aniani/irssi
1
0
Fork 0
mirror of https://github.com/irssi/irssi.git synced 2024-10-27 05:20:20 -04:00
Code

Limit capsicum rights to stdio.

Browse Source 
This requires FreeBSD fix (https://reviews.freebsd.org/D12622)
to work properly.
This commit is contained in:
Edward Tomasz Napierala 2017-10-07 03:28:02 +01:00
parent 92dbb1895b
commit 40ae8f5fa6
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/core/capsicum.c
View File

@ -37,6 +37,7 @@
#include <sys/nv.h> #include <sys/nv.h>
#include <sys/procdesc.h> #include <sys/procdesc.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <capsicum_helpers.h>
#include <string.h> #include <string.h>
#define OPCODE_CONNECT 1 #define OPCODE_CONNECT 1
@ -410,6 +411,13 @@ static void cmd_capsicum_enter(void)
*/ */
signal(SIGCHLD, SIG_IGN); signal(SIGCHLD, SIG_IGN);
error = caph_limit_stdio();
if (error != 0) {
g_warning("caph_limit_stdio(3) failed: %s", strerror(errno));
signal_emit("capability mode failed", 1, strerror(errno));
return;
}
error = cap_enter(); error = cap_enter();
if (error != 0) { if (error != 0) {
signal_emit("capability mode failed", 1, strerror(errno)); signal_emit("capability mode failed", 1, strerror(errno));