diff options
author | Jia Tan <jiat0218@gmail.com> | 2023-03-06 21:27:53 +0800 |
---|---|---|
committer | Jia Tan <jiat0218@gmail.com> | 2023-03-06 21:27:53 +0800 |
commit | 61ee82cb1232a402c82282bbae42821f2b952b0d (patch) | |
tree | 563e5033135736429ef85ba4ca24b50661f5d296 /src/xz | |
parent | xz: Reorder cap_enter() to beginning of capsicum sandbox code. (diff) | |
download | xz-61ee82cb1232a402c82282bbae42821f2b952b0d.tar.xz |
xz: Skip Capsicum sandbox system calls when they are unsupported.
If a system has the Capsicum header files but does not actually
implement the system calls, then this would render xz unusable. Instead,
we can check if errno == ENOSYS and not issue a fatal error.
Diffstat (limited to 'src/xz')
-rw-r--r-- | src/xz/file_io.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/src/xz/file_io.c b/src/xz/file_io.c index 382fc02c..71b5377e 100644 --- a/src/xz/file_io.c +++ b/src/xz/file_io.c @@ -193,24 +193,24 @@ io_sandbox_enter(int src_fd) cap_rights_t rights; if (cap_enter()) - goto error; + goto capsicum_error; if (cap_rights_limit(src_fd, cap_rights_init(&rights, CAP_EVENT, CAP_FCNTL, CAP_LOOKUP, CAP_READ, CAP_SEEK))) - goto error; + goto capsicum_error; if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights, CAP_EVENT, CAP_FCNTL, CAP_FSTAT, CAP_LOOKUP, CAP_WRITE, CAP_SEEK))) - goto error; + goto capsicum_error; if (cap_rights_limit(user_abort_pipe[0], cap_rights_init(&rights, CAP_EVENT))) - goto error; + goto capsicum_error; if (cap_rights_limit(user_abort_pipe[1], cap_rights_init(&rights, CAP_WRITE))) - goto error; + goto capsicum_error; #elif defined(HAVE_PLEDGE) // pledge() was introduced in OpenBSD 5.9. @@ -231,6 +231,18 @@ io_sandbox_enter(int src_fd) //message(V_DEBUG, _("Sandbox was successfully enabled")); return; +#ifdef HAVE_CAPSICUM +capsicum_error: + // Even though it is undocumented, if a kernel is configured without + // capability mode support or used in an emulator that does not + // implement the capability system calls, then the capsicum system + // calls will fail and set errno to ENOSYS. + if (errno == ENOSYS) { + sandbox_allowed = false; + return; + } +#endif + error: message_fatal(_("Failed to enable the sandbox")); } |