Site Navigation

Date:      Sun, 16 May 2021 11:48:24 +1000
From:      Peter Jeremy <peter@rulingia.com>
To:        freebsd-stable@freebsd.org
Subject:   ENOTCAPABLE returned without Capsicum
Message-ID:  <YKB56Gjh9qnIeWLT@server.rulingia.com>

---

next in thread | raw e-mail | index | archive | help

---

--ndXiAcY8a/TbK+LY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I am running 13-stable from a couple of weeks ago, without Capsicum
(neither CAPABILITY_MODE nor CAPABILITIES are specified in my kernel).
Despite this, I am getting Capsicum-related errors.  As an example:
    openat(AT_FDCWD, "/")
will return ENOTCAPABLE.

Rummaging around the sources, it seems that there's a non-trivial
amount of code in kern/vfs_lookup.c that's capable of returning
capability-related errors but isn't protected by CAPABILITY_MODE.
This seems undesirable since it means that FreeBSD is defaulting to
being locked down but unless I build it with Capsicum, there's no
way to change the processes capabilities.

--=20
Peter Jeremy

--ndXiAcY8a/TbK+LY
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE7rKYbDBnHnTmXCJ+FqWXoOSiCzQFAmCgeeNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEVF
QjI5ODZDMzA2NzFFNzRFNjVDMjI3RTE2QTU5N0EwRTRBMjBCMzQACgkQFqWXoOSi
CzSWXw//dFHuUIDe9t6DeGJivcFoX3e7yvUp4x8pCn9EPwcC2co6kzD2BK461UkL
gfHrji84jJ5oEvB2B3P0yfeKUvTOfMS3L+WOkjh30XlADC7E1lT2m1qjDpu3EjBS
AlfhfUtgkpnMyZaiVVvQW9xgO9CLeAsFGf3JXNmzGRv2WjYEqFoG9QeS4WTVZCI5
SACG6ebLCW62D/2siOqZn9TIoyXCUUWZmoQujLtVq8HpQ6vUili7vqsLOx7bjfYE
HazS3D7JcAIciBhmCsTDQmft3FOJohGBE6l3xt4uFNBhE6rcjrmJy8B9YzBTVzpi
o5zC99kVX/CdUF9FKm6dF94MHb1osrksvCKviLIlFiX2bZsXBYq8yRcsYQaCrptQ
wLahnBSpcd8uygbnFZI0I3WQwULomfGkiaaQdD3mVwePZSyXvyALkCc6KK+xyxaz
ij4a2bBfP6Ld5RskKZChVGv0/bf/O8LKIq1yDiDwO58rYe8zwGTdrZcMk8TvLdR5
PAYV0ViTmNw2w8NriEeq6vz5yeBpc6usNROH5nivyGqIjNjHLodVnFthlYukYj86
28sAd7HFsSHgv0YaN6ZlywaEGQQl/rAjb+BOQfSyaXii7f0VcewnsIFklzxxNnvN
guI8yNE2CfUSEeQ1lfIHnexMmyp3nq/EENlV3UK71LVE0gGrsmE=
=mqyz
-----END PGP SIGNATURE-----

--ndXiAcY8a/TbK+LY--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YKB56Gjh9qnIeWLT>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact