diff options
| -rw-r--r-- | usr.bin/units/units.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/usr.bin/units/units.c b/usr.bin/units/units.c index 3f4dfd1..b1a04f7 100644 --- a/usr.bin/units/units.c +++ b/usr.bin/units/units.c @@ -22,11 +22,14 @@ static const char rcsid[] = #include <ctype.h> #include <err.h> +#include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <sys/capsicum.h> + #include "pathnames.h" #define VERSION "1.0" @@ -112,6 +115,7 @@ readunits(const char *userfile) FILE *unitfile; char line[512], *lineptr; int len, linenum, i; + cap_rights_t unitfilerights; unitcount = 0; linenum = 0; @@ -143,6 +147,12 @@ readunits(const char *userfile) errx(1, "can't find units file '%s'", UNITSFILE); } } + if (cap_enter() < 0 && errno != ENOSYS) + err(1, "unable to enter capability mode"); + cap_rights_init(&unitfilerights, CAP_READ, CAP_FSTAT); + if (cap_rights_limit(fileno(unitfile), &unitfilerights) < 0 + && errno != ENOSYS) + err(1, "cap_rights_limit() failed"); while (!feof(unitfile)) { if (!fgets(line, sizeof(line), unitfile)) break; |
