git: 2e12642a6595 - stable/12 - xz: Improve compatibility with systems without capability mode support

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Xin LI <delphij_at_FreeBSD.org>
Date: Tue, 07 Mar 2023 06:56:32 UTC

The branch stable/12 has been updated by delphij:

URL: https://cgit.FreeBSD.org/src/commit/?id=2e12642a65957e7ab518699e1f8a9a5aa95ea45f

commit 2e12642a65957e7ab518699e1f8a9a5aa95ea45f
Author:     Xin LI <delphij@FreeBSD.org>
AuthorDate: 2023-03-05 09:40:13 +0000
Commit:     Xin LI <delphij@FreeBSD.org>
CommitDate: 2023-03-07 06:56:18 +0000

    xz: Improve compatibility with systems without capability mode support
    
    When the kernel is built without capability mode support, or when
    using an emulator like qemu-user-static that does not translate
    system calls, these calls will return a negative number and set
    the errno to ENOSYS. However, this error does not indicate a
    real programming or runtime error and is generally ignored by
    base system applications built with capability mode sandboxing.
    
    Match this behavior by making xz(1) to ignore ENOSYS errors
    when calling capability mode system calls too.
    
    PR:             269185
    Reported by:    Dan Kotowski
    
    (cherry picked from commit c237c10a2346dec422233db05b2012afd45363fa)
---
 contrib/xz/src/xz/file_io.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/contrib/xz/src/xz/file_io.c b/contrib/xz/src/xz/file_io.c
index 41e4c2d893f8..6adbb7a6497b 100644
--- a/contrib/xz/src/xz/file_io.c
+++ b/contrib/xz/src/xz/file_io.c
@@ -193,23 +193,24 @@ io_sandbox_enter(int src_fd)
 	cap_rights_t rights;
 
 	if (cap_rights_limit(src_fd, cap_rights_init(&rights,
-			CAP_EVENT, CAP_FCNTL, CAP_LOOKUP, CAP_READ, CAP_SEEK)))
+			CAP_EVENT, CAP_FCNTL, CAP_LOOKUP, CAP_READ, CAP_SEEK)) < 0 &&
+	    errno != ENOSYS)
 		goto error;
 
 	if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights,
 			CAP_EVENT, CAP_FCNTL, CAP_FSTAT, CAP_LOOKUP,
-			CAP_WRITE, CAP_SEEK)))
+			CAP_WRITE, CAP_SEEK)) < 0 && errno != ENOSYS)
 		goto error;
 
 	if (cap_rights_limit(user_abort_pipe[0], cap_rights_init(&rights,
-			CAP_EVENT)))
+			CAP_EVENT)) < 0 && errno != ENOSYS)
 		goto error;
 
 	if (cap_rights_limit(user_abort_pipe[1], cap_rights_init(&rights,
-			CAP_WRITE)))
+			CAP_WRITE)) < 0 && errno != ENOSYS)
 		goto error;
 
-	if (cap_enter())
+	if (cap_enter() < 0 && errno != ENOSYS)
 		goto error;
 
 #else