# HG changeset patch
# User Roy Marples <roy@marples.name>
# Date 1599389839 -3600
# Node ID 2d1bbc57daebab43881cfd862233795312dde212
# Parent  a069d919d44c4d33779f64cd4cdaf257c5fe1713
privsep: limit rights for stdout/stderr/stdin using capsicum

diff -r a069d919d44c -r 2d1bbc57daeb src/privsep.c
--- a/src/privsep.c	Sun Sep 06 03:01:49 2020 +0100
+++ b/src/privsep.c	Sun Sep 06 11:57:19 2020 +0100
@@ -75,6 +75,8 @@
 
 #ifdef HAVE_CAPSICUM
 #include <sys/capsicum.h>
+#include <capsicum_helpers.h>
+#define ps_rights_limit_stdio caph_limit_stdio
 #endif
 #ifdef HAVE_UTIL_H
 #include <util.h>
@@ -340,6 +342,14 @@
 			close(ctx->ps_root_fd);
 			ctx->ps_root_fd = -1;
 		}
+
+#ifdef PRIVSEP_RIGHTS
+		/* We cannot limit the root process in any way. */
+		if (ps_rights_limit_stdio() == -1) {
+			logerr("ps_rights_limit_stdio");
+			goto errexit;
+		}
+#endif
 	}
 
 	if (priv_fd != &ctx->ps_inet_fd && ctx->ps_inet_fd != -1) {
@@ -470,9 +480,9 @@
 	}
 
 #ifdef PRIVSEP_RIGHTS
-	if ((ps_rights_limit_ioctl(ctx->pf_inet_fd) == -1 ||
-	     ps_rights_limit_fd(ctx->link_fd) == -1) &&
-	    errno != ENOSYS)
+	if (ps_rights_limit_ioctl(ctx->pf_inet_fd) == -1 ||
+	     ps_rights_limit_fd(ctx->link_fd) == -1 ||
+	     ps_rights_limit_stdio() == -1)
 	{
 		logerr("%s: cap_rights_limit", __func__);
 		return -1;