From 2d2d6e9503d9022cc8af8dbee480f38405b73576 Mon Sep 17 00:00:00 2001
From: Vincent Bernat <bernat@luffy.cx>
Date: Thu, 17 Jan 2013 22:00:24 +0100
Subject: [PATCH] priv: make inability to set write filter as fatal

On BSD, if the userland supports an ioctl, the kernel is in sync and
also supports the ioctl. So, if BIOCSETWF exists, it should succeed.
---
 src/daemon/priv.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/daemon/priv.c b/src/daemon/priv.c
index 67f84a2d..41eca522 100644
--- a/src/daemon/priv.c
+++ b/src/daemon/priv.c
@@ -466,8 +466,10 @@ asroot_iface_init()
 #ifdef BIOCSETWF
 	/* Install write filter (optional) */
 	if (ioctl(fd, BIOCSETWF, (caddr_t)&fprog) < 0) {
+		rc = errno;
 		log_info("privsep", "unable to setup write BPF filter for %s",
 		    name);
+		goto end;
 	}
 #endif
 
-- 
2.39.5