bhyve/slirp: Drop privileges before entering capability mode

When in restricted mode, the slirp-helper process enters a capsicum
sandbox, after which we cannot look up the uid for the "nobody" user.
Reverse the order.

Reported by:	kp
Fixes:	0e62ebd201 ("bhyve: Move the slirp backend out into a separate process")
This commit is contained in:
Mark Johnston
2025-11-24 14:15:27 +00:00
parent bac572b2b1
commit b0c7eaf83d
+5 -5
View File
@@ -547,6 +547,11 @@ main(int argc, char **argv)
priv.slirp = slirp;
/*
* Drop root privileges if we have them.
*/
drop_privs();
/*
* In restricted mode, we can enter a Capsicum sandbox without losing
* functionality.
@@ -554,11 +559,6 @@ main(int argc, char **argv)
if (restricted && caph_enter() != 0)
err(1, "caph_enter");
/*
* Drop root privileges if we have them.
*/
drop_privs();
/*
* Enter our main loop. If bhyve goes away, we should observe a hangup
* on the socket and exit.