Refactor to first open all fds and FILE *s, and move processing after cap_enter.
Unit Tests Skipped
I'm not sure if you spoke with AllanJude but he proposed patch https://reviews.freebsd.org/D7358 for bspatch .
Capsicumizing looks good for me.
There was a general request in that patch: "People downstream bspatch in other projects. Can we ifdef this based on something?", in tcpdump we ifdef it based on FreeBSD.
sys should be in separate block, right?
#include <sys/capsicum.h> #include <...>
I'm not sure about style of this file.
The same with:
delphij@ pointed out in original patch, that this file should be removed if any other error accrues.
Yes, the style in here is already a mess, but you're right that these should be fixed.
In fact I think we should perhaps first style(9) this file (or at least the parts we're going to be changing -- file opening, seeking etc.), to make the subsequent work for capsicum more clear.
Yes, we can #ifdef it easily. For elftoolchain I proposed this:
not sure if we should bother with the version checks in-tree.
I like your ifdef style there.
I also like delphij's idea of, in the case of there not being capsicum, chroot to /var/empty, but this requires root. I have a modified version of my patch that tries to address this, but it started to get ugly. I can post it later today