[pulseaudio-tickets] [Bug 72580] New: pulseaudio's use of sys/capability.h is non-POSIX

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue Dec 10 13:29:18 PST 2013 

https://bugs.freedesktop.org/show_bug.cgi?id=72580

          Priority: medium
            Bug ID: 72580
                CC: lennart at poettering.net
          Assignee: pulseaudio-bugs at lists.freedesktop.org
           Summary: pulseaudio's use of sys/capability.h is non-POSIX
        QA Contact: pulseaudio-bugs at lists.freedesktop.org
          Severity: normal
    Classification: Unclassified
                OS: All
          Reporter: desrt at desrt.ca
          Hardware: Other
            Status: NEW
           Version: unspecified
         Component: daemon
           Product: PulseAudio

The configure script for pulseaudio has this:

CAP_LIBS=''

AC_ARG_WITH([caps],
    AS_HELP_STRING([--without-caps],[Omit support for POSIX capabilities.]))

if test "x${with_caps}" != "xno"; then
    AC_SEARCH_LIBS([cap_init], [cap], [], [
                    if test "x${with_caps}" = "xyes" ; then
                        AC_MSG_ERROR([*** POSIX caps libraries not found])
                    fi])
    AC_CHECK_HEADERS([sys/capability.h], [], [
                    if test "x${with_caps}" = "xyes" ; then
                        AC_MSG_ERROR([*** POSIX caps headers not found])
                    fi])
fi

Then in the daemon's source:

void pa_drop_caps(void) {
#ifdef HAVE_SYS_CAPABILITY_H
    cap_t caps;
    pa_assert_se(caps = cap_init());
    pa_assert_se(cap_clear(caps) == 0);
    pa_assert_se(cap_set_proc(caps) == 0);
    pa_assert_se(cap_free(caps) == 0);
#else
    pa_log_warn("Normally all extra capabilities would be dropped now, but "
                "that's impossible because this Pulseaudio was built without "
                "libcap support.");
#endif
}



POSIX does not specify what such a file should contain -- the attempt to
standardise it seems to have failed, as evidenced by the comment at the top of
Linux's version of this file:

 * defunct POSIX.1e Standard: 25.2 Capabilities

Meanwhile, the combination of the two checks above produces the wrong
behaviour.

Imagine a system where sys/capability.h exists, but not cap_init (FreeBSD is
such a system, for example).

The first check fails due to missing cap_init, but because --with-caps=yes was
not explicitly given, the failure is ignored.

The second check, which is independent of the first check then passes, because
we do find sys/capability.h.  This results in HAVE_SYS_CAPABILITY_H being
defined, and then the caps code gets enabled in pa_drop_caps().

Inside the #ifdef for HAVE_SYS_CAPABILITY_H there should probably also be an
#ifdef __linux before using that Linux-style capabilities code.  There could
then ideally be another branch for BSD-style sys/capability.h.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/pulseaudio-bugs/attachments/20131210/5c27ccd3/attachment.html>

More information about the pulseaudio-bugs mailing list