From 8cec9e726f830a4979dd1fdddf88193b8ae7f7cf Mon Sep 17 00:00:00 2001
From: delphij <delphij@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Mon, 3 Mar 2014 23:19:28 +0000
Subject: [PATCH] MFC r261499 (pjd):

Fix installations that use kernels without CAPABILITIES support.


git-svn-id: svn://svn.freebsd.org/base/stable/10@262718 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 crypto/openssh/sandbox-capsicum.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/crypto/openssh/sandbox-capsicum.c b/crypto/openssh/sandbox-capsicum.c
index ee2a7e79e..6064514ef 100644
--- a/crypto/openssh/sandbox-capsicum.c
+++ b/crypto/openssh/sandbox-capsicum.c
@@ -94,10 +94,12 @@ ssh_sandbox_child(struct ssh_sandbox *box)
 		fatal("can't limit stderr: %m");
 
 	cap_rights_init(&rights, CAP_READ, CAP_WRITE);
-	if (cap_rights_limit(box->monitor->m_recvfd, &rights) == -1)
+	if (cap_rights_limit(box->monitor->m_recvfd, &rights) == -1 &&
+	    errno != ENOSYS)
 		fatal("%s: failed to limit the network socket", __func__);
 	cap_rights_init(&rights, CAP_WRITE);
-	if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) == -1)
+	if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) == -1 &&
+	    errno != ENOSYS)
 		fatal("%s: failed to limit the logging socket", __func__);
 	if (cap_enter() < 0 && errno != ENOSYS)
 		fatal("%s: failed to enter capability mode", __func__);
-- 
2.45.0