summary refs log tree commit diff
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2019-04-27 22:50:20 -0400
committerJune McEnroe <june@causal.agency>2019-04-27 22:50:20 -0400
commit36114f72fba781e1888560b8b65358a5700fe2e8 (patch)
treeb8cffbe0b36ee89e9d46708142826e7abf7ca3b7
parentAdd missing include (diff)
downloadsrc-36114f72fba781e1888560b8b65358a5700fe2e8.tar.gz
src-36114f72fba781e1888560b8b65358a5700fe2e8.zip
Use capsicum in irc/relay
-rw-r--r--bin/irc/relay.c26
1 files changed, 26 insertions, 0 deletions
diff --git a/bin/irc/relay.c b/bin/irc/relay.c
index eb766490..7c70b4db 100644
--- a/bin/irc/relay.c
+++ b/bin/irc/relay.c
@@ -27,6 +27,10 @@
 #include <tls.h>
 #include <unistd.h>
 
+#ifdef __FreeBSD__
+#include <sys/capsicum.h>
+#endif
+
 static void clientWrite(struct tls *client, const char *ptr, size_t len) {
 	while (len) {
 		ssize_t ret = tls_write(client, ptr, len);
@@ -135,6 +139,28 @@ int main(int argc, char *argv[]) {
 	error = tls_connect_socket(client, sock, host);
 	if (error) errx(EX_PROTOCOL, "tls_connect: %s", tls_error(client));
 
+#ifdef __FreeBSD__
+	cap_rights_t rights;
+
+	error = cap_enter();
+	if (error) err(EX_OSERR, "cap_enter");
+
+	cap_rights_init(&rights, CAP_READ, CAP_EVENT);
+	error = cap_rights_limit(STDIN_FILENO, &rights);
+	if (error) err(EX_OSERR, "cap_rights_limit");
+
+	cap_rights_init(&rights, CAP_WRITE);
+	error = cap_rights_limit(STDOUT_FILENO, &rights);
+	if (error) err(EX_OSERR, "cap_rights_limit");
+
+	error = cap_rights_limit(STDERR_FILENO, &rights);
+	if (error) err(EX_OSERR, "cap_rights_limit");
+
+	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_EVENT);
+	error = cap_rights_limit(sock, &rights);
+	if (error) err(EX_OSERR, "cap_rights_limit");
+#endif
+
 	clientFormat(client, "NICK :%s\r\nUSER %s 0 * :%s\r\n", nick, nick, nick);
 
 	char *input = NULL;