diff --git a/contrib/capsicum-test/capmode.cc b/contrib/capsicum-test/capmode.cc index ba2de19879a0..f32d9e038744 100644 --- a/contrib/capsicum-test/capmode.cc +++ b/contrib/capsicum-test/capmode.cc @@ -227,6 +227,10 @@ FORK_TEST_F(WithFiles, AllowedSocketSyscallsIfRoot) { // Interface configuration ioctls are not permitted in capability // mode. + // + // This test is disabled for now as the corresponding kernel change was + // disabled. +#if 0 #ifdef __FreeBSD__ struct if_clonereq req; @@ -238,6 +242,7 @@ FORK_TEST_F(WithFiles, AllowedSocketSyscallsIfRoot) { free(req.ifcr_buffer); #endif +#endif } #ifdef HAVE_SEND_RECV_MMSG diff --git a/sys/kern/sys_socket.c b/sys/kern/sys_socket.c index 52f4b6cdf7f9..e53b0367960b 100644 --- a/sys/kern/sys_socket.c +++ b/sys/kern/sys_socket.c @@ -271,7 +271,7 @@ soo_ioctl(struct file *fp, u_long cmd, void *data, struct ucred *active_cred, error = ifioctl(so, cmd, data, td); else if (IOCGROUP(cmd) == 'r') { CURVNET_SET(so->so_vnet); - error = rtioctl_fib(cmd, data, so->so_fibnum, td); + error = rtioctl_fib(cmd, data, so->so_fibnum); CURVNET_RESTORE(); } else { CURVNET_SET(so->so_vnet); diff --git a/sys/net/if.c b/sys/net/if.c index 5bf44d014db3..1e410142747f 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -2968,15 +2968,6 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct thread *td) bool shutdown; #endif - /* - * Interface ioctls access a global namespace. There is currently no - * capability-based representation for interfaces, so the configuration - * interface is simply unaccessible from capability mode. If necessary, - * select ioctls may be permitted here. - */ - if (IN_CAPABILITY_MODE(td)) - return (ECAPMODE); - CURVNET_SET(so->so_vnet); #ifdef VIMAGE /* Make sure the VNET is stable. */ diff --git a/sys/net/route.c b/sys/net/route.c index f093a71b7585..2416aa9a983f 100644 --- a/sys/net/route.c +++ b/sys/net/route.c @@ -43,7 +43,6 @@ #include #include -#include #include #include #include @@ -246,10 +245,8 @@ rib_add_redirect(u_int fibnum, struct sockaddr *dst, struct sockaddr *gateway, * Routing table ioctl interface. */ int -rtioctl_fib(u_long req, caddr_t data, u_int fibnum, struct thread *td) +rtioctl_fib(u_long req, caddr_t data, u_int fibnum) { - if (IN_CAPABILITY_MODE(td)) - return (ECAPMODE); /* * If more ioctl commands are added here, make sure the proper diff --git a/sys/net/route.h b/sys/net/route.h index 64e89965f9cd..67217f237e0b 100644 --- a/sys/net/route.h +++ b/sys/net/route.h @@ -431,13 +431,11 @@ void rt_updatemtu(struct ifnet *); void rt_flushifroutes(struct ifnet *ifp); -struct thread; - /* XXX MRT NEW VERSIONS THAT USE FIBs * For now the protocol indepedent versions are the same as the AF_INET ones * but this will change.. */ -int rtioctl_fib(u_long, caddr_t, u_int, struct thread *); +int rtioctl_fib(u_long, caddr_t, u_int); int rib_lookup_info(uint32_t, const struct sockaddr *, uint32_t, uint32_t, struct rt_addrinfo *); void rib_free_info(struct rt_addrinfo *info); diff --git a/sys/netinet/in.c b/sys/netinet/in.c index 5f70dd1ec824..bcf071a81e0e 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -36,7 +36,6 @@ __FBSDID("$FreeBSD$"); #include -#include #include #include #include @@ -238,9 +237,6 @@ in_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp, if (ifp == NULL) return (EADDRNOTAVAIL); - if (td != NULL && IN_CAPABILITY_MODE(td)) - return (ECAPMODE); - /* * Filter out 4 ioctls we implement directly. Forward the rest * to specific functions and ifp->if_ioctl(). diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index de3db6dc7d33..02cb9df7da3a 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -69,7 +69,6 @@ __FBSDID("$FreeBSD$"); #include "opt_inet6.h" #include -#include #include #include #include @@ -255,9 +254,6 @@ in6_control(struct socket *so, u_long cmd, caddr_t data, int error; u_long ocmd = cmd; - if (td != NULL && IN_CAPABILITY_MODE(td)) - return (ECAPMODE); - /* * Compat to make pre-10.x ifconfig(8) operable. */