Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 5 Mar 2023 09:40:26 GMT
From:      Xin LI <delphij@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: c237c10a2346 - main - xz: Improve compatibility with systems without capability mode support
Message-ID:  <202303050940.3259eQY5081068@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by delphij:

URL: https://cgit.FreeBSD.org/src/commit/?id=c237c10a2346dec422233db05b2012afd45363fa

commit c237c10a2346dec422233db05b2012afd45363fa
Author:     Xin LI <delphij@FreeBSD.org>
AuthorDate: 2023-03-05 09:40:13 +0000
Commit:     Xin LI <delphij@FreeBSD.org>
CommitDate: 2023-03-05 09:40:13 +0000

    xz: Improve compatibility with systems without capability mode support
    
    When the kernel is built without capability mode support, or when
    using an emulator like qemu-user-static that does not translate
    system calls, these calls will return a negative number and set
    the errno to ENOSYS. However, this error does not indicate a
    real programming or runtime error and is generally ignored by
    base system applications built with capability mode sandboxing.
    
    Match this behavior by making xz(1) to ignore ENOSYS errors
    when calling capability mode system calls too.
    
    PR:             269185
    Reported by:    Dan Kotowski
    MFC after:      2 days
---
 contrib/xz/src/xz/file_io.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/contrib/xz/src/xz/file_io.c b/contrib/xz/src/xz/file_io.c
index a5841b370302..3625393a5dc7 100644
--- a/contrib/xz/src/xz/file_io.c
+++ b/contrib/xz/src/xz/file_io.c
@@ -193,23 +193,24 @@ io_sandbox_enter(int src_fd)
 	cap_rights_t rights;
 
 	if (cap_rights_limit(src_fd, cap_rights_init(&rights,
-			CAP_EVENT, CAP_FCNTL, CAP_LOOKUP, CAP_READ, CAP_SEEK)))
+			CAP_EVENT, CAP_FCNTL, CAP_LOOKUP, CAP_READ, CAP_SEEK)) < 0 &&
+	    errno != ENOSYS)
 		goto error;
 
 	if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights,
 			CAP_EVENT, CAP_FCNTL, CAP_FSTAT, CAP_LOOKUP,
-			CAP_WRITE, CAP_SEEK)))
+			CAP_WRITE, CAP_SEEK)) < 0 && errno != ENOSYS)
 		goto error;
 
 	if (cap_rights_limit(user_abort_pipe[0], cap_rights_init(&rights,
-			CAP_EVENT)))
+			CAP_EVENT)) < 0 && errno != ENOSYS)
 		goto error;
 
 	if (cap_rights_limit(user_abort_pipe[1], cap_rights_init(&rights,
-			CAP_WRITE)))
+			CAP_WRITE)) < 0 && errno != ENOSYS)
 		goto error;
 
-	if (cap_enter())
+	if (cap_enter() < 0 && errno != ENOSYS)
 		goto error;
 
 #elif defined(HAVE_PLEDGE)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202303050940.3259eQY5081068>