From fc0df0f8db87dff45543708a711e17d29c37f632 Mon Sep 17 00:00:00 2001 From: Lasse Collin Date: Wed, 1 Apr 2015 14:45:25 +0300 Subject: [PATCH] xz: Fix the Capsicum rights on user_abort_pipe. --- src/xz/file_io.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/xz/file_io.c b/src/xz/file_io.c index 308fa1d2..8a5e0453 100644 --- a/src/xz/file_io.c +++ b/src/xz/file_io.c @@ -195,8 +195,12 @@ io_sandbox_enter(int src_fd) CAP_WRITE, CAP_SEEK))) goto error; + if (cap_rights_limit(user_abort_pipe[0], cap_rights_init(&rights, + CAP_EVENT))) + goto error; + if (cap_rights_limit(user_abort_pipe[1], cap_rights_init(&rights, - CAP_EVENT, CAP_WRITE))) + CAP_WRITE))) goto error; if (cap_enter())