From owner-freebsd-arch@FreeBSD.ORG Sat Feb 23 22:10:09 2013 Return-Path: Delivered-To: freebsd-arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 671EF59A for ; Sat, 23 Feb 2013 22:10:09 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.dawidek.net (garage.dawidek.net [91.121.88.72]) by mx1.freebsd.org (Postfix) with ESMTP id 32D297CC for ; Sat, 23 Feb 2013 22:10:08 +0000 (UTC) Received: from localhost (89-73-195-149.dynamic.chello.pl [89.73.195.149]) by mail.dawidek.net (Postfix) with ESMTPSA id 27B3C8DA for ; Sat, 23 Feb 2013 23:07:10 +0100 (CET) Date: Sat, 23 Feb 2013 23:11:16 +0100 From: Pawel Jakub Dawidek To: freebsd-arch@FreeBSD.org Subject: Re: Large Capsicum patch for review. Message-ID: <20130223221116.GR1377@garage.freebsd.pl> References: <20130213025547.GA2025@garage.freebsd.pl> <20130213230221.GB1375@garage.freebsd.pl> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="dLXnlYbDJNCwF3YM" Content-Disposition: inline In-Reply-To: <20130213230221.GB1375@garage.freebsd.pl> X-OS: FreeBSD 10.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Feb 2013 22:10:09 -0000 --dLXnlYbDJNCwF3YM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 14, 2013 at 12:02:22AM +0100, Pawel Jakub Dawidek wrote: > Hi. >=20 > I'd like to commit this patch: >=20 > http://people.freebsd.org/~pjd/patches/capkern.diff The patch was updated after the following changes and is available at the link above: - Added defines for consistency as some rights allow for both regular syscalls and *at() variant of the syscall, eg. CAP_FCHMOD allows for both fchmod(2) and fchmodat(2): #define CAP_FCHMODAT CAP_FCHMOD #define CAP_FCHOWNAT CAP_FCHOWN #define CAP_FSTATAT CAP_FSTAT #define CAP_FUTIMESAT CAP_FUTIMES - Now that we have cap_ioctls_limit(2) syscalls I made ioctl(2) available in the capability mode (should've been done earlier). - Removed cap_new(2) manual page, as it should not be used in new code. - Because the fgetvp_rights() was only used in one place where the filedesc lock was held, the function was modified to make use of this fact, which allowed to simplify some code. - Introduced new right - CAP_RENAMEAT which has to be set on the source (from) directory descriptor for renameat(2) syscall. CAP_UNLINKAT didn't really fit here, as the file is not completely removed from the file system, it just changes place. - If renaming via renameat(2) would cause removal of an already existing entry, we now require CAP_UNLINKAT on the destination (to) directory descriptor in addition to CAP_LINKAT. - If O_WRONLY or O_RDWR is specified _without_ the O_APPEND flag for openat(2), we now also require CAP_SEEK capability right. Without CAP_SEEK, file can be opened for writing only when O_APPEND flag is also specified. - Updated documentation of all capability rights in cap_rights_limit(2). A review would be very welcome! --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --dLXnlYbDJNCwF3YM Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlEpPoQACgkQForvXbEpPzQAmgCgxKblcJhSOGRSie35Yqz61ElX 2sgAoOB7n9npebmO3tZVtmnYLQbC7HKt =vh6r -----END PGP SIGNATURE----- --dLXnlYbDJNCwF3YM--