From 007e172d64c834b458a33bbccd2a9a9cc0bf6ace Mon Sep 17 00:00:00 2001
From: Gleb Smirnoff <glebius@FreeBSD.org>
Date: Thu, 27 Apr 2017 05:48:52 +0000
Subject: We need CAP_MMAP_RW on memfd, since init_msix_table() may call
 mmap().

---
 usr.sbin/bhyve/pci_passthru.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'usr.sbin')

diff --git a/usr.sbin/bhyve/pci_passthru.c b/usr.sbin/bhyve/pci_passthru.c
index 2c5366d51d6b..f314679d912b 100644
--- a/usr.sbin/bhyve/pci_passthru.c
+++ b/usr.sbin/bhyve/pci_passthru.c
@@ -703,6 +703,7 @@ passthru_init(struct vmctx *ctx, struct pci_devinst *pi, char *opts)
 
 #ifndef WITHOUT_CAPSICUM
 	cap_rights_clear(&rights, CAP_IOCTL);
+	cap_rights_set(&rights, CAP_MMAP_RW);
 	if (cap_rights_limit(memfd, &rights) == -1 && errno != ENOSYS)
 		errx(EX_OSERR, "Unable to apply rights for sandbox");
 #endif
-- 
cgit v1.3