From owner-freebsd-arch@FreeBSD.ORG Wed Feb 13 23:39:32 2013 Return-Path: Delivered-To: freebsd-arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 045FAFE6 for ; Wed, 13 Feb 2013 23:39:32 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.dawidek.net (garage.dawidek.net [91.121.88.72]) by mx1.freebsd.org (Postfix) with ESMTP id A81C27EC for ; Wed, 13 Feb 2013 23:39:31 +0000 (UTC) Received: from localhost (89-73-195-149.dynamic.chello.pl [89.73.195.149]) by mail.dawidek.net (Postfix) with ESMTPSA id 32CB1465; Thu, 14 Feb 2013 00:36:40 +0100 (CET) Date: Thu, 14 Feb 2013 00:40:31 +0100 From: Pawel Jakub Dawidek To: Konstantin Belousov Subject: Re: bindat(2) and connectat(2) syscalls for review. Message-ID: <20130213234030.GD1375@garage.freebsd.pl> References: <20130213230354.GC1375@garage.freebsd.pl> <20130213232004.GA2522@kib.kiev.ua> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/3yNEOqWowh/8j+e" Content-Disposition: inline In-Reply-To: <20130213232004.GA2522@kib.kiev.ua> X-OS: FreeBSD 10.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-arch@FreeBSD.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Feb 2013 23:39:32 -0000 --/3yNEOqWowh/8j+e Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 14, 2013 at 01:20:04AM +0200, Konstantin Belousov wrote: > On Thu, Feb 14, 2013 at 12:03:54AM +0100, Pawel Jakub Dawidek wrote: > > Hi. > >=20 > > I'd like to commit the following patch: > >=20 > > http://people.freebsd.org/~pjd/patches/bindconnectat.patch > >=20 > > It implements bindat(2) and connectat(2) syscalls that will allow to > > manage UNIX domain sockets from within capability mode sandbox. > >=20 > > They work just like any other *at(2) syscall and their prototypes look > > like this: > >=20 > > int bindat(int fd, int s, const struct sockaddr *addr, socklen_t addrl= en); > > int connectat(int fd, int s, const struct sockaddr *addr, socklen_t ad= drlen); > >=20 > > Where 'fd' is directory descriptor. The only supported socket domain is > > PF_LOCAL. > >=20 > > The audit subsystem was updated to audit the new syscalls properly. > >=20 > > Comments and reviews are welcome. >=20 > Looking only at prototypes, I think it is useful to add at last the flags > argument. The first application of it is for O_CLOEXEC-like flag. And this flag should be applied to? Note that those syscalls don't create new descriptors, they operate on existing descriptors (directory descriptor and socket descriptor) that should eventually have close-on-exec flag set if required. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --/3yNEOqWowh/8j+e Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlEcJG4ACgkQForvXbEpPzQyfgCeIsO0CRxOQlzOOdpTDzqSjAoS gRkAoMSqLiVrRHpFHmcGLbYq46MSBi01 =XHDm -----END PGP SIGNATURE----- --/3yNEOqWowh/8j+e--