Created attachment 181005 [details] diff.diff This happens while running 'diff -u file1 file2' (file1 and file2 need to actually differ). After cap_enter() and after reading file1, diff(1) will try to open the following files which isn't allowed in capability mode: access("/etc/localtime",R_OK) ERR#94 'Not permitted in capability mode' issetugid() = 0 (0x0) open("/usr/share/zoneinfo/UTC",O_RDONLY,00) ERR#94 'Not permitted in capability mode' issetugid() = 0 (0x0) open("/usr/share/zoneinfo/posixrules",O_RDONLY,06423226000) ERR#94 'Not permitted in capability mode' Unfortunately when kern.trap_enotcap=1 is accidentally still set, it means diff will die immediately after access(). To workaround this we could initialize time conversion information with tzset(3) just before cap_enter().
A commit references this bug: Author: bapt Date: Mon Mar 20 19:24:16 UTC 2017 New revision: 315649 URL: https://svnweb.freebsd.org/changeset/base/315649 Log: Cache tzdata when running under capsicum PR: 217957 Reported by: tobik@ Changes: head/usr.bin/diff/diffreg.c
I fixed with another diff caph_cache_tzdata which is designed for that Thank you
A commit references this bug: Author: ian Date: Fri Mar 23 21:06:07 UTC 2018 New revision: 331465 URL: https://svnweb.freebsd.org/changeset/base/331465 Log: MFC r315051, r315101, r315103, r315107, r315180, r315197, r315293, r315319, r315590, r315649, r315726, r315743, r315746-r315747, r315779, r315985, r316002, r316639, r316959, r317187, r317194, r317205-r317207, r317381, r319489, r319847, r321076-r321079, r321227, r326822 Add the BSD-licensed diff from OpenBSD, which is optionally built and installed when WITHOUT_GNU_DIFF is set. r315051: Import diff from OpenBSD Some of the modifications from the previous summer of code has been integrated Modification for compatibility with GNU diff output has been added Main difference with OpenBSD: Implement multiple GNU diff options: * --ignore-file-name-case * --no-ignore-file-name-case * --normal * --tabsize * --strip-trailing-cr Make diff -p compatible with GNU diff Implement diff -l Make diff -r compatible with GNU diff Capsicumize diffing 2 regular files Add a simple test suite Approved by: AsiaBSDcon devsummit Obtained from: OpenBSD, GSoC Relnotes: yes r315101: Fix wrong date in diff(1) Reported by: rgrimes r315103: Implement a stub --horizon-lines=NUM for compatibility with GNU diff3 some options of GNU diff3 would call diff with --horizon-lines, rcs is depending on that. Reported by: antoine r315107: Fix building with recent gcc Reported by: lwhsu, ngie r315180: Readd codes that creates a tmp file for diffing stdout or devices r315197: Do not die if cap_rights_limit reports ENOSYS Reported by: mmel r315293: Integrate contrib/netbsd-tests/usr.bin/diff/t_diff.sh in as .../usr.bin/diff/diff_test Some minor adjustment needed to be done for :same as it currently has the test script hardcoded into the test, instead of using an idiom like $(dirname $0) Sponsored by: Dell EMC Isilon r315319: diff(1): sort long options under -D example in SYNOPSYS Sponsored by: Dell EMC Isilon r315590: diff(1): add --strip-trailing-cr to last example in the SYNOPSIS This syncs the last example in the SYNOPSIS with the other examples. Reviewed by: bapt Sponsored by: Dell EMC Isilon Differential Revision: D10017 r315649: Cache tzdata when running under capsicum PR: 217957 Reported by: tobik@ r315726: diff(1): fix SYNOPSIS section noting non-existent option, --no-ignore-case `--no-ignore-case` should be `--no-ignore-file-name-case` per code for compatibility with [g]diff(1). Sponsored by: Dell EMC Isilon r315743: Use MAX and MIN macros from sys/param.h r315746: Use strndup(3) instead of malloc + memcpy r315747: Use MIN macros from sys/param.h r315779: diff(1): document remaining long options While here, try and tie together some of the short options with their long option equivalents, where possible. Sponsored by: Dell EMC Isilon r315985: diff: Fix mtime of file1 in -u/-c header line. PR: 218018 Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D10140 r316002: diff: Show nanoseconds in -u/-c header line. Show nanoseconds in the -u/-c header line. The present portability conditionals cannot handle the POSIX standard st_mtim, so remove them and unconditionally use st_mtim. PR: 218018 Reported by: jbeich Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D10145 r316639: add a stub --speed-large-files for compatibility with GNU diff There is no intention to implement it, but lots of scripts/tools using diff(1) passes GNU diff option r316959: Clean up headers declaration r317187: Add a regression test for diff -D r317194: Implement a basic --changed-group-format etcupdate(8) requires that option, while GNU diff supports many more variation of that options, their behaviour beside the simple verion implemented here are quite inconsistent as such I do not plan to implement those. The only special keyword supported by this implementation are: %< and %> %= is not implemented as the documentation of GNU diff says: common lines, but it actually when tested print the changes from the first file r317205: Document all long options r317206: Update the TODO list to reflect what has been changed r317207: Cross reference pr(1) which diff might call with -l option r317381: Fix the following warning from gcc 4.2 in usr.bin/diff: usr.bin/diff/diffreg.c: In function 'change': usr.bin/diff/diffreg.c:1085: warning: 'i' may be used uninitialized in this function This version of gcc is not smart enough to see that 'i' cannot actually be used unitialized. However, the variable is confusingly re-used, so it is better to give it another name, and clearly initialize it before attempting to use it. Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D10484 r319489: Add -H as an alias for --speed-large-file to match GNU diff. This is undocumented to match GNU diff where -H is also undocumented. Some existing software (such as kompare) uses this option by default. Reviewed by: emaste, rpokala Differential Revision: https://reviews.freebsd.org/D11022 r319847: Add some testcases for `diff --side-by-side` support These are were created proactively, in anticipation of the support being fully implemented sometime in the future. The tests currently fail on ^/head@r319845, however. Expect them to fail. PR: 219933 Tested with: gdiff r321076: Don't emit "diff: diff <options> arguments" when diffing files if -q is specified. This improves compatibility with GNU diff. Found by accident with `diff -Nrq /usr/tests /usr/tests.new | grep Kyuafile`. Relnotes: yes r321077: Add some tests for brief (--brief/-q) format MFC with: r321076 r321078: Fix exit status with -rq when there is a file in one directory but not another, i.e., when print_only is called. Prior to this change, -rq was always returning 0. After this change it will return 1 if there is a difference between two directories. This fixes compatibility with GNU diff and unbreaks backwards compatibility expectations. Found when trying to extend diff_test:brief_format_test. MFC with: r321076, r321077 r321079: Add tests that exercise -q, like -rq and add tests that test -q like -Nrq MFC with: r321076, r321077, r321078 r321227: Use more flexible expression for replacing t_diff in contrib/netbsd-tests/usr.bin/diff/t_diff.sh with the name of the script via `basename $0`. This was a change I forgot to port over from ^/head/gnu/usr.bin/diff/tests/Makefile@r272787. r326822: Replace homemade equivalent of tolower(3) by towlower(3) This will help in the futur making diff -i works with multibyte Relnotes: Yes Changes: _U stable/11/ stable/11/usr.bin/Makefile stable/11/usr.bin/diff/ stable/11/usr.bin/diff/TODO stable/11/usr.bin/diff/diff.1 stable/11/usr.bin/diff/diff.c stable/11/usr.bin/diff/diff.h stable/11/usr.bin/diff/diffdir.c stable/11/usr.bin/diff/diffreg.c stable/11/usr.bin/diff/tests/Makefile stable/11/usr.bin/diff/tests/diff.sh stable/11/usr.bin/diff/tests/diff_test.sh stable/11/usr.bin/diff/tests/group-format.out stable/11/usr.bin/diff/tests/header.out stable/11/usr.bin/diff/tests/header_ns.out stable/11/usr.bin/diff/tests/ifdef.out