lam will be used in portsnap after D8074
Details
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Move the boilerplate code to a static function
This can be replaced with the capsicum helper function/library when it arrives
Looks good to me in principle; see inline comment above.
It seems like we now have enough experience confining std{in,out,err} to extract that into a library function?
usr.bin/lam/lam.c | ||
---|---|---|
92 ↗ | (On Diff #20818) | Could we use something from sysexits.h here (e.g., EX_OSERR) rather than the value 1? |
usr.bin/lam/lam.c | ||
---|---|---|
92 ↗ | (On Diff #20818) | According to bde@ and others sysexits is a mistake; see e.g. https://lists.freebsd.org/pipermail/svn-src-head/2013-January/044174.html. Style(9) just says Exits should be 0 on success, or 1 on failure. |
usr.bin/lam/lam.c | ||
---|---|---|
92 ↗ | (On Diff #20818) | I don't think BDE is right about that, but 1 is fine for simple programs that aren't already using sysexits-style codes. |
usr.bin/lam/lam.c | ||
---|---|---|
164–165 ↗ | (On Diff #20818) | getargs() is invoked after the sandbox is entered. It seems unlikely fopen() will work. |
Maybe move setup_capsicum below getargs() and move cap_enter() into it.
usr.bin/lam/lam.c | ||
---|---|---|
164–165 ↗ | (On Diff #20818) | Just kidding. I see cap_enter() happens after setup_capsicum, for some reason. |
usr.bin/lam/lam.c | ||
---|---|---|
164–165 ↗ | (On Diff #20818) | I asked for something like setup_capsicum as a placeholder for the upcoming Capsicum helpers, but it seems the name can lead the reader astray. What if we just copy the necessary proposed Capsicum helpers into here for now, prior to them being committed? |
usr.bin/lam/lam.c | ||
---|---|---|
164–165 ↗ | (On Diff #20818) | I don't think we make our reviewee dance too much just to capsicum this program. It's fine as-is and either way, will require only one fixup change later after the helpers land. |
It seems that this breaks lam (and thus portsnap) on systems without capsicum. Many tier2 systems are affected by this.
root@tegra124:/usr/ports # portsnap fetch
Looking up portsnap.FreeBSD.org mirrors... 6 mirrors found.
Fetching snapshot tag from ec2-eu-west-1.portsnap.freebsd.org... done.
Fetching snapshot metadata... done.
Updating from Sat Jan 28 07:27:13 UTC 2017 to Mon Mar 13 16:02:31 UTC 2017.
Fetching 5 metadata patches.lam: unable to limit rights on: -: Function not implemented
done.
Applying metadata patches... done.
Fetching 5 metadata files... lam: unable to limit rights on: -: Function not implemented
/usr/sbin/portsnap: cannot open a5dec4addaeb7dfd733a5eb227f3cdbb7f1f4ab2bd63426d5fd6e5d4e5be2277.gz: No such file or directory
metadata is corrupt.
head/usr.bin/lam/lam.c | ||
---|---|---|
137 | Needs && errno != ENOSYS, I guess. |