Date: Sun, 16 May 2021 11:48:24 +1000 From: Peter Jeremy <peter@rulingia.com> To: freebsd-stable@freebsd.org Subject: ENOTCAPABLE returned without Capsicum Message-ID: <YKB56Gjh9qnIeWLT@server.rulingia.com>
index | next in thread | raw e-mail
[-- Attachment #1 --]
I am running 13-stable from a couple of weeks ago, without Capsicum
(neither CAPABILITY_MODE nor CAPABILITIES are specified in my kernel).
Despite this, I am getting Capsicum-related errors. As an example:
openat(AT_FDCWD, "/")
will return ENOTCAPABLE.
Rummaging around the sources, it seems that there's a non-trivial
amount of code in kern/vfs_lookup.c that's capable of returning
capability-related errors but isn't protected by CAPABILITY_MODE.
This seems undesirable since it means that FreeBSD is defaulting to
being locked down but unless I build it with Capsicum, there's no
way to change the processes capabilities.
--
Peter Jeremy
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE7rKYbDBnHnTmXCJ+FqWXoOSiCzQFAmCgeeNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEVF
QjI5ODZDMzA2NzFFNzRFNjVDMjI3RTE2QTU5N0EwRTRBMjBCMzQACgkQFqWXoOSi
CzSWXw//dFHuUIDe9t6DeGJivcFoX3e7yvUp4x8pCn9EPwcC2co6kzD2BK461UkL
gfHrji84jJ5oEvB2B3P0yfeKUvTOfMS3L+WOkjh30XlADC7E1lT2m1qjDpu3EjBS
AlfhfUtgkpnMyZaiVVvQW9xgO9CLeAsFGf3JXNmzGRv2WjYEqFoG9QeS4WTVZCI5
SACG6ebLCW62D/2siOqZn9TIoyXCUUWZmoQujLtVq8HpQ6vUili7vqsLOx7bjfYE
HazS3D7JcAIciBhmCsTDQmft3FOJohGBE6l3xt4uFNBhE6rcjrmJy8B9YzBTVzpi
o5zC99kVX/CdUF9FKm6dF94MHb1osrksvCKviLIlFiX2bZsXBYq8yRcsYQaCrptQ
wLahnBSpcd8uygbnFZI0I3WQwULomfGkiaaQdD3mVwePZSyXvyALkCc6KK+xyxaz
ij4a2bBfP6Ld5RskKZChVGv0/bf/O8LKIq1yDiDwO58rYe8zwGTdrZcMk8TvLdR5
PAYV0ViTmNw2w8NriEeq6vz5yeBpc6usNROH5nivyGqIjNjHLodVnFthlYukYj86
28sAd7HFsSHgv0YaN6ZlywaEGQQl/rAjb+BOQfSyaXii7f0VcewnsIFklzxxNnvN
guI8yNE2CfUSEeQ1lfIHnexMmyp3nq/EENlV3UK71LVE0gGrsmE=
=mqyz
-----END PGP SIGNATURE-----
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YKB56Gjh9qnIeWLT>