xz: Skip Capsicum sandbox system calls when they are unsupported.

If a system has the Capsicum header files but does not actually implement the system calls, then this would render xz unusable. Instead, we can check if errno == ENOSYS and not issue a fatal error.
2023-03-06 21:27:53 +08:00 · 2023-03-06 21:27:53 +08:00 · 61ee82cb12
parent f070722b57
commit 61ee82cb12
1 changed files with 17 additions and 5 deletions
--- a/src/xz/file_io.c
+++ b/src/xz/file_io.c
@ -193,24 +193,24 @@ io_sandbox_enter(int src_fd)
 	cap_rights_t rights;

 	if (cap_enter())
-		goto error;
+		goto capsicum_error;

 	if (cap_rights_limit(src_fd, cap_rights_init(&rights,
 			CAP_EVENT, CAP_FCNTL, CAP_LOOKUP, CAP_READ, CAP_SEEK)))
-		goto error;
+		goto capsicum_error;

 	if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights,
 			CAP_EVENT, CAP_FCNTL, CAP_FSTAT, CAP_LOOKUP,
 			CAP_WRITE, CAP_SEEK)))
-		goto error;
+		goto capsicum_error;

 	if (cap_rights_limit(user_abort_pipe[0], cap_rights_init(&rights,
 			CAP_EVENT)))
-		goto error;
+		goto capsicum_error;

 	if (cap_rights_limit(user_abort_pipe[1], cap_rights_init(&rights,
 			CAP_WRITE)))
-		goto error;
+		goto capsicum_error;

 #elif defined(HAVE_PLEDGE)
 	// pledge() was introduced in OpenBSD 5.9.
@ -231,6 +231,18 @@ io_sandbox_enter(int src_fd)
 	//message(V_DEBUG, _("Sandbox was successfully enabled"));
 	return;

+#ifdef HAVE_CAPSICUM
+capsicum_error:
+	// Even though it is undocumented, if a kernel is configured without
+	// capability mode support or used in an emulator that does not
+	// implement the capability system calls, then the capsicum system
+	// calls will fail and set errno to ENOSYS.
+	if (errno == ENOSYS) {
+		sandbox_allowed = false;
+		return;
+	}
+#endif
+
 error:
 	message_fatal(_("Failed to enable the sandbox"));
 }