Commit 7cd1e103 authored by Baptiste Daroussin's avatar Baptiste Daroussin
Browse files

lua script: disable sandboxing

capsicum sandbox prevent opening a file if an element in its path is
an absolute symlinks to a directory.

Another benefit is we can now use the pkg.exec within scripts
parent c1f98e8b
......@@ -30,10 +30,6 @@
#include <sys/procctl.h>
#endif
#ifdef HAVE_CAPSICUM
#include <sys/capsicum.h>
#endif
#include <sys/types.h>
#include <sys/wait.h>
......@@ -116,11 +112,7 @@ pkg_lua_script_run(struct pkg * const pkg, pkg_lua_script type, bool upgrade)
luaL_newlib(L, pkg_lib);
lua_setglobal(L, "pkg");
lua_override_ios(L, true);
#ifdef HAVE_CAPSICUM
if (cap_enter() < 0 && errno != ENOSYS) {
err(1, "cap_enter failed");
}
#endif
/* parse and set arguments of the line is in the comments */
if (STARTS_WITH(lscript->script, "-- args: ")) {
char *walk, *begin, *line = NULL;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment