From 2e2cd11535ad77364cf021297e0b3f162fa3a3d0 Mon Sep 17 00:00:00 2001 From: Lasse Collin Date: Mon, 9 Oct 2023 18:13:08 +0300 Subject: Simplify detection of Capsicum support. This removes support for FreeBSD 10.0 and 10.1 which used instead of . Support for FreeBSD 10.1 ended on 2016-12-31. So now FreeBSD >= 10.2 is required to enable Capsicum support. This also removes support for Capsicum on Linux (libcaprights) which seems to have been unmaintained since 2017 and Linux 4.11: https://github.com/google/capsicum-linux --- src/xz/Makefile.am | 2 +- src/xz/file_io.c | 14 +++++--------- src/xz/private.h | 2 +- 3 files changed, 7 insertions(+), 11 deletions(-) (limited to 'src/xz') diff --git a/src/xz/Makefile.am b/src/xz/Makefile.am index 4bc64f36..34b3c598 100644 --- a/src/xz/Makefile.am +++ b/src/xz/Makefile.am @@ -53,7 +53,7 @@ xz_CPPFLAGS = \ -I$(top_srcdir)/src/liblzma/api \ -I$(top_builddir)/lib -xz_LDADD = $(top_builddir)/src/liblzma/liblzma.la $(CAPSICUM_LIB) +xz_LDADD = $(top_builddir)/src/liblzma/liblzma.la if COND_GNULIB xz_LDADD += $(top_builddir)/lib/libgnu.a diff --git a/src/xz/file_io.c b/src/xz/file_io.c index 55652c53..5a7d317f 100644 --- a/src/xz/file_io.c +++ b/src/xz/file_io.c @@ -29,12 +29,8 @@ static bool warn_fchown; # include #endif -#ifdef HAVE_CAPSICUM -# ifdef HAVE_SYS_CAPSICUM_H -# include -# else -# include -# endif +#ifdef HAVE_CAP_RIGHTS_LIMIT +# include #endif #include "tuklib_open_stdxxx.h" @@ -214,8 +210,8 @@ io_sandbox_enter(int src_fd) // characters have been loaded. This is needed at least with glibc. tuklib_mbstr_width(dummy_str, NULL); -#ifdef HAVE_CAPSICUM - // Capsicum needs FreeBSD 10.0 or later. +#ifdef HAVE_CAP_RIGHTS_LIMIT + // Capsicum needs FreeBSD 10.2 or later. cap_rights_t rights; if (cap_enter()) @@ -266,7 +262,7 @@ io_sandbox_enter(int src_fd) return; error: -#ifdef HAVE_CAPSICUM +#ifdef HAVE_CAP_RIGHTS_LIMIT // If a kernel is configured without capability mode support or // used in an emulator that does not implement the capability // system calls, then the Capsicum system calls will fail and set diff --git a/src/xz/private.h b/src/xz/private.h index 8542427f..ddcc103c 100644 --- a/src/xz/private.h +++ b/src/xz/private.h @@ -52,7 +52,7 @@ # define STDERR_FILENO (fileno(stderr)) #endif -#if defined(HAVE_CAPSICUM) || defined(HAVE_PLEDGE) +#if defined(HAVE_CAP_RIGHTS_LIMIT) || defined(HAVE_PLEDGE) # define ENABLE_SANDBOX 1 #endif -- cgit v1.2.3