diff options
author | Lasse Collin <lasse.collin@tukaani.org> | 2023-03-11 18:42:08 +0200 |
---|---|---|
committer | Lasse Collin <lasse.collin@tukaani.org> | 2023-03-11 18:46:45 +0200 |
commit | 717aa3651ce582807f379d8654c2516e1594df77 (patch) | |
tree | 9ebda504ef547196bb545d452dc47e8db69ac5cf | |
parent | xz: Make Capsicum sandbox more strict with stdin and stdout. (diff) | |
download | xz-717aa3651ce582807f379d8654c2516e1594df77.tar.xz |
xz: Simplify the error-label in Capsicum sandbox code.
Also remove unneeded "sandbox_allowed = false;" as this code
will never be run more than once (making it work with multiple
input files isn't trivial).
Diffstat (limited to '')
-rw-r--r-- | src/xz/file_io.c | 27 |
1 files changed, 12 insertions, 15 deletions
diff --git a/src/xz/file_io.c b/src/xz/file_io.c index ca452cdc..29f46ea7 100644 --- a/src/xz/file_io.c +++ b/src/xz/file_io.c @@ -193,32 +193,32 @@ io_sandbox_enter(int src_fd) cap_rights_t rights; if (cap_enter()) - goto capsicum_error; + goto error; if (cap_rights_limit(src_fd, cap_rights_init(&rights, CAP_EVENT, CAP_FCNTL, CAP_LOOKUP, CAP_READ, CAP_SEEK))) - goto capsicum_error; + goto error; if (src_fd != STDIN_FILENO && cap_rights_limit( STDIN_FILENO, cap_rights_clear(&rights))) - goto capsicum_error; + goto error; if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights, CAP_EVENT, CAP_FCNTL, CAP_FSTAT, CAP_LOOKUP, CAP_WRITE, CAP_SEEK))) - goto capsicum_error; + goto error; if (cap_rights_limit(STDERR_FILENO, cap_rights_init(&rights, CAP_WRITE))) - goto capsicum_error; + goto error; if (cap_rights_limit(user_abort_pipe[0], cap_rights_init(&rights, CAP_EVENT))) - goto capsicum_error; + goto error; if (cap_rights_limit(user_abort_pipe[1], cap_rights_init(&rights, CAP_WRITE))) - goto capsicum_error; + goto error; #elif defined(HAVE_PLEDGE) // pledge() was introduced in OpenBSD 5.9. @@ -239,18 +239,15 @@ io_sandbox_enter(int src_fd) //message(V_DEBUG, _("Sandbox was successfully enabled")); return; +error: #ifdef HAVE_CAPSICUM -capsicum_error: // If a kernel is configured without capability mode support or // used in an emulator that does not implement the capability - // system calls, then the capsicum system calls will fail and set - // errno to ENOSYS. - if (errno == ENOSYS) { - sandbox_allowed = false; + // system calls, then the Capsicum system calls will fail and set + // errno to ENOSYS. In that case xz will silently run without + // the sandbox. + if (errno == ENOSYS) return; - } -#else -error: #endif message_fatal(_("Failed to enable the sandbox")); } |