aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJia Tan <jiat0218@gmail.com>2023-03-06 21:27:53 +0800
committerJia Tan <jiat0218@gmail.com>2023-03-06 21:27:53 +0800
commit61ee82cb1232a402c82282bbae42821f2b952b0d (patch)
tree563e5033135736429ef85ba4ca24b50661f5d296 /src
parentxz: Reorder cap_enter() to beginning of capsicum sandbox code. (diff)
downloadxz-61ee82cb1232a402c82282bbae42821f2b952b0d.tar.xz
xz: Skip Capsicum sandbox system calls when they are unsupported.
If a system has the Capsicum header files but does not actually implement the system calls, then this would render xz unusable. Instead, we can check if errno == ENOSYS and not issue a fatal error.
Diffstat (limited to 'src')
-rw-r--r--src/xz/file_io.c22
1 files changed, 17 insertions, 5 deletions
diff --git a/src/xz/file_io.c b/src/xz/file_io.c
index 382fc02c..71b5377e 100644
--- a/src/xz/file_io.c
+++ b/src/xz/file_io.c
@@ -193,24 +193,24 @@ io_sandbox_enter(int src_fd)
cap_rights_t rights;
if (cap_enter())
- goto error;
+ goto capsicum_error;
if (cap_rights_limit(src_fd, cap_rights_init(&rights,
CAP_EVENT, CAP_FCNTL, CAP_LOOKUP, CAP_READ, CAP_SEEK)))
- goto error;
+ goto capsicum_error;
if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights,
CAP_EVENT, CAP_FCNTL, CAP_FSTAT, CAP_LOOKUP,
CAP_WRITE, CAP_SEEK)))
- goto error;
+ goto capsicum_error;
if (cap_rights_limit(user_abort_pipe[0], cap_rights_init(&rights,
CAP_EVENT)))
- goto error;
+ goto capsicum_error;
if (cap_rights_limit(user_abort_pipe[1], cap_rights_init(&rights,
CAP_WRITE)))
- goto error;
+ goto capsicum_error;
#elif defined(HAVE_PLEDGE)
// pledge() was introduced in OpenBSD 5.9.
@@ -231,6 +231,18 @@ io_sandbox_enter(int src_fd)
//message(V_DEBUG, _("Sandbox was successfully enabled"));
return;
+#ifdef HAVE_CAPSICUM
+capsicum_error:
+ // Even though it is undocumented, if a kernel is configured without
+ // capability mode support or used in an emulator that does not
+ // implement the capability system calls, then the capsicum system
+ // calls will fail and set errno to ENOSYS.
+ if (errno == ENOSYS) {
+ sandbox_allowed = false;
+ return;
+ }
+#endif
+
error:
message_fatal(_("Failed to enable the sandbox"));
}