Revert "capsicum: allow terminal events"

This reverts commit 7090ef09fb. fstat/ioctl are checking whether the program is attached to tty for setting buffering. Since xmppipe explicitly enables line buffering, the capsicum sandbox can ignore these tests.
6 years ago · ff3249c391
parent 7090ef09fb
commit ff3249c391
1 changed files with 1 additions and 9 deletions
--- a/src/xmppipe_sandbox_capsicum.c
+++ b/src/xmppipe_sandbox_capsicum.c
@ -39,8 +39,6 @@ xmppipe_sandbox_stdin(xmppipe_state_t *state)
    cap_rights_t policy_write;
    cap_rights_t policy_rw;

-    const unsigned long cmds[] = { TIOCGETA, TIOCGWINSZ };
-
    int fd = -1;

    fd = xmppipe_conn_fd(state);
@ -54,7 +52,7 @@ xmppipe_sandbox_stdin(xmppipe_state_t *state)
        return -1;

    (void)cap_rights_init(&policy_read, CAP_READ, CAP_EVENT);
-    (void)cap_rights_init(&policy_write, CAP_WRITE, CAP_FSTAT, CAP_IOCTL);
+    (void)cap_rights_init(&policy_write, CAP_WRITE);
    (void)cap_rights_init(&policy_rw, CAP_READ, CAP_WRITE,
            CAP_FSTAT, CAP_FCNTL, CAP_EVENT);

@ -64,15 +62,9 @@ xmppipe_sandbox_stdin(xmppipe_state_t *state)
    if (cap_rights_limit(STDOUT_FILENO, &policy_write) < 0)
        return -1;

-    if (cap_ioctls_limit(STDOUT_FILENO, cmds, sizeof(cmds)) < 0)
-        return -1;
-
    if (cap_rights_limit(STDERR_FILENO, &policy_write) < 0)
        return -1;

-    if (cap_ioctls_limit(STDERR_FILENO, cmds, sizeof(cmds)) < 0)
-        return -1;
-
    if (cap_rights_limit(fd, &policy_rw) < 0)
        return -1;