lam(1): Failing to restrict stdin/stdout/stderr should not be fatal

When fed from a pipe, lam(1) would sometimes fail:
lam: unable to limit stdio: Capabilities insufficient

fixed regression in portsnap(8) introduced in r313938

This broke portsnap(8), the app that the capsicumization of lam(1) was
meant to secure.

# portsnap fetch update
Looking up portsnap.FreeBSD.org mirrors... 6 mirrors found.
Fetching snapshot tag from ec2-eu-west-1.portsnap.freebsd.org... done.
Fetching snapshot metadata... done.
Updating from Tue Feb 21 16:05:39 MSK 2017 to Tue Feb 21 16:59:30 MSK 2017.
Fetching 5 metadata patches.lam: unable to limit stdio: Capabilities insufficient
 done.
Applying metadata patches... done.
Fetching 5 metadata files... lam: unable to limit stdio: Capabilities insufficient
/usr/sbin/portsnap: cannot open 8c94d2c3f8fcea20eb1fd82021566c99c63a010e6b3702ee11e7a491795bcfb8.gz: No such file or directory
metadata is corrupt.

Reported by:	Vladimir Zakharov <zakharov.vv@gmail.com>, Ben Woods <woodsb02@gmail.com>

This commit is contained in:

allanjude

2017-02-22 15:30:57 +00:00

parent d6d214bd3e

commit bfa1974608

1 changed files with 1 additions and 2 deletions

									
										3

usr.bin/lam/lam.c
									
											View File
											
				@ -95,8 +95,7 @@ main(int argc, char *argv[])

					 * mode.

					 */

					caph_cache_catpages();

					if (caph_limit_stdio() == -1)

						err(1, "unable to limit stdio");

					caph_limit_stdio();

					if (cap_enter() < 0 && errno != ENOSYS)

						err(1, "unable to enter capability mode");

lam(1): Failing to restrict stdin/stdout/stderr should not be fatal

3 usr.bin/lam/lam.c Unescape Escape View File

3

usr.bin/lam/lam.c

View File