systrace(4) STRIOCATTACH can only fail for file(1) if it is already

systraced. If so, silently ignore the error and do not attempt to apply
our own systrace policy. From Patrick Keshishian.

diff --git a/usr.bin/file/sandbox.c b/usr.bin/file/sandbox.c
index 597997a..af53196 100644 (file)
--- a/usr.bin/file/sandbox.c
+++ b/usr.bin/file/sandbox.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sandbox.c,v 1.7 2015/05/29 15:58:34 nicm Exp $ */
+/* $OpenBSD: sandbox.c,v 1.8 2015/06/04 22:56:33 nicm Exp $ */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -130,7 +130,7 @@ sandbox_fork(const char *user)
        close(devfd);
 
        if (ioctl(fd, STRIOCATTACH, &pid) == -1)
-               err(1, "ioctl(STRIOCATTACH)");
+               goto out;
 
        memset(&policy, 0, sizeof policy);
        policy.strp_op = SYSTR_POLICY_NEW;
@@ -150,6 +150,7 @@ sandbox_fork(const char *user)
                        err(1, "ioctl(STRIOCPOLICY/MODIFY)");
        }
 
+out:
        if (kill(pid, SIGCONT) != 0)
                err(1, "kill(SIGCONT)");
        return (pid);