svn commit: r340239 - head/usr.bin/bsdiff/bspatch

Wed, 07 Nov 2018 13:01:57 -0800 

Author: oshogbo
Date: Wed Nov  7 21:01:14 2018
New Revision: 340239
URL: https://svnweb.freebsd.org/changeset/base/340239

Log:
  bspatch: simplify capsicumization
  
  Assume that user wants to run with capsicum support if he builds the software
  with HAVE_CAPSICUM. Treat running application without capsicum in the kernel 
as
  an error.
  
  MFC after:    3 weeks

Modified:
  head/usr.bin/bsdiff/bspatch/bspatch.c

Modified: head/usr.bin/bsdiff/bspatch/bspatch.c
==============================================================================
--- head/usr.bin/bsdiff/bspatch/bspatch.c       Wed Nov  7 20:36:57 2018        
(r340238)
+++ head/usr.bin/bsdiff/bspatch/bspatch.c       Wed Nov  7 21:01:14 2018        
(r340239)
@@ -144,26 +144,22 @@ int main(int argc, char *argv[])
        atexit(exit_cleanup);
 
 #ifdef HAVE_CAPSICUM
-       if (cap_enter() < 0) {
-               /* Failed to sandbox, fatal if CAPABILITY_MODE enabled */
-               if (errno != ENOSYS)
-                       err(1, "failed to enter security sandbox");
-       } else {
-               /* Capsicum Available */
-               cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK);
-               cap_rights_init(&rights_wr, CAP_WRITE);
-               cap_rights_init(&rights_dir, CAP_UNLINKAT);
+       if (cap_enter() < 0)
+               err(1, "failed to enter security sandbox");
 
-               if (cap_rights_limit(fileno(f), &rights_ro) < 0 ||
-                   cap_rights_limit(fileno(cpf), &rights_ro) < 0 ||
-                   cap_rights_limit(fileno(dpf), &rights_ro) < 0 ||
-                   cap_rights_limit(fileno(epf), &rights_ro) < 0 ||
-                   cap_rights_limit(oldfd, &rights_ro) < 0 ||
-                   cap_rights_limit(newfd, &rights_wr) < 0 ||
-                   cap_rights_limit(dirfd, &rights_dir) < 0)
-                       err(1, "cap_rights_limit() failed, could not restrict"
-                           " capabilities");
-       }
+       cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK);
+       cap_rights_init(&rights_wr, CAP_WRITE);
+       cap_rights_init(&rights_dir, CAP_UNLINKAT);
+
+       if (cap_rights_limit(fileno(f), &rights_ro) < 0 ||
+           cap_rights_limit(fileno(cpf), &rights_ro) < 0 ||
+           cap_rights_limit(fileno(dpf), &rights_ro) < 0 ||
+           cap_rights_limit(fileno(epf), &rights_ro) < 0 ||
+           cap_rights_limit(oldfd, &rights_ro) < 0 ||
+           cap_rights_limit(newfd, &rights_wr) < 0 ||
+           cap_rights_limit(dirfd, &rights_dir) < 0)
+               err(1, "cap_rights_limit() failed, could not restrict"
+                   " capabilities");
 #endif
 
        /*
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to