From owner-p4-projects@FreeBSD.ORG Wed Jun 10 15:30:41 2009 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 18EA91065672; Wed, 10 Jun 2009 15:30:41 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CC0FA106564A for ; Wed, 10 Jun 2009 15:30:40 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id AF7238FC19 for ; Wed, 10 Jun 2009 15:30:40 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n5AFUeOn087737 for ; Wed, 10 Jun 2009 15:30:40 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n5AFUeEO087735 for perforce@freebsd.org; Wed, 10 Jun 2009 15:30:40 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Wed, 10 Jun 2009 15:30:40 GMT Message-Id: <200906101530.n5AFUeEO087735@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 164010 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2009 15:30:43 -0000 http://perforce.freebsd.org/chv.cgi?CH=164010 Change 164010 by rwatson@rwatson_freebsd_capabilities on 2009/06/10 15:29:51 Provide an argv[] argument fo lch_start() so that arguments can be passed to the agent. Properly set up capability for libz.zo. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#4 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#6 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#5 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#4 (text+ko) ==== @@ -47,7 +47,7 @@ .Ft int .Fn lc_limitfd "int fd" "cap_rights_t rights" .Ft int -.Fn lch_start "const char *agent" "struct lc_agent **lcap" +.Fn lch_start "const char *agent" "char *const argv[]" "struct lc_agent **lcap" .Ft void .Fn lch_stop "struct lc_agent *lcap" .Ft int ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#6 (text+ko) ==== @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#5 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#6 $ */ #ifndef _LIBCAPABILITY_H_ @@ -47,7 +47,8 @@ /* * Interfaces to start and stop capability mode agents. */ -int lch_start(const char *agent, struct lc_agent **lcapp); +int lch_start(const char *agent, char *const argv[], + struct lc_agent **lcapp); void lch_stop(struct lc_agent *lcap); /* ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#5 (text+ko) ==== @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#4 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#5 $ */ #include @@ -139,7 +139,8 @@ } static void -lch_agent(int fd_sock, int fd_agent, int fd_ldso, int fd_libc, int fd_libz) +lch_agent(int fd_sock, int fd_agent, int fd_ldso, int fd_libc, int fd_libz, + char *const argv[]) { char *env_caplibindex, *env_libcapability_agent_api; int fd_array[8], fd_devnull; @@ -158,6 +159,8 @@ return; if (lc_limitfd(fd_libc, LIBCAPABILITY_CAPMASK_LIBC) < 0) return; + if (lc_limitfd(fd_libz, LIBCAPABILITY_CAPMASK_LIBZ) < 0) + return; fd_array[0] = fd_devnull; fd_array[1] = fd_devnull; @@ -196,11 +199,11 @@ if (cap_enter() < 0) return; - (void)fexecve(5, ldso_argv, environ); + (void)fexecve(5, argv, environ); } int -lch_start(const char *agent, struct lc_agent **lcapp) +lch_start(const char *agent, char *const argv[], struct lc_agent **lcapp) { struct lc_agent *lcap; int fd_agent, fd_ldso, fd_libc, fd_libz, fd_procdesc, fd_sockpair[2]; @@ -249,7 +252,7 @@ } if (pid == 0) { lch_agent(fd_sockpair[1], fd_agent, fd_ldso, fd_libc, - fd_libz); + fd_libz, argv); exit(-1); } close(fd_libz);