.c
index 89ba79e0..bac3a7b1 100644
--- a/src/privsep-inet.c
+++ b/src/privsep-inet.c
@@ -47,10 +47,6 @@
 #include "logerr.h"
 #include "privsep.h"
 
-#ifdef HAVE_CAPSICUM
-#include <sys/capsicum.h>
-#endif
-
 #ifdef INET
 static void
 ps_inet_recvbootp(void *arg)
@@ -337,14 +333,8 @@ ps_inet_start(struct dhcpcd_ctx *ctx)
 	    ps_inet_startcb, NULL,
 	    PSF_DROPPRIVS);
 
-#ifdef HAVE_CAPSICUM
-	if (pid == 0 && cap_enter() == -1 && errno != ENOSYS)
-		logerr("%s: cap_enter", __func__);
-#endif
-#ifdef HAVE_PLEDGE
-	if (pid == 0 && pledge("stdio", NULL) == -1)
-		logerr("%s: pledge", __func__);
-#endif
+	if (pid == 0)
+		ps_entersandbox("stdio");
 
 	return pid;
 }
@@ -570,14 +560,7 @@ ps_inet_cmd(struct dhcpcd_ctx *ctx, struct ps_msghdr *psm, struct msghdr *msg)
 		ps_freeprocess(psp);
 		return -1;
 	case 0:
-#ifdef HAVE_CAPSICUM
-		if (cap_enter() == -1 && errno != ENOSYS)
-			logerr("%s: cap_enter", __func__);
-#endif
-#ifdef HAVE_PLEDGE
-		if (pledge("stdio", NULL) == -1)
-			logerr("%s: pledge", __func__);
-#endif
+		ps_entersandbox("stdio");
 		break;
 	default:
 		break;
author	Roy Marples <roy@marples.name>	2020-09-19 18:58:52 +0100
committer	Roy Marples <roy@marples.name>	2020-09-19 18:58:52 +0100
commit	7a83026997582f5ec23a292dd0b0a4248bc1c141 (patch)
tree	488c8a9cb35fa67cf0543ad77deeb0a0952bb4bc /src/privsep-inet.c
parent	8f78bde8042dace0e0330a58d430a0c7c8a32199 (diff)
download	dhcpcd-7a83026997582f5ec23a292dd0b0a4248bc1c141.tar.xz