privsep: We need getsockopt as well as setsockopt on the link socket

So we can report receive buffer size.
Important for route(4) overflow so we can try and set a bigger buffer.

diff --git a/src/if-bsd.c b/src/if-bsd.c
index 75b7e62aa4c9695adcec2aaf46d38b842a58012a..8f10acdcf14d25909047260be3779f2939efd29b 100644 (file)
--- a/src/if-bsd.c
+++ b/src/if-bsd.c
@@ -216,8 +216,10 @@ if_opensockets_os(struct dhcpcd_ctx *ctx)
 #endif
 
 #ifdef PRIVSEP_RIGHTS
+       /* We need to getsockopt for SO_RCVBUF and
+        * setsockopt for RO_MISSFILTER. */
        if (IN_PRIVSEP(ctx))
-               ps_rights_limit_fd_setsockopt(ctx->link_fd);
+               ps_rights_limit_fd_sockopt(ctx->link_fd);
 #endif
 
        return 0;

diff --git a/src/privsep.c b/src/privsep.c
index 693a87f559ae826615b232e09f61e01e8757af90..b54b1b7a787d3f549ee12e32746e146013b2a723 100644 (file)
--- a/src/privsep.c
+++ b/src/privsep.c
@@ -260,11 +260,12 @@ ps_rights_limit_fd(int fd)
 }
 
 int
-ps_rights_limit_fd_setsockopt(int fd)
+ps_rights_limit_fd_sockopt(int fd)
 {
        cap_rights_t rights;
 
-       cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_EVENT, CAP_SETSOCKOPT);
+       cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_EVENT,
+           CAP_GETSOCKOPT, CAP_SETSOCKOPT);
        if (cap_rights_limit(fd, &rights) == -1 && errno != ENOSYS)
                return -1;
        return 0;

diff --git a/src/privsep.h b/src/privsep.h
index cd26a84201ff47f128cd88434b93ebcef419b725..4fd33e7fe74cc6cd1bbf4d44e6ec2c2e7b4caff6 100644 (file)
--- a/src/privsep.h
+++ b/src/privsep.h
@@ -197,7 +197,7 @@ int ps_setbuf_fdpair(int []);
 int ps_rights_limit_ioctl(int);
 int ps_rights_limit_fd_fctnl(int);
 int ps_rights_limit_fd_rdonly(int);
-int ps_rights_limit_fd_setsockopt(int);
+int ps_rights_limit_fd_sockopt(int);
 int ps_rights_limit_fd(int);
 int ps_rights_limit_fdpair(int []);
 #endif