Don't run lua triggers in a sandbox, we do want os.execute

libpkg/lua.c

@@ -415,7 +415,7 @@ lua_os_exit(lua_State *L)
 }
 
 void
-lua_override_ios(lua_State *L)
+lua_override_ios(lua_State *L, bool sandboxed)
 {
 	lua_getglobal(L, "io");
 	lua_pushcfunction(L, lua_io_open);
@@ -426,8 +426,10 @@ lua_override_ios(lua_State *L)
 	lua_setfield(L, -2, "remove");
 	lua_pushcfunction(L, lua_os_rename);
 	lua_setfield(L, -2, "rename");
-	lua_pushcfunction(L, lua_os_execute);
-	lua_setfield(L, -2, "execute");
+	if (sandboxed) {
+		lua_pushcfunction(L, lua_os_execute);
+		lua_setfield(L, -2, "execute");
+	}
 	lua_pushcfunction(L, lua_os_exit);
 	lua_setfield(L, -2, "exit");
 }

libpkg/lua_scripts.c

@@ -114,7 +114,7 @@ pkg_lua_script_run(struct pkg * const pkg, pkg_lua_script type, bool upgrade)
 			lua_pushcfunction(L, lua_print_msg);
 			luaL_newlib(L, pkg_lib);
 			lua_setglobal(L, "pkg");
-			lua_override_ios(L);
+			lua_override_ios(L, true);
 #ifdef HAVE_CAPSICUM
 			if (cap_enter() < 0 && errno != ENOSYS) {
 				err(1, "cap_enter failed");

libpkg/pkg_ports.c

@@ -719,7 +719,7 @@ apply_keyword_file(ucl_object_t *obj, struct plist *p, char *line, struct file_a
 		lua_args_table(L, args, argc);
 		luaL_newlib(L, plist_lib);
 		lua_setglobal(L, "pkg");
-		lua_override_ios(L);
+		lua_override_ios(L, false);
 		pkg_debug(3, "Scripts: executing lua\n--- BEGIN ---"
 		    "\n%s\nScripts: --- END ---", ucl_object_tostring(o));
 		if (luaL_dostring(L, ucl_object_tostring(o))) {

libpkg/private/lua.h

@@ -32,6 +32,6 @@ int lua_print_msg(lua_State *L);
 int lua_pkg_copy(lua_State *L);
 int lua_pkg_filecmp(lua_State *L);
 int lua_prefix_path(lua_State *L);
-void lua_override_ios(lua_State *L);
+void lua_override_ios(lua_State *L, bool);
 int lua_stat(lua_State *L);
 void lua_args_table(lua_State *L, char **argv, int argc);

libpkg/triggers.c

@@ -26,10 +26,6 @@
 
 #include "pkg_config.h"
 
-#ifdef HAVE_CAPSICUM
-#include <sys/capsicum.h>
-#endif
-
 #include <sys/stat.h>
 #include <sys/wait.h>
 
@@ -384,7 +380,7 @@ trigger_execute_lua(const char *script, kh_strings_t *args)
 	if (pid == 0) {
 		L = luaL_newstate();
 		luaL_openlibs(L);
-		lua_override_ios(L);
+		lua_override_ios(L, false);
 		char *dir;
 		char **arguments = NULL;
 		int i = 0;
@@ -395,11 +391,6 @@ trigger_execute_lua(const char *script, kh_strings_t *args)
 			});
 		}
 		lua_args_table(L, arguments, i);
-#ifdef HAVE_CAPSICUM
-		if (cap_enter() < 0 && errno != ENOSYS) {
-			err(1, "cap_enter failed");
-		}
-#endif
 		if (luaL_dostring(L, script)) {
 			pkg_emit_error("Failed to execute lua trigger: "
 					"%s", lua_tostring(L, -1));