add capsicum to units(1)

author: eadler <eadler@FreeBSD.org> 2014-03-30 16:04:47 +0000
committer: eadler <eadler@FreeBSD.org> 2014-03-30 16:04:47 +0000
commit: 6e60e412c5a8b67e0a7f0d8617598d27e9cee5b6 (patch)
tree: b03bc73697ec431e6605ab1b4d1a3c2a798f573f /usr.bin
parent: 36d945cfaca63950856485831c8b0f42e810163b (diff)
download: FreeBSD-src-6e60e412c5a8b67e0a7f0d8617598d27e9cee5b6.zip
FreeBSD-src-6e60e412c5a8b67e0a7f0d8617598d27e9cee5b6.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/usr.bin/units/units.c b/usr.bin/units/units.c
index 3f4dfd1..b1a04f7 100644
--- a/usr.bin/units/units.c
+++ b/usr.bin/units/units.c
@@ -22,11 +22,14 @@ static const char rcsid[] =
 
 #include <ctype.h>
 #include <err.h>
+#include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 
+#include <sys/capsicum.h>
+
 #include "pathnames.h"
 
 #define VERSION "1.0"
@@ -112,6 +115,7 @@ readunits(const char *userfile)
 	FILE *unitfile;
 	char line[512], *lineptr;
 	int len, linenum, i;
+	cap_rights_t unitfilerights;
 
 	unitcount = 0;
 	linenum = 0;
@@ -143,6 +147,12 @@ readunits(const char *userfile)
 				errx(1, "can't find units file '%s'", UNITSFILE);
 		}
 	}
+	if (cap_enter() < 0 && errno != ENOSYS)
+		err(1, "unable to enter capability mode");
+	cap_rights_init(&unitfilerights, CAP_READ, CAP_FSTAT);
+	if (cap_rights_limit(fileno(unitfile), &unitfilerights) < 0
+		&& errno != ENOSYS)
+		err(1, "cap_rights_limit() failed");
 	while (!feof(unitfile)) {
 		if (!fgets(line, sizeof(line), unitfile))
 			break;
author	eadler <eadler@FreeBSD.org>	2014-03-30 16:04:47 +0000
committer	eadler <eadler@FreeBSD.org>	2014-03-30 16:04:47 +0000
commit	6e60e412c5a8b67e0a7f0d8617598d27e9cee5b6 (patch)
tree	b03bc73697ec431e6605ab1b4d1a3c2a798f573f /usr.bin
parent	36d945cfaca63950856485831c8b0f42e810163b (diff)
download	FreeBSD-src-6e60e412c5a8b67e0a7f0d8617598d27e9cee5b6.zip FreeBSD-src-6e60e412c5a8b67e0a7f0d8617598d27e9cee5b6.tar.gz