From owner-freebsd-arch@FreeBSD.ORG Thu Feb 14 22:07:52 2013 Return-Path: Delivered-To: freebsd-arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id CDC15CF1 for ; Thu, 14 Feb 2013 22:07:52 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.dawidek.net (garage.dawidek.net [91.121.88.72]) by mx1.freebsd.org (Postfix) with ESMTP id 7A71FD8 for ; Thu, 14 Feb 2013 22:07:52 +0000 (UTC) Received: from localhost (89-73-195-149.dynamic.chello.pl [89.73.195.149]) by mail.dawidek.net (Postfix) with ESMTPSA id F147C804; Thu, 14 Feb 2013 23:05:00 +0100 (CET) Date: Thu, 14 Feb 2013 23:08:53 +0100 From: Pawel Jakub Dawidek To: Jilles Tjoelker Subject: Re: bindat(2) and connectat(2) syscalls for review. Message-ID: <20130214220853.GB1407@garage.freebsd.pl> References: <20130213230354.GC1375@garage.freebsd.pl> <20130213232004.GA2522@kib.kiev.ua> <20130213234030.GD1375@garage.freebsd.pl> <20130214185549.GA36288@stack.nl> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/WwmFnJnmDyWGHa4" Content-Disposition: inline In-Reply-To: <20130214185549.GA36288@stack.nl> X-OS: FreeBSD 10.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Konstantin Belousov , freebsd-arch@FreeBSD.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Feb 2013 22:07:52 -0000 --/WwmFnJnmDyWGHa4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 14, 2013 at 07:55:49PM +0100, Jilles Tjoelker wrote: > On Thu, Feb 14, 2013 at 12:40:31AM +0100, Pawel Jakub Dawidek wrote: > > On Thu, Feb 14, 2013 at 01:20:04AM +0200, Konstantin Belousov wrote: > > > On Thu, Feb 14, 2013 at 12:03:54AM +0100, Pawel Jakub Dawidek wrote: >=20 > > > > http://people.freebsd.org/~pjd/patches/bindconnectat.patch >=20 > > > > It implements bindat(2) and connectat(2) syscalls that will allow to > > > > manage UNIX domain sockets from within capability mode sandbox. >=20 > > > > They work just like any other *at(2) syscall and their prototypes l= ook > > > > like this: >=20 > > > > int bindat(int fd, int s, const struct sockaddr *addr, socklen_t a= ddrlen); > > > > int connectat(int fd, int s, const struct sockaddr *addr, socklen_= t addrlen); >=20 > > > > Where 'fd' is directory descriptor. The only supported socket domai= n is > > > > PF_LOCAL. >=20 > > > > The audit subsystem was updated to audit the new syscalls properly. >=20 > > > > Comments and reviews are welcome. >=20 > > > Looking only at prototypes, I think it is useful to add at last the f= lags > > > argument. The first application of it is for O_CLOEXEC-like flag. >=20 > > And this flag should be applied to? >=20 > > Note that those syscalls don't create new descriptors, they operate on > > existing descriptors (directory descriptor and socket descriptor) that > > should eventually have close-on-exec flag set if required. >=20 > A flag parameter is a good thing; you may not know yet what you will > need it for. >=20 > Looking through some of the other *at calls, AT_SYMLINK_NOFOLLOW might > be interesting. bind(2) and connect(2) are used just fine currently without any flags. I'd like to see good example before I decide to add such argument. The AT_SYMLINK_NOFOLLOW flag is of no use here, it is used for syscalls that can operate on symlinks (you can chmod, chown or stat a symlink, so it does make sense there). --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --/WwmFnJnmDyWGHa4 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlEdYHUACgkQForvXbEpPzShjgCfSTxr5EFKhV5OdLMiG5UzWT7t IHUAnRX+Bod+gyrmsTocpZZr29jSavLY =X6mU -----END PGP SIGNATURE----- --/WwmFnJnmDyWGHa4--