From owner-svn-src-head@freebsd.org Wed Feb 22 15:30:58 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A256ECE9BDD; Wed, 22 Feb 2017 15:30:58 +0000 (UTC) (envelope-from allanjude@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 66C5B1A03; Wed, 22 Feb 2017 15:30:58 +0000 (UTC) (envelope-from allanjude@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v1MFUvfS028506; Wed, 22 Feb 2017 15:30:57 GMT (envelope-from allanjude@FreeBSD.org) Received: (from allanjude@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v1MFUvaT028505; Wed, 22 Feb 2017 15:30:57 GMT (envelope-from allanjude@FreeBSD.org) Message-Id: <201702221530.v1MFUvaT028505@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: allanjude set sender to allanjude@FreeBSD.org using -f From: Allan Jude Date: Wed, 22 Feb 2017 15:30:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r314098 - head/usr.bin/lam X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Feb 2017 15:30:58 -0000 Author: allanjude Date: Wed Feb 22 15:30:57 2017 New Revision: 314098 URL: https://svnweb.freebsd.org/changeset/base/314098 Log: lam(1): Failing to restrict stdin/stdout/stderr should not be fatal When fed from a pipe, lam(1) would sometimes fail: lam: unable to limit stdio: Capabilities insufficient fixed regression in portsnap(8) introduced in r313938 This broke portsnap(8), the app that the capsicumization of lam(1) was meant to secure. # portsnap fetch update Looking up portsnap.FreeBSD.org mirrors... 6 mirrors found. Fetching snapshot tag from ec2-eu-west-1.portsnap.freebsd.org... done. Fetching snapshot metadata... done. Updating from Tue Feb 21 16:05:39 MSK 2017 to Tue Feb 21 16:59:30 MSK 2017. Fetching 5 metadata patches.lam: unable to limit stdio: Capabilities insufficient done. Applying metadata patches... done. Fetching 5 metadata files... lam: unable to limit stdio: Capabilities insufficient /usr/sbin/portsnap: cannot open 8c94d2c3f8fcea20eb1fd82021566c99c63a010e6b3702ee11e7a491795bcfb8.gz: No such file or directory metadata is corrupt. Reported by: Vladimir Zakharov , Ben Woods Modified: head/usr.bin/lam/lam.c Modified: head/usr.bin/lam/lam.c ============================================================================== --- head/usr.bin/lam/lam.c Wed Feb 22 10:21:39 2017 (r314097) +++ head/usr.bin/lam/lam.c Wed Feb 22 15:30:57 2017 (r314098) @@ -95,8 +95,7 @@ main(int argc, char *argv[]) * mode. */ caph_cache_catpages(); - if (caph_limit_stdio() == -1) - err(1, "unable to limit stdio"); + caph_limit_stdio(); if (cap_enter() < 0 && errno != ENOSYS) err(1, "unable to enter capability mode");