summary refs log tree commit diff
path: root/bin
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2021-09-15 13:13:11 +0000
committerJune McEnroe <june@causal.agency>2021-09-15 14:48:03 +0000
commit68f41009e9283757b672bbafcaa7bb0bdd121e32 (patch)
treeb86e7153fc8e6e23d4575da6e75ebe21eecda977 /bin
parentFactor out common parts of downgrade messages (diff)
downloadsrc-68f41009e9283757b672bbafcaa7bb0bdd121e32.tar.gz
src-68f41009e9283757b672bbafcaa7bb0bdd121e32.zip
Enter capsicum in downgrade
Diffstat (limited to 'bin')
-rw-r--r--bin/downgrade.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/bin/downgrade.c b/bin/downgrade.c
index 5351c501..af1b528b 100644
--- a/bin/downgrade.c
+++ b/bin/downgrade.c
@@ -26,6 +26,10 @@
 #include <tls.h>
 #include <unistd.h>
 
+#ifdef __FreeBSD__
+#include <capsicum_helpers.h>
+#endif
+
 enum { BufferCap = 8192 + 512 };
 
 static bool verbose;
@@ -298,6 +302,11 @@ int main(int argc, char *argv[]) {
 	if (error) errx(EX_PROTOCOL, "tls_handshake: %s", tls_error(client));
 	tls_config_clear_keys(config);
 
+#ifdef __FreeBSD__
+	error = caph_enter() || caph_limit_stdio();
+	if (error) err(EX_OSERR, "caph_enter");
+#endif
+
 	signal(SIGHUP, quit);
 	signal(SIGINT, quit);
 	signal(SIGTERM, quit);