Site Navigation

Date:      Sat, 13 Jun 2009 10:04:36 GMT
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 164255 for review
Message-ID:  <200906131004.n5DA4aZu092053@repoman.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

http://perforce.freebsd.org/chv.cgi?CH=164255

Change 164255 by rwatson@rwatson_freebsd_capabilities on 2009/06/13 10:04:01

	Remove CAP_SEEK from shared object capabilities passed into
	[further] sandboxes -- it isn't required by the linker.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#11 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#11 (text+ko) ====

@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#10 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#11 $
  */
 
 #include <sys/param.h>
@@ -54,7 +54,7 @@
 #define	LIBCAPABILITY_CAPMASK_DEVNULL	(CAP_EVENT | CAP_READ | CAP_WRITE)
 #define	LIBCAPABILITY_CAPMASK_SOCK	(CAP_EVENT | CAP_READ | CAP_WRITE)
 #define	LIBCAPABILITY_CAPMASK_BIN	(CAP_READ | CAP_EVENT | CAP_FSTAT | \
-					    CAP_SEEK | CAP_FSTATFS | \
+					    CAP_FSTATFS | \
 					    CAP_FEXECVE | CAP_MMAP | \
 					    CAP_MAPEXEC)
 #define	LIBCAPABILITY_CAPMASK_SANDBOX	LIBCAPABILITY_CAPMASK_BIN

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906131004.n5DA4aZu092053>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact