From owner-svn-src-all@freebsd.org  Mon Sep 19 06:39:13 2016
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1FAB4BE081C;
 Mon, 19 Sep 2016 06:39:13 +0000 (UTC)
 (envelope-from bapt@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D6492D45;
 Mon, 19 Sep 2016 06:39:12 +0000 (UTC)
 (envelope-from bapt@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u8J6dBrl016570;
 Mon, 19 Sep 2016 06:39:11 GMT (envelope-from bapt@FreeBSD.org)
Received: (from bapt@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u8J6dBkh016569;
 Mon, 19 Sep 2016 06:39:11 GMT (envelope-from bapt@FreeBSD.org)
Message-Id: <201609190639.u8J6dBkh016569@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: bapt set sender to
 bapt@FreeBSD.org using -f
From: Baptiste Daroussin <bapt@FreeBSD.org>
Date: Mon, 19 Sep 2016 06:39:11 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r305959 - head/usr.bin/soelim
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Sep 2016 06:39:13 -0000

Author: bapt
Date: Mon Sep 19 06:39:11 2016
New Revision: 305959
URL: https://svnweb.freebsd.org/changeset/base/305959

Log:
  Revert capsicum support
  
  In some corner case VFS lookup is not working and I do not have time to debug
  it for now.

Modified:
  head/usr.bin/soelim/soelim.c

Modified: head/usr.bin/soelim/soelim.c
==============================================================================
--- head/usr.bin/soelim/soelim.c	Mon Sep 19 06:39:08 2016	(r305958)
+++ head/usr.bin/soelim/soelim.c	Mon Sep 19 06:39:11 2016	(r305959)
@@ -27,24 +27,15 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
-#include <sys/param.h>
-#if __FreeBSD_version > 1001510
-#include <sys/capsicum.h>
-#else
-#include <sys/capability.h>
-#endif
 #include <sys/types.h>
 
 #include <ctype.h>
 #include <err.h>
-#include <errno.h>
-#include <fcntl.h>
 #include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <stringlist.h>
-#include <termios.h>
 #include <unistd.h>
 
 #define C_OPTION 0x1
@@ -60,31 +51,18 @@ usage(void)
 	exit(EXIT_FAILURE);
 }
 
-static const char *
-relpath(const char *path)
-{
-
-	while (*path == '/' && *path != '\0')
-		path++;
-
-	return (path);
-}
-
 static FILE *
-soelim_fopen(int rootfd, const char *name)
+soelim_fopen(const char *name)
 {
-	FILE *f = NULL;
+	FILE *f;
 	char path[PATH_MAX];
 	size_t i;
-	int fd;
 
 	if (strcmp(name, "-") == 0)
 		return (stdin);
 
-	if ((fd = openat(rootfd, relpath(name), O_RDONLY)) != -1) {
-		f = fdopen(fd, "r");
-		goto out;
-	}
+	if ((f = fopen(name, "r")) != NULL)
+		return (f);
 
 	if (*name == '/') {
 		warn("can't open '%s'", name);
@@ -94,21 +72,17 @@ soelim_fopen(int rootfd, const char *nam
 	for (i = 0; i < includes->sl_cur; i++) {
 		snprintf(path, sizeof(path), "%s/%s", includes->sl_str[i],
 		    name);
-		if ((fd = openat(rootfd, relpath(path), O_RDONLY)) != -1) {
-			f = fdopen(fd, "r");
-			break;
-		}
+		if ((f = fopen(path, "r")) != NULL)
+			return (f);
 	}
 
-out:
-	if (f == NULL)
-		warn("can't open '%s'", name);
+	warn("can't open '%s'", name);
 
 	return (f);
 }
 
 static int
-soelim_file(int rootfd, FILE *f, int flag)
+soelim_file(FILE *f, int flag)
 {
 	char *line = NULL;
 	char *walk, *cp;
@@ -144,7 +118,7 @@ soelim_file(int rootfd, FILE *f, int fla
 			printf("%s", line);
 			continue;
 		}
-		if (soelim_file(rootfd, soelim_fopen(rootfd, walk), flag) == 1) {
+		if (soelim_file(soelim_fopen(walk), flag) == 1) {
 			free(line);
 			return (1);
 		}
@@ -161,17 +135,11 @@ soelim_file(int rootfd, FILE *f, int fla
 int
 main(int argc, char **argv)
 {
-	int ch, i, rootfd;
+	int ch, i;
 	int ret = 0;
 	int flags = 0;
-	char cwd[MAXPATHLEN];
-	unsigned long cmd;
-	cap_rights_t rights;
 
 	includes = sl_init();
-	if (getcwd(cwd, sizeof(cwd)) != NULL)
-		sl_add(includes, cwd);
-
 	if (includes == NULL)
 		err(EXIT_FAILURE, "sl_init()");
 
@@ -197,44 +165,13 @@ main(int argc, char **argv)
 	argc -= optind;
 	argv += optind;
 
-	rootfd = open("/", O_DIRECTORY | O_RDONLY);
-	if (rootfd == -1)
-		err(EXIT_FAILURE, "unable to open '/'");
-	cap_rights_init(&rights, CAP_READ, CAP_FSTAT, CAP_IOCTL);
-	/*
-	 * EBADF in case stdin is closed by the caller
-	 */
-	if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS
-	    && errno != EBADF)
-		err(EXIT_FAILURE, "unable to limit rights for stdin");
-	cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT, CAP_IOCTL);
-	if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
-		err(EXIT_FAILURE, "unable to limit rights for stdout");
-	if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
-		err(EXIT_FAILURE, "unable to limit rights for stderr");
-	cap_rights_init(&rights, CAP_READ, CAP_LOOKUP, CAP_FSTAT, CAP_FCNTL);
-	if (cap_rights_limit(rootfd, &rights) < 0 && errno != ENOSYS)
-		err(EXIT_FAILURE, "unable to limit rights");
-
-	cmd = TIOCGETA;
-	if (cap_ioctls_limit(STDOUT_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
-		err(EXIT_FAILURE, "unable to limit ioctls for stdout");
-	if (cap_ioctls_limit(STDERR_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
-		err(EXIT_FAILURE, "unable to limit ioctls for stderr");
-	if (cap_ioctls_limit(STDIN_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
-		err(EXIT_FAILURE, "unable to limit ioctls for stdin");
-
-	if (cap_enter() < 0 && errno != ENOSYS)
-		err(EXIT_FAILURE, "unable to enter capability mode");
-
 	if (argc == 0)
-		ret = soelim_file(rootfd, stdin, flags);
+		ret = soelim_file(stdin, flags);
 
 	for (i = 0; i < argc; i++)
-		ret = soelim_file(rootfd, soelim_fopen(rootfd, argv[i]), flags);
+		ret = soelim_file(soelim_fopen(argv[i]), flags);
 
 	sl_free(includes, 0);
-	close(rootfd);
 
 	return (ret);
 }