Fix for backends which doesn't support capsicum.

Not all libpcap backends use the BPF compatible set
of IOCTLs. For example the mlx5 backend uses libibverbs
which is currently not capsicum compatible.

Disable sandboxing for such backends.

Completes commit 3e26499353048cd004d81e08126252b48bb987c4

Signed-off-by: Hans Petter Selasky <[email protected]>
(cherry picked from commit b5a602a87181d2729be6b55ca595be382242eebb)

diff --git a/tcpdump.c b/tcpdump.c
index b11fc60ff2ad9614c0bd032c358019f782996cbc..7cdbd8af4bc54622039710b475593d32db5fa05c 100644 (file)
--- a/tcpdump.c
+++ b/tcpdump.c
@@ -2572,6 +2572,9 @@ DIAG_ON_ASSIGN_ENUM
 #else
        cansandbox = (cansandbox && ndo->ndo_nflag);
 #endif /* HAVE_CASPER */
+       cansandbox = (cansandbox && (pcap_fileno(pd) != -1 ||
+           RFileName != NULL));
+
        if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
                error("unable to enter the capability mode");
 #endif /* HAVE_CAPSICUM */