Date: Fri, 12 Jun 2009 23:10:11 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 164217 for review Message-ID: <200906122310.n5CNABqh087142@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=164217 Change 164217 by rwatson@rwatson_freebsd_capabilities on 2009/06/12 23:09:58 Allow closefrom(2) in capability mode. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#21 edit .. //depot/projects/trustedbsd/capabilities/src/sys/kern/init_sysent.c#34 edit .. //depot/projects/trustedbsd/capabilities/src/sys/kern/syscalls.c#34 edit .. //depot/projects/trustedbsd/capabilities/src/sys/kern/systrace_args.c#34 edit .. //depot/projects/trustedbsd/capabilities/src/sys/sys/syscall.h#34 edit .. //depot/projects/trustedbsd/capabilities/src/sys/sys/syscall.mk#34 edit .. //depot/projects/trustedbsd/capabilities/src/sys/sys/sysproto.h#34 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#21 (text+ko) ==== @@ -38,7 +38,7 @@ ## - sys_exit(2), abort2(2) and close(2) are very important. ## - Sorted alphabetically, please keep it that way. ## -## $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#20 $ +## $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#21 $ ## ## @@ -130,6 +130,7 @@ ## Always allow file descriptor close(2). ## close +closefrom ## ## Disallow connect(2) for now, despite CAP_CONNECT. ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/init_sysent.c#34 (text+ko) ==== @@ -545,5 +545,5 @@ { AS(pdkill_args), (sy_call_t *)pdkill, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED }, /* 514 = pdkill */ { AS(pdgetpid_args), (sy_call_t *)pdgetpid, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED }, /* 515 = pdgetpid */ { AS(pdwait_args), (sy_call_t *)pdwait, AUE_NULL, NULL, 0, 0, 0 }, /* 516 = pdwait */ - { AS(closefrom_args), (sy_call_t *)closefrom, AUE_CLOSEFROM, NULL, 0, 0, 0 }, /* 517 = closefrom */ + { AS(closefrom_args), (sy_call_t *)closefrom, AUE_CLOSEFROM, NULL, 0, 0, SYF_CAPENABLED }, /* 517 = closefrom */ }; ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/syscalls.c#34 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/systrace_args.c#34 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/sys/sys/syscall.h#34 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/sys/sys/syscall.mk#34 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/sys/sys/sysproto.h#34 (text+ko) ====
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906122310.n5CNABqh087142>