e9c06cd Coverage: add a flag to disable capsicum when running for coverage — HardenedBSD-pkg

rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9

HardenedBSD Package Manager

Coverage: add a flag to disable capsicum when running for coverage

Baptiste Daroussin committed 4 years ago

commit e9c06cd320ac0e454814c676f10e0cd569850789
parent 7347761

8 files changed +18 -0

modified libpkg/triggers.c

@@ -438,9 +438,11 @@ trigger_execute_lua(const char *script, bool sandbox, pkghash *args)

 		lua_args_table(L, arguments, i);
 #ifdef HAVE_CAPSICUM
 		if (sandbox) {
 #ifndef defined(PKG_COVERAGE)
 			if (cap_enter() < 0 && errno != ENOSYS) {
 				err(1, "cap_enter failed");
 			}
 #endif
 		}
 #endif
 		if (luaL_dostring(L, script)) {

modified src/audit.c

@@ -378,6 +378,7 @@ exec_audit(int argc, char **argv)

 	/* Now we have vulnxml loaded and check list formed */
 #ifdef HAVE_CAPSICUM
 #ifndef PKG_COVERAGE
 	if (cap_enter() < 0 && errno != ENOSYS) {
 		warn("cap_enter() failed");
 		pkg_audit_free(audit);

@@ -385,6 +386,7 @@ exec_audit(int argc, char **argv)

 		return (EPKG_FATAL);
 	}
 #endif
 #endif
 	if (pkg_audit_process(audit) == EPKG_OK) {
 		hit = pkghash_iterator(check);

modified src/clean.c

@@ -382,12 +382,14 @@ exec_clean(int argc, char **argv)

 			return (EXIT_FAILURE);
 		}
 #ifndef PKG_COVERAGE
 		if (cap_enter() < 0 && errno != ENOSYS) {
 			warn("cap_enter() failed");
 			close(cachefd);
 			return (EXIT_FAILURE);
 		}
 #endif
 #endif
 	kv_init(dl);

modified src/event.c

@@ -225,11 +225,13 @@ event_sandboxed_call(pkg_sandbox_cb func, int fd, void *ud)

 	/* Here comes child process */
 #ifdef HAVE_CAPSICUM
 #ifndef PKG_COVERAGE
 	if (cap_enter() < 0 && errno != ENOSYS) {
 		warn("cap_enter() failed");
 		_exit(EXIT_FAILURE);
 	}
 #endif
 #endif
 	ret = func(fd, ud);

@@ -332,11 +334,13 @@ event_sandboxed_get_string(pkg_sandbox_cb func, char **result, int64_t *len,

 		err(EXIT_FAILURE, "Unable to setrlimit(RLIMIT_NPROC)");
 #ifdef HAVE_CAPSICUM
 #ifndef PKG_COVERAGE
 	if (cap_enter() < 0 && errno != ENOSYS) {
 		warn("cap_enter() failed");
 		return (EPKG_FATAL);
 	}
 #endif
 #endif
 	ret = func(pair[0], ud);

modified src/info.c

@@ -277,12 +277,14 @@ exec_info(int argc, char **argv)

 			return (EXIT_FAILURE);
 		}
 #ifndef PKG_COVERAGE
 		if (cap_enter() < 0 && errno != ENOSYS) {
 			warn("cap_enter() failed");
 			close(fd);
 			return (EXIT_FAILURE);
 		}
 #endif
 #endif
 		if (opt == INFO_TAG_NAMEVER)
 			opt |= INFO_FULL;
 		pkg_manifest_keys_new(&keys);

modified src/ssh.c

@@ -81,11 +81,13 @@ exec_ssh(int argc, char **argv __unused)

 		return (EXIT_FAILURE);
 	}
 #ifndef PKG_COVERAGE
 	if (cap_enter() < 0 && errno != ENOSYS) {
 		warn("cap_enter() failed");
 		close(fd);
 		return (EXIT_FAILURE);
 	}
 #endif
 #endif
 	if (pkg_sshserve(fd) != EPKG_OK) {

modified src/updating.c

@@ -316,12 +316,14 @@ exec_updating(int argc, char **argv)

 		return (EXIT_FAILURE);
 	}
 #ifndef PKG_COVERAGE
 	if (cap_enter() < 0 && errno != ENOSYS) {
 		warn("cap_enter() failed");
 		fclose(fd);
 		return (EXIT_FAILURE);
 	}
 #endif
 #endif
 	SLIST_INIT(&origins);
 	if (argc == 0) {

modified src/upgrade.c

@@ -124,6 +124,7 @@ check_vulnerable(struct pkg_audit *audit, struct pkgdb *db, int sock)

 	drop_privileges();
 #ifdef HAVE_CAPSICUM
 #ifndef PKG_COVERAGE
 	if (cap_enter() < 0 && errno != ENOSYS) {
 		warn("cap_enter() failed");
 		pkg_audit_free(audit);

@@ -132,6 +133,7 @@ check_vulnerable(struct pkg_audit *audit, struct pkgdb *db, int sock)

 		return;
 	}
 #endif
 #endif
 	if (pkg_audit_process(audit) == EPKG_OK) {
 		hit = pkghash_iterator(check);