Fix for backends which doesn't support capsicum.

Not all libpcap backends use the BPF compatible set
of IOCTLs. For example the mlx5 backend uses libibverbs
which is currently not capsicum compatible.

Disable sandboxing for such backends.

Completes commit 3e26499353048cd004d81e08126252b48bb987c4

Signed-off-by: Hans Petter Selasky <[email protected]>

diff --git a/tcpdump.c b/tcpdump.c
index 8b00cdd17d463540351f4f24654064e61bd1644d..219ac2a2bde47e72dc60de99dbfb6030f874d9d1 100644 (file)
--- a/tcpdump.c
+++ b/tcpdump.c
@@ -2628,6 +2628,9 @@ DIAG_ON_ASSIGN_ENUM
 #else
        cansandbox = (cansandbox && ndo->ndo_nflag);
 #endif /* HAVE_CASPER */
+       cansandbox = (cansandbox && (pcap_fileno(pd) != -1 ||
+           RFileName != NULL));
+
        if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
                error("unable to enter the capability mode");
 #endif /* HAVE_CAPSICUM */