From 03d876f71c88bf51f7982557798503cad27fa355 Mon Sep 17 00:00:00 2001
From: "C. McEnroe" <june@causal.agency>
Date: Wed, 15 Sep 2021 13:13:11 +0000
Subject: Enter capsicum in downgrade

---
 bin/downgrade.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'bin')

diff --git a/bin/downgrade.c b/bin/downgrade.c
index 168510ce..3548efcf 100644
--- a/bin/downgrade.c
+++ b/bin/downgrade.c
@@ -26,6 +26,10 @@
 #include <tls.h>
 #include <unistd.h>
 
+#ifdef __FreeBSD__
+#include <capsicum_helpers.h>
+#endif
+
 enum { BufferCap = 8192 + 512 };
 
 static bool verbose;
@@ -298,6 +302,11 @@ int main(int argc, char *argv[]) {
 	if (error) errx(EX_PROTOCOL, "tls_handshake: %s", tls_error(client));
 	tls_config_clear_keys(config);
 
+#ifdef __FreeBSD__
+	error = caph_enter() || caph_limit_stdio();
+	if (error) err(EX_OSERR, "caph_enter");
+#endif
+
 	signal(SIGHUP, quit);
 	signal(SIGINT, quit);
 	signal(SIGTERM, quit);
-- 
cgit 1.4.1