From owner-p4-projects@FreeBSD.ORG  Sun Jan 27 15:51:54 2008
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 6A0AB16A421; Sun, 27 Jan 2008 15:51:54 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F316916A41A
	for <perforce@freebsd.org>; Sun, 27 Jan 2008 15:51:53 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id E15F213C4DD
	for <perforce@freebsd.org>; Sun, 27 Jan 2008 15:51:53 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m0RFprsI000642
	for <perforce@freebsd.org>; Sun, 27 Jan 2008 15:51:53 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m0RFpr3Z000639
	for perforce@freebsd.org; Sun, 27 Jan 2008 15:51:53 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Sun, 27 Jan 2008 15:51:53 GMT
Message-Id: <200801271551.m0RFpr3Z000639@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 134202 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Jan 2008 15:51:54 -0000

http://perforce.freebsd.org/chv.cgi?CH=134202

Change 134202 by rwatson@rwatson_freebsd_capabilities on 2008/01/27 15:50:53

	Add CAP_FEXECVE to authorize use of a capability for fexecve().
	
	Use fgetvp_read() rather than fgetvp_exec(), as there is no FEXEC
	in this branch (and probably won't be).  Require CAP_READ |
	CAP_FEXECVE but possibly this should just be CAP_FEXECVE.
	
	Update for VOP_UNLOCK() prototype change.
	
	len doesn't need to be initialized on declaration [anymore].

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_exec.c#4 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#9 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_exec.c#4 (text+ko) ====

@@ -305,7 +305,7 @@
 	struct ucred *newcred = NULL, *oldcred;
 	struct uidinfo *euip;
 	register_t *stack_base;
-	int error, len = 0, i;
+	int error, len, i;
 	struct image_params image_params, *imgp;
 	struct vattr attr;
 	int (*img_first)(struct image_params *);
@@ -392,7 +392,9 @@
 		binvp  = ndp->ni_vp;
 		imgp->vp = binvp;
 	} else {
-	   	error = fgetvp_exec(td, args->fd, &binvp);
+		/* XXXRW: Possibly should just be CAP_FEXECVE? */
+	   	error = fgetvp_read(td, args->fd, CAP_READ | CAP_FEXECVE,
+		    &binvp);
 		if (error)
 			goto exec_fail;
 		vfslocked = VFS_LOCK_GIANT(binvp->v_mount);
@@ -526,7 +528,7 @@
 	}
 
 	/* close files on exec */
-	VOP_UNLOCK(imgp->vp, 0, td);
+	VOP_UNLOCK(imgp->vp, 0);
 	fdcloseexec(td);
 	vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY);
 
@@ -644,7 +646,7 @@
 		 */
 		PROC_UNLOCK(p);
 		setugidsafety(td);
-		VOP_UNLOCK(imgp->vp, 0, td);
+		VOP_UNLOCK(imgp->vp, 0);
 		error = fdcheckstd(td);
 		vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY);
 		if (error != 0)
@@ -778,7 +780,7 @@
 		crfree(oldcred);
 	else
 		crfree(newcred);
-	VOP_UNLOCK(imgp->vp, 0, td);
+	VOP_UNLOCK(imgp->vp, 0);
 	/*
 	 * Handle deferred decrement of ref counts.
 	 */

==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#9 (text+ko) ====

@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#8 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#9 $
  */
 
 /*
@@ -62,7 +62,7 @@
 #define	CAP_GETDIRENTRIES	0x0000000000020000ULL	/* getdirentries */
 #define	CAP_FSTATFS		0x0000000000040000ULL	/* fstatfs */
 #define	CAP_REVOKE		0x0000000000080000ULL	/* revoke */
-#define	_CAP_UNUSED1		0x0000000000100000ULL
+#define	CAP_FEXECVE		0x0000000000100000ULL	/* fexecve */
 #define	CAP_FPATHCONF		0x0000000000200000ULL	/* fpathconf */
 #define	CAP_FUTIMES		0x0000000000400000ULL	/* futimes */
 #define	CAP_AIO			0x0000000000800000ULL	/* aio_* */
@@ -84,7 +84,7 @@
 #define	CAP_LISTEN		0x0000008000000000ULL	/* listen */
 #define	CAP_SHUTDOWN		0x0000010000000000ULL	/* shutdown */
 #define	CAP_PEELOFF		0x0000020000000000ULL	/* sctp_peeloff */
-#define	CAP_MASK_VALID		0x000003ffffe7ffffULL
+#define	CAP_MASK_VALID		0x000003ffffffffffULL
 
 /*
  * Notes: