svn commit: r355470 - head/usr.bin/tail

[Mark Johnston]

Author: markj
Date: Fri Dec  6 23:39:38 2019
New Revision: 355470
URL: https://svnweb.freebsd.org/changeset/base/355470

Log:
  Fix tail -f in capability mode.
  
  We were not adding CAP_EVENT to input file capabilities, so kevent()
  always failed with ENOTCAPABLE.  tail implements a fallback mode to
  poll the file in this case, so the failure was not apparent.
  
  Reviewed by:	emaste
  MFC after:	1 week
  Sponsored by:	The FreeBSD Foundation
  Differential Revision:	https://reviews.freebsd.org/D22709

Modified:
  head/usr.bin/tail/tail.c

Modified: head/usr.bin/tail/tail.c
==============================================================================
--- head/usr.bin/tail/tail.c	Fri Dec  6 23:39:08 2019	(r355469)
+++ head/usr.bin/tail/tail.c	Fri Dec  6 23:39:38 2019	(r355470)
@@ -93,11 +93,6 @@ main(int argc, char *argv[])
 	char *p;
 	cap_rights_t rights;
 
-	cap_rights_init(&rights, CAP_FSTAT, CAP_FSTATFS, CAP_FCNTL, CAP_MMAP_RW);
-	if (caph_rights_limit(STDIN_FILENO, &rights) < 0 ||
-	    caph_limit_stderr() < 0 || caph_limit_stdout() < 0)
-		err(1, "can't limit stdio rights");
-
 	/*
 	 * Tail's options are weird.  First, -n10 is the same as -n-10, not
 	 * -n+10.  Second, the number options are 1 based and not offsets,
@@ -166,6 +161,14 @@ main(int argc, char *argv[])
 	argv += optind;
 
 	no_files = argc ? argc : 1;
+
+	cap_rights_init(&rights, CAP_FSTAT, CAP_FSTATFS, CAP_FCNTL,
+	    CAP_MMAP_R);
+	if (fflag)
+		cap_rights_set(&rights, CAP_EVENT);
+	if (caph_rights_limit(STDIN_FILENO, &rights) < 0 ||
+	    caph_limit_stderr() < 0 || caph_limit_stdout() < 0)
+		err(1, "can't limit stdio rights");
 
 	fa = fileargs_init(argc, argv, O_RDONLY, 0, &rights, FA_OPEN);
 	if (fa == NULL)