Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 9 May 2018 18:47:25 +0000 (UTC)
From:      Matt Macy <mmacy@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r333425 - in head/sys: cddl/compat/opensolaris/sys cddl/contrib/opensolaris/uts/common/fs/zfs compat/cloudabi compat/linux compat/linuxkpi/common/include/linux dev/filemon dev/hwpmc fs/...
Message-ID:  <201805091847.w49IlPPa014617@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: mmacy
Date: Wed May  9 18:47:24 2018
New Revision: 333425
URL: https://svnweb.freebsd.org/changeset/base/333425

Log:
  Eliminate the overhead of gratuitous repeated reinitialization of cap_rights
  
  - Add macros to allow preinitialization of cap_rights_t.
  
  - Convert most commonly used code paths to use preinitialized cap_rights_t.
    A 3.6% speedup in fstat was measured with this change.
  
  Reported by:	mjg
  Reviewed by:	oshogbo
  Approved by:	sbruno
  MFC after:	1 month

Modified:
  head/sys/cddl/compat/opensolaris/sys/file.h
  head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ioctl.c
  head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_onexit.c
  head/sys/compat/cloudabi/cloudabi_file.c
  head/sys/compat/linux/linux_event.c
  head/sys/compat/linux/linux_file.c
  head/sys/compat/linux/linux_ioctl.c
  head/sys/compat/linux/linux_mmap.c
  head/sys/compat/linux/linux_socket.c
  head/sys/compat/linux/linux_stats.c
  head/sys/compat/linuxkpi/common/include/linux/file.h
  head/sys/dev/filemon/filemon.c
  head/sys/dev/hwpmc/hwpmc_logging.c
  head/sys/fs/fdescfs/fdesc_vnops.c
  head/sys/fs/fuse/fuse_vfsops.c
  head/sys/kern/kern_descrip.c
  head/sys/kern/kern_event.c
  head/sys/kern/kern_exec.c
  head/sys/kern/kern_sendfile.c
  head/sys/kern/kern_sig.c
  head/sys/kern/subr_capability.c
  head/sys/kern/sys_generic.c
  head/sys/kern/sys_procdesc.c
  head/sys/kern/uipc_mqueue.c
  head/sys/kern/uipc_sem.c
  head/sys/kern/uipc_syscalls.c
  head/sys/kern/vfs_aio.c
  head/sys/kern/vfs_syscalls.c
  head/sys/netsmb/smb_dev.c
  head/sys/sys/capsicum.h

Modified: head/sys/cddl/compat/opensolaris/sys/file.h
==============================================================================
--- head/sys/cddl/compat/opensolaris/sys/file.h	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/cddl/compat/opensolaris/sys/file.h	Wed May  9 18:47:24 2018	(r333425)
@@ -52,10 +52,9 @@ static __inline void
 releasef(int fd)
 {
 	struct file *fp;
-	cap_rights_t rights;
 
 	/* No CAP_ rights required, as we're only releasing. */
-	if (fget(curthread, fd, cap_rights_init(&rights), &fp) == 0) {
+	if (fget(curthread, fd, &cap_no_rights, &fp) == 0) {
 		fdrop(fp, curthread);
 		fdrop(fp, curthread);
 	}

Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ioctl.c
==============================================================================
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ioctl.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ioctl.c	Wed May  9 18:47:24 2018	(r333425)
@@ -4446,7 +4446,6 @@ zfs_ioc_recv(zfs_cmd_t *zc)
 	char *origin = NULL;
 	char *tosnap;
 	char tofs[ZFS_MAX_DATASET_NAME_LEN];
-	cap_rights_t rights;
 	boolean_t first_recvd_props = B_FALSE;
 
 	if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 ||
@@ -4467,7 +4466,7 @@ zfs_ioc_recv(zfs_cmd_t *zc)
 #ifdef illumos
 	fp = getf(fd);
 #else
-	fget_read(curthread, fd, cap_rights_init(&rights, CAP_PREAD), &fp);
+	fget_read(curthread, fd, &cap_pread_rights, &fp);
 #endif
 	if (fp == NULL) {
 		nvlist_free(props);
@@ -4744,13 +4743,11 @@ zfs_ioc_send(zfs_cmd_t *zc)
 		dsl_pool_rele(dp, FTAG);
 	} else {
 		file_t *fp;
-		cap_rights_t rights;
 
 #ifdef illumos
 		fp = getf(zc->zc_cookie);
 #else
-		fget_write(curthread, zc->zc_cookie,
-		    cap_rights_init(&rights, CAP_WRITE), &fp);
+		fget_write(curthread, zc->zc_cookie, &cap_write_rights, &fp);
 #endif
 		if (fp == NULL)
 			return (SET_ERROR(EBADF));
@@ -5387,15 +5384,13 @@ static int
 zfs_ioc_diff(zfs_cmd_t *zc)
 {
 	file_t *fp;
-	cap_rights_t rights;
 	offset_t off;
 	int error;
 
 #ifdef illumos
 	fp = getf(zc->zc_cookie);
 #else
-	fget_write(curthread, zc->zc_cookie,
-		    cap_rights_init(&rights, CAP_WRITE), &fp);
+	fget_write(curthread, zc->zc_cookie, &cap_write_rights, &fp);
 #endif
 	if (fp == NULL)
 		return (SET_ERROR(EBADF));
@@ -5787,7 +5782,6 @@ zfs_ioc_unjail(zfs_cmd_t *zc)
 static int
 zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl)
 {
-	cap_rights_t rights;
 	file_t *fp;
 	int error;
 	offset_t off;
@@ -5815,7 +5809,7 @@ zfs_ioc_send_new(const char *snapname, nvlist_t *innvl
 #ifdef illumos
 	file_t *fp = getf(fd);
 #else
-	fget_write(curthread, fd, cap_rights_init(&rights, CAP_WRITE), &fp);
+	fget_write(curthread, fd, &cap_write_rights, &fp);
 #endif
 	if (fp == NULL)
 		return (SET_ERROR(EBADF));

Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_onexit.c
==============================================================================
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_onexit.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_onexit.c	Wed May  9 18:47:24 2018	(r333425)
@@ -126,7 +126,7 @@ zfs_onexit_fd_hold(int fd, minor_t *minorp)
 	void *data;
 	int error;
 
-	fp = getf(fd, cap_rights_init(&rights));
+	fp = getf(fd, &cap_no_rights);
 	if (fp == NULL)
 		return (SET_ERROR(EBADF));
 

Modified: head/sys/compat/cloudabi/cloudabi_file.c
==============================================================================
--- head/sys/compat/cloudabi/cloudabi_file.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/compat/cloudabi/cloudabi_file.c	Wed May  9 18:47:24 2018	(r333425)
@@ -390,12 +390,11 @@ cloudabi_sys_file_readdir(struct thread *td,
 	struct file *fp;
 	struct vnode *vp;
 	void *readbuf;
-	cap_rights_t rights;
 	cloudabi_dircookie_t offset;
 	int error;
 
 	/* Obtain directory vnode. */
-	error = getvnode(td, uap->fd, cap_rights_init(&rights, CAP_READ), &fp);
+	error = getvnode(td, uap->fd, &cap_read_rights, &fp);
 	if (error != 0) {
 		if (error == EINVAL)
 			return (ENOTDIR);
@@ -559,14 +558,13 @@ cloudabi_sys_file_stat_fget(struct thread *td,
 	struct stat sb;
 	cloudabi_filestat_t csb;
 	struct file *fp;
-	cap_rights_t rights;
 	cloudabi_filetype_t filetype;
 	int error;
 
 	memset(&csb, 0, sizeof(csb));
 
 	/* Fetch file descriptor attributes. */
-	error = fget(td, uap->fd, cap_rights_init(&rights, CAP_FSTAT), &fp);
+	error = fget(td, uap->fd, &cap_fstat_rights, &fp);
 	if (error != 0)
 		return (error);
 	error = fo_stat(fp, &sb, td->td_ucred, td);

Modified: head/sys/compat/linux/linux_event.c
==============================================================================
--- head/sys/compat/linux/linux_event.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/compat/linux/linux_event.c	Wed May  9 18:47:24 2018	(r333425)
@@ -1190,14 +1190,13 @@ linux_timerfd_curval(struct timerfd *tfd, struct itime
 int
 linux_timerfd_gettime(struct thread *td, struct linux_timerfd_gettime_args *args)
 {
-	cap_rights_t rights;
 	struct l_itimerspec lots;
 	struct itimerspec ots;
 	struct timerfd *tfd;
 	struct file *fp;
 	int error;
 
-	error = fget(td, args->fd, cap_rights_init(&rights, CAP_READ), &fp);
+	error = fget(td, args->fd, &cap_read_rights, &fp);
 	if (error != 0)
 		return (error);
 	tfd = fp->f_data;
@@ -1225,7 +1224,6 @@ linux_timerfd_settime(struct thread *td, struct linux_
 	struct l_itimerspec lots;
 	struct itimerspec nts, ots;
 	struct timespec cts, ts;
-	cap_rights_t rights;
 	struct timerfd *tfd;
 	struct timeval tv;
 	struct file *fp;
@@ -1241,7 +1239,7 @@ linux_timerfd_settime(struct thread *td, struct linux_
 	if (error != 0)
 		return (error);
 
-	error = fget(td, args->fd, cap_rights_init(&rights, CAP_WRITE), &fp);
+	error = fget(td, args->fd, &cap_write_rights, &fp);
 	if (error != 0)
 		return (error);
 	tfd = fp->f_data;

Modified: head/sys/compat/linux/linux_file.c
==============================================================================
--- head/sys/compat/linux/linux_file.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/compat/linux/linux_file.c	Wed May  9 18:47:24 2018	(r333425)
@@ -89,7 +89,6 @@ linux_creat(struct thread *td, struct linux_creat_args
 static int
 linux_common_open(struct thread *td, int dirfd, char *path, int l_flags, int mode)
 {
-	cap_rights_t rights;
 	struct proc *p = td->td_proc;
 	struct file *fp;
 	int fd;
@@ -144,7 +143,7 @@ linux_common_open(struct thread *td, int dirfd, char *
 	 * checking below.
 	*/
 	fd = td->td_retval[0];
-	if (fget(td, fd, cap_rights_init(&rights, CAP_IOCTL), &fp) == 0) {
+	if (fget(td, fd, &cap_ioctl_rights, &fp) == 0) {
 		if (fp->f_type != DTYPE_VNODE) {
 			fdrop(fp, td);
 			goto done;
@@ -263,13 +262,12 @@ linux_llseek(struct thread *td, struct linux_llseek_ar
 static int
 linux_getdents_error(struct thread *td, int fd, int err)
 {
-	cap_rights_t rights;
 	struct vnode *vp;
 	struct file *fp;
 	int error;
 
 	/* Linux return ENOTDIR in case when fd is not a directory. */
-	error = getvnode(td, fd, cap_rights_init(&rights, CAP_READ), &fp);
+	error = getvnode(td, fd, &cap_read_rights, &fp);
 	if (error != 0)
 		return (error);
 	vp = fp->f_vnode;
@@ -985,15 +983,13 @@ linux_fdatasync(td, uap)
 int
 linux_pread(struct thread *td, struct linux_pread_args *uap)
 {
-	cap_rights_t rights;
 	struct vnode *vp;
 	int error;
 
 	error = kern_pread(td, uap->fd, uap->buf, uap->nbyte, uap->offset);
 	if (error == 0) {
 		/* This seems to violate POSIX but Linux does it. */
-		error = fgetvp(td, uap->fd,
-		    cap_rights_init(&rights, CAP_PREAD), &vp);
+		error = fgetvp(td, uap->fd, &cap_pread_rights, &vp);
 		if (error != 0)
 			return (error);
 		if (vp->v_type == VDIR) {
@@ -1275,7 +1271,6 @@ fcntl_common(struct thread *td, struct linux_fcntl_arg
 {
 	struct l_flock linux_flock;
 	struct flock bsd_flock;
-	cap_rights_t rights;
 	struct file *fp;
 	long arg;
 	int error, result;
@@ -1379,7 +1374,7 @@ fcntl_common(struct thread *td, struct linux_fcntl_arg
 		 * pipes under Linux-2.2.35 at least).
 		 */
 		error = fget(td, args->fd,
-		    cap_rights_init(&rights, CAP_FCNTL), &fp);
+		    &cap_fcntl_rights, &fp);
 		if (error)
 			return (error);
 		if (fp->f_type == DTYPE_PIPE) {

Modified: head/sys/compat/linux/linux_ioctl.c
==============================================================================
--- head/sys/compat/linux/linux_ioctl.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/compat/linux/linux_ioctl.c	Wed May  9 18:47:24 2018	(r333425)
@@ -194,13 +194,12 @@ struct linux_hd_big_geometry {
 static int
 linux_ioctl_hdio(struct thread *td, struct linux_ioctl_args *args)
 {
-	cap_rights_t rights;
 	struct file *fp;
 	int error;
 	u_int sectorsize, fwcylinders, fwheads, fwsectors;
 	off_t mediasize, bytespercyl;
 
-	error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), &fp);
+	error = fget(td, args->fd, &cap_ioctl_rights, &fp);
 	if (error != 0)
 		return (error);
 	switch (args->cmd & 0xffff) {
@@ -278,13 +277,12 @@ linux_ioctl_hdio(struct thread *td, struct linux_ioctl
 static int
 linux_ioctl_disk(struct thread *td, struct linux_ioctl_args *args)
 {
-	cap_rights_t rights;
 	struct file *fp;
 	int error;
 	u_int sectorsize;
 	off_t mediasize;
 
-	error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), &fp);
+	error = fget(td, args->fd, &cap_ioctl_rights, &fp);
 	if (error != 0)
 		return (error);
 	switch (args->cmd & 0xffff) {
@@ -717,11 +715,10 @@ linux_ioctl_termio(struct thread *td, struct linux_ioc
 	struct termios bios;
 	struct linux_termios lios;
 	struct linux_termio lio;
-	cap_rights_t rights;
 	struct file *fp;
 	int error;
 
-	error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), &fp);
+	error = fget(td, args->fd, &cap_ioctl_rights, &fp);
 	if (error != 0)
 		return (error);
 
@@ -1461,11 +1458,10 @@ bsd_to_linux_dvd_authinfo(struct dvd_authinfo *bp, l_d
 static int
 linux_ioctl_cdrom(struct thread *td, struct linux_ioctl_args *args)
 {
-	cap_rights_t rights;
 	struct file *fp;
 	int error;
 
-	error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), &fp);
+	error = fget(td, args->fd, &cap_ioctl_rights, &fp);
 	if (error != 0)
 		return (error);
 	switch (args->cmd & 0xffff) {
@@ -1998,11 +1994,10 @@ linux_ioctl_sound(struct thread *td, struct linux_ioct
 static int
 linux_ioctl_console(struct thread *td, struct linux_ioctl_args *args)
 {
-	cap_rights_t rights;
 	struct file *fp;
 	int error;
 
-	error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), &fp);
+	error = fget(td, args->fd, &cap_ioctl_rights, &fp);
 	if (error != 0)
 		return (error);
 	switch (args->cmd & 0xffff) {
@@ -2411,7 +2406,6 @@ static int
 linux_ioctl_socket(struct thread *td, struct linux_ioctl_args *args)
 {
 	char lifname[LINUX_IFNAMSIZ], ifname[IFNAMSIZ];
-	cap_rights_t rights;
 	struct ifnet *ifp;
 	struct file *fp;
 	int error, type;
@@ -2419,7 +2413,7 @@ linux_ioctl_socket(struct thread *td, struct linux_ioc
 	ifp = NULL;
 	error = 0;
 
-	error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), &fp);
+	error = fget(td, args->fd, &cap_ioctl_rights, &fp);
 	if (error != 0)
 		return (error);
 	type = fp->f_type;
@@ -2649,11 +2643,10 @@ linux_ioctl_socket(struct thread *td, struct linux_ioc
 static int
 linux_ioctl_private(struct thread *td, struct linux_ioctl_args *args)
 {
-	cap_rights_t rights;
 	struct file *fp;
 	int error, type;
 
-	error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), &fp);
+	error = fget(td, args->fd, &cap_ioctl_rights, &fp);
 	if (error != 0)
 		return (error);
 	type = fp->f_type;
@@ -2685,11 +2678,10 @@ linux_ioctl_sg_io(struct thread *td, struct linux_ioct
 {
 	struct sg_io_hdr io;
 	struct sg_io_hdr32 io32;
-	cap_rights_t rights;
 	struct file *fp;
 	int error;
 
-	error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), &fp);
+	error = fget(td, args->fd, &cap_ioctl_rights, &fp);
 	if (error != 0) {
 		printf("sg_linux_ioctl: fget returned %d\n", error);
 		return (error);
@@ -2997,7 +2989,6 @@ linux_v4l_cliplist_copy(struct l_video_window *lvw, st
 static int
 linux_ioctl_v4l(struct thread *td, struct linux_ioctl_args *args)
 {
-	cap_rights_t rights;
 	struct file *fp;
 	int error;
 	struct video_tuner vtun;
@@ -3016,7 +3007,7 @@ linux_ioctl_v4l(struct thread *td, struct linux_ioctl_
 
 	case LINUX_VIDIOCGTUNER:
 		error = fget(td, args->fd,
-		    cap_rights_init(&rights, CAP_IOCTL), &fp);
+		    &cap_ioctl_rights, &fp);
 		if (error != 0)
 			return (error);
 		error = copyin((void *) args->arg, &l_vtun, sizeof(l_vtun));
@@ -3036,7 +3027,7 @@ linux_ioctl_v4l(struct thread *td, struct linux_ioctl_
 
 	case LINUX_VIDIOCSTUNER:
 		error = fget(td, args->fd,
-		    cap_rights_init(&rights, CAP_IOCTL), &fp);
+		    &cap_ioctl_rights, &fp);
 		if (error != 0)
 			return (error);
 		error = copyin((void *) args->arg, &l_vtun, sizeof(l_vtun));
@@ -3055,7 +3046,7 @@ linux_ioctl_v4l(struct thread *td, struct linux_ioctl_
 
 	case LINUX_VIDIOCGWIN:
 		error = fget(td, args->fd,
-		    cap_rights_init(&rights, CAP_IOCTL), &fp);
+		    &cap_ioctl_rights, &fp);
 		if (error != 0)
 			return (error);
 		error = fo_ioctl(fp, VIDIOCGWIN, &vwin, td->td_ucred, td);
@@ -3069,7 +3060,7 @@ linux_ioctl_v4l(struct thread *td, struct linux_ioctl_
 
 	case LINUX_VIDIOCSWIN:
 		error = fget(td, args->fd,
-		    cap_rights_init(&rights, CAP_IOCTL), &fp);
+		    &cap_ioctl_rights, &fp);
 		if (error != 0)
 			return (error);
 		error = copyin((void *) args->arg, &l_vwin, sizeof(l_vwin));
@@ -3094,7 +3085,7 @@ linux_ioctl_v4l(struct thread *td, struct linux_ioctl_
 
 	case LINUX_VIDIOCGFBUF:
 		error = fget(td, args->fd,
-		    cap_rights_init(&rights, CAP_IOCTL), &fp);
+		    &cap_ioctl_rights, &fp);
 		if (error != 0)
 			return (error);
 		error = fo_ioctl(fp, VIDIOCGFBUF, &vbuf, td->td_ucred, td);
@@ -3108,7 +3099,7 @@ linux_ioctl_v4l(struct thread *td, struct linux_ioctl_
 
 	case LINUX_VIDIOCSFBUF:
 		error = fget(td, args->fd,
-		    cap_rights_init(&rights, CAP_IOCTL), &fp);
+		    &cap_ioctl_rights, &fp);
 		if (error != 0)
 			return (error);
 		error = copyin((void *) args->arg, &l_vbuf, sizeof(l_vbuf));
@@ -3138,7 +3129,7 @@ linux_ioctl_v4l(struct thread *td, struct linux_ioctl_
 
 	case LINUX_VIDIOCSMICROCODE:
 		error = fget(td, args->fd,
-		    cap_rights_init(&rights, CAP_IOCTL), &fp);
+		    &cap_ioctl_rights, &fp);
 		if (error != 0)
 			return (error);
 		error = copyin((void *) args->arg, &l_vcode, sizeof(l_vcode));
@@ -3302,7 +3293,6 @@ bsd_to_linux_v4l2_format(struct v4l2_format *vf, struc
 static int
 linux_ioctl_v4l2(struct thread *td, struct linux_ioctl_args *args)
 {
-	cap_rights_t rights;
 	struct file *fp;
 	int error;
 	struct v4l2_format vformat;
@@ -3395,7 +3385,7 @@ linux_ioctl_v4l2(struct thread *td, struct linux_ioctl
 		if (error)
 			return (error);
 		error = fget(td, args->fd,
-		    cap_rights_init(&rights, CAP_IOCTL), &fp);
+		    &cap_ioctl_rights, &fp);
 		if (error)
 			return (error);
 		if (linux_to_bsd_v4l2_format(&l_vformat, &vformat) != 0)
@@ -3420,7 +3410,7 @@ linux_ioctl_v4l2(struct thread *td, struct linux_ioctl
 			return (error);
 		linux_to_bsd_v4l2_standard(&l_vstd, &vstd);
 		error = fget(td, args->fd,
-		    cap_rights_init(&rights, CAP_IOCTL), &fp);
+		    &cap_ioctl_rights, &fp);
 		if (error)
 			return (error);
 		error = fo_ioctl(fp, VIDIOC_ENUMSTD, (caddr_t)&vstd,
@@ -3444,7 +3434,7 @@ linux_ioctl_v4l2(struct thread *td, struct linux_ioctl
 		if (error != 0)
 			return (error);
 		error = fget(td, args->fd,
-		    cap_rights_init(&rights, CAP_IOCTL), &fp);
+		    &cap_ioctl_rights, &fp);
 		if (error != 0)
 			return (error);
 		error = fo_ioctl(fp, VIDIOC_ENUMINPUT, (caddr_t)&vinp,
@@ -3465,7 +3455,7 @@ linux_ioctl_v4l2(struct thread *td, struct linux_ioctl
 		if (error)
 			return (error);
 		error = fget(td, args->fd,
-		    cap_rights_init(&rights, CAP_IOCTL), &fp);
+		    &cap_ioctl_rights, &fp);
 		if (error)
 			return (error);
 		linux_to_bsd_v4l2_buffer(&l_vbuf, &vbuf);
@@ -3640,7 +3630,6 @@ linux_ioctl_fbsd_usb(struct thread *td, struct linux_i
 static int
 linux_ioctl_evdev(struct thread *td, struct linux_ioctl_args *args)
 {
-	cap_rights_t rights;
 	struct file *fp;
 	clockid_t clock;
 	int error;
@@ -3668,7 +3657,7 @@ linux_ioctl_evdev(struct thread *td, struct linux_ioct
 			return (error);
 
 		error = fget(td, args->fd,
-		    cap_rights_init(&rights, CAP_IOCTL), &fp);
+		    &cap_ioctl_rights, &fp);
 		if (error != 0)
 			return (error);
 
@@ -3694,7 +3683,6 @@ linux_ioctl_evdev(struct thread *td, struct linux_ioct
 int
 linux_ioctl(struct thread *td, struct linux_ioctl_args *args)
 {
-	cap_rights_t rights;
 	struct file *fp;
 	struct handler_element *he;
 	int error, cmd;
@@ -3705,7 +3693,7 @@ linux_ioctl(struct thread *td, struct linux_ioctl_args
 		    (unsigned long)args->cmd);
 #endif
 
-	error = fget(td, args->fd, cap_rights_init(&rights, CAP_IOCTL), &fp);
+	error = fget(td, args->fd, &cap_ioctl_rights, &fp);
 	if (error != 0)
 		return (error);
 	if ((fp->f_flag & (FREAD|FWRITE)) == 0) {

Modified: head/sys/compat/linux/linux_mmap.c
==============================================================================
--- head/sys/compat/linux/linux_mmap.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/compat/linux/linux_mmap.c	Wed May  9 18:47:24 2018	(r333425)
@@ -72,7 +72,6 @@ linux_mmap_common(struct thread *td, uintptr_t addr, s
 	int bsd_flags, error;
 	struct file *fp;
 
-	cap_rights_t rights;
 	LINUX_CTR6(mmap2, "0x%lx, %ld, %ld, 0x%08lx, %ld, 0x%lx",
 	    addr, len, prot, flags, fd, pos);
 
@@ -126,7 +125,7 @@ linux_mmap_common(struct thread *td, uintptr_t addr, s
 		 * protection options specified.
 		 */
 
-		error = fget(td, fd, cap_rights_init(&rights, CAP_MMAP), &fp);
+		error = fget(td, fd, &cap_mmap_rights, &fp);
 		if (error != 0)
 			return (error);
 		if (fp->f_type != DTYPE_VNODE && fp->f_type != DTYPE_DEV) {

Modified: head/sys/compat/linux/linux_socket.c
==============================================================================
--- head/sys/compat/linux/linux_socket.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/compat/linux/linux_socket.c	Wed May  9 18:47:24 2018	(r333425)
@@ -766,7 +766,6 @@ linux_bind(struct thread *td, struct linux_bind_args *
 int
 linux_connect(struct thread *td, struct linux_connect_args *args)
 {
-	cap_rights_t rights;
 	struct socket *so;
 	struct sockaddr *sa;
 	struct file *fp;
@@ -788,7 +787,7 @@ linux_connect(struct thread *td, struct linux_connect_
 	 * when on a non-blocking socket. Instead it returns the
 	 * error getsockopt(SOL_SOCKET, SO_ERROR) would return on BSD.
 	 */
-	error = getsock_cap(td, args->s, cap_rights_init(&rights, CAP_CONNECT),
+	error = getsock_cap(td, args->s, &cap_connect_rights,
 	    &fp, &fflag, NULL);
 	if (error != 0)
 		return (error);
@@ -824,7 +823,6 @@ linux_accept_common(struct thread *td, int s, l_uintpt
 		socklen_t * __restrict anamelen;
 		int	flags;
 	} */ bsd_args;
-	cap_rights_t rights;
 	struct socket *so;
 	struct file *fp;
 	int error, error1;
@@ -842,8 +840,7 @@ linux_accept_common(struct thread *td, int s, l_uintpt
 		if (error == EFAULT && namelen != sizeof(struct sockaddr_in))
 			return (EINVAL);
 		if (error == EINVAL) {
-			error1 = getsock_cap(td, s,
-			    cap_rights_init(&rights, CAP_ACCEPT), &fp, NULL, NULL);
+			error1 = getsock_cap(td, s, &cap_accept_rights, &fp, NULL, NULL);
 			if (error1 != 0)
 				return (error1);
 			so = fp->f_data;

Modified: head/sys/compat/linux/linux_stats.c
==============================================================================
--- head/sys/compat/linux/linux_stats.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/compat/linux/linux_stats.c	Wed May  9 18:47:24 2018	(r333425)
@@ -103,14 +103,13 @@ translate_fd_major_minor(struct thread *td, int fd, st
 {
 	struct file *fp;
 	struct vnode *vp;
-	cap_rights_t rights;
 	int major, minor;
 
 	/*
 	 * No capability rights required here.
 	 */
 	if ((!S_ISCHR(buf->st_mode) && !S_ISBLK(buf->st_mode)) ||
-	    fget(td, fd, cap_rights_init(&rights), &fp) != 0)
+	    fget(td, fd, &cap_no_rights, &fp) != 0)
 		return;
 	vp = fp->f_vnode;
 	if (vp != NULL && vp->v_rdev != NULL &&
@@ -680,12 +679,11 @@ linux_newfstatat(struct thread *td, struct linux_newfs
 int
 linux_syncfs(struct thread *td, struct linux_syncfs_args *args)
 {
-	cap_rights_t rights;
 	struct mount *mp;
 	struct vnode *vp;
 	int error, save;
 
-	error = fgetvp(td, args->fd, cap_rights_init(&rights, CAP_FSYNC), &vp);
+	error = fgetvp(td, args->fd, &cap_fsync_rights, &vp);
 	if (error != 0)
 		/*
 		 * Linux syncfs() returns only EBADF, however fgetvp()

Modified: head/sys/compat/linuxkpi/common/include/linux/file.h
==============================================================================
--- head/sys/compat/linuxkpi/common/include/linux/file.h	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/compat/linuxkpi/common/include/linux/file.h	Wed May  9 18:47:24 2018	(r333425)
@@ -50,12 +50,11 @@ extern struct fileops linuxfileops;
 static inline struct linux_file *
 linux_fget(unsigned int fd)
 {
-	cap_rights_t rights;
 	struct file *file;
 
 	/* lookup file pointer by file descriptor index */
 	if (fget_unlocked(curthread->td_proc->p_fd, fd,
-	    cap_rights_init(&rights), &file, NULL) != 0)
+	    &cap_no_rights, &file, NULL) != 0)
 		return (NULL);
 
 	/* check if file handle really belongs to us */
@@ -88,11 +87,10 @@ file_count(struct linux_file *filp)
 static inline void
 put_unused_fd(unsigned int fd)
 {
-	cap_rights_t rights;
 	struct file *file;
 
 	if (fget_unlocked(curthread->td_proc->p_fd, fd,
-	    cap_rights_init(&rights), &file, NULL) != 0) {
+	    &cap_no_rights, &file, NULL) != 0) {
 		return;
 	}
 	/*
@@ -109,11 +107,10 @@ put_unused_fd(unsigned int fd)
 static inline void
 fd_install(unsigned int fd, struct linux_file *filp)
 {
-	cap_rights_t rights;
 	struct file *file;
 
 	if (fget_unlocked(curthread->td_proc->p_fd, fd,
-	    cap_rights_init(&rights), &file, NULL) != 0) {
+	    &cap_no_rights, &file, NULL) != 0) {
 		filp->_file = NULL;
 	} else {
 		filp->_file = file;

Modified: head/sys/dev/filemon/filemon.c
==============================================================================
--- head/sys/dev/filemon/filemon.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/dev/filemon/filemon.c	Wed May  9 18:47:24 2018	(r333425)
@@ -361,7 +361,6 @@ filemon_ioctl(struct cdev *dev, u_long cmd, caddr_t da
 	int error = 0;
 	struct filemon *filemon;
 	struct proc *p;
-	cap_rights_t rights;
 
 	if ((error = devfs_get_cdevpriv((void **) &filemon)) != 0)
 		return (error);
@@ -377,7 +376,7 @@ filemon_ioctl(struct cdev *dev, u_long cmd, caddr_t da
 		}
 
 		error = fget_write(td, *(int *)data,
-		    cap_rights_init(&rights, CAP_PWRITE),
+		    &cap_pwrite_rights,
 		    &filemon->fp);
 		if (error == 0)
 			/* Write the file header. */

Modified: head/sys/dev/hwpmc/hwpmc_logging.c
==============================================================================
--- head/sys/dev/hwpmc/hwpmc_logging.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/dev/hwpmc/hwpmc_logging.c	Wed May  9 18:47:24 2018	(r333425)
@@ -638,7 +638,6 @@ int
 pmclog_configure_log(struct pmc_mdep *md, struct pmc_owner *po, int logfd)
 {
 	struct proc *p;
-	cap_rights_t rights;
 	int error;
 
 	sx_assert(&pmc_sx, SA_XLOCKED);
@@ -655,8 +654,7 @@ pmclog_configure_log(struct pmc_mdep *md, struct pmc_o
 		po->po_file));
 
 	/* get a reference to the file state */
-	error = fget_write(curthread, logfd,
-	    cap_rights_init(&rights, CAP_WRITE), &po->po_file);
+	error = fget_write(curthread, logfd, &cap_write_rights, &po->po_file);
 	if (error)
 		goto error;
 

Modified: head/sys/fs/fdescfs/fdesc_vnops.c
==============================================================================
--- head/sys/fs/fdescfs/fdesc_vnops.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/fs/fdescfs/fdesc_vnops.c	Wed May  9 18:47:24 2018	(r333425)
@@ -286,7 +286,6 @@ fdesc_lookup(struct vop_lookup_args *ap)
 	struct thread *td = cnp->cn_thread;
 	struct file *fp;
 	struct fdesc_get_ino_args arg;
-	cap_rights_t rights;
 	int nlen = cnp->cn_namelen;
 	u_int fd, fd1;
 	int error;
@@ -331,7 +330,7 @@ fdesc_lookup(struct vop_lookup_args *ap)
 	/*
 	 * No rights to check since 'fp' isn't actually used.
 	 */
-	if ((error = fget(td, fd, cap_rights_init(&rights), &fp)) != 0)
+	if ((error = fget(td, fd, &cap_no_rights, &fp)) != 0)
 		goto bad;
 
 	/* Check if we're looking up ourselves. */
@@ -613,7 +612,6 @@ static int
 fdesc_readlink(struct vop_readlink_args *va)
 {
 	struct vnode *vp, *vn;
-	cap_rights_t rights;
 	struct thread *td;
 	struct uio *uio;
 	struct file *fp;
@@ -631,7 +629,7 @@ fdesc_readlink(struct vop_readlink_args *va)
 	VOP_UNLOCK(vn, 0);
 
 	td = curthread;
-	error = fget_cap(td, fd_fd, cap_rights_init(&rights), &fp, NULL);
+	error = fget_cap(td, fd_fd, &cap_no_rights, &fp, NULL);
 	if (error != 0)
 		goto out;
 

Modified: head/sys/fs/fuse/fuse_vfsops.c
==============================================================================
--- head/sys/fs/fuse/fuse_vfsops.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/fs/fuse/fuse_vfsops.c	Wed May  9 18:47:24 2018	(r333425)
@@ -222,7 +222,6 @@ fuse_vfsop_mount(struct mount *mp)
 	struct file *fp, *fptmp;
 	char *fspec, *subtype;
 	struct vfsoptlist *opts;
-	cap_rights_t rights;
 
 	subtype = NULL;
 	max_read_set = 0;
@@ -292,7 +291,7 @@ fuse_vfsop_mount(struct mount *mp)
 
 	FS_DEBUG2G("mntopts 0x%jx\n", (uintmax_t)mntopts);
 
-	err = fget(td, fd, cap_rights_init(&rights, CAP_READ), &fp);
+	err = fget(td, fd, &cap_read_rights, &fp);
 	if (err != 0) {
 		FS_DEBUG("invalid or not opened device: data=%p\n", data);
 		goto out;

Modified: head/sys/kern/kern_descrip.c
==============================================================================
--- head/sys/kern/kern_descrip.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/kern/kern_descrip.c	Wed May  9 18:47:24 2018	(r333425)
@@ -490,7 +490,6 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_
 	struct filedescent *fde;
 	struct proc *p;
 	struct vnode *vp;
-	cap_rights_t rights;
 	int error, flg, tmp;
 	uint64_t bsize;
 	off_t foffset;
@@ -548,8 +547,7 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_
 		break;
 
 	case F_GETFL:
-		error = fget_fcntl(td, fd,
-		    cap_rights_init(&rights, CAP_FCNTL), F_GETFL, &fp);
+		error = fget_fcntl(td, fd, &cap_fcntl_rights, F_GETFL, &fp);
 		if (error != 0)
 			break;
 		td->td_retval[0] = OFLAGS(fp->f_flag);
@@ -557,8 +555,7 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_
 		break;
 
 	case F_SETFL:
-		error = fget_fcntl(td, fd,
-		    cap_rights_init(&rights, CAP_FCNTL), F_SETFL, &fp);
+		error = fget_fcntl(td, fd, &cap_fcntl_rights, F_SETFL, &fp);
 		if (error != 0)
 			break;
 		do {
@@ -585,8 +582,7 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_
 		break;
 
 	case F_GETOWN:
-		error = fget_fcntl(td, fd,
-		    cap_rights_init(&rights, CAP_FCNTL), F_GETOWN, &fp);
+		error = fget_fcntl(td, fd, &cap_fcntl_rights, F_GETOWN, &fp);
 		if (error != 0)
 			break;
 		error = fo_ioctl(fp, FIOGETOWN, &tmp, td->td_ucred, td);
@@ -596,8 +592,7 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_
 		break;
 
 	case F_SETOWN:
-		error = fget_fcntl(td, fd,
-		    cap_rights_init(&rights, CAP_FCNTL), F_SETOWN, &fp);
+		error = fget_fcntl(td, fd, &cap_fcntl_rights, F_SETOWN, &fp);
 		if (error != 0)
 			break;
 		tmp = arg;
@@ -618,8 +613,7 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_
 
 	case F_SETLK:
 	do_setlk:
-		cap_rights_init(&rights, CAP_FLOCK);
-		error = fget_unlocked(fdp, fd, &rights, &fp, NULL);
+		error = fget_unlocked(fdp, fd, &cap_flock_rights, &fp, NULL);
 		if (error != 0)
 			break;
 		if (fp->f_type != DTYPE_VNODE) {
@@ -711,7 +705,7 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_
 		 * that the closing thread was a bit slower and that the
 		 * advisory lock succeeded before the close.
 		 */
-		error = fget_unlocked(fdp, fd, &rights, &fp2, NULL);
+		error = fget_unlocked(fdp, fd, &cap_no_rights, &fp2, NULL);
 		if (error != 0) {
 			fdrop(fp, td);
 			break;
@@ -729,8 +723,7 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_
 		break;
 
 	case F_GETLK:
-		error = fget_unlocked(fdp, fd,
-		    cap_rights_init(&rights, CAP_FLOCK), &fp, NULL);
+		error = fget_unlocked(fdp, fd, &cap_flock_rights, &fp, NULL);
 		if (error != 0)
 			break;
 		if (fp->f_type != DTYPE_VNODE) {
@@ -767,8 +760,7 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_
 		arg = arg ? 128 * 1024: 0;
 		/* FALLTHROUGH */
 	case F_READAHEAD:
-		error = fget_unlocked(fdp, fd,
-		    cap_rights_init(&rights), &fp, NULL);
+		error = fget_unlocked(fdp, fd, &cap_no_rights, &fp, NULL);
 		if (error != 0)
 			break;
 		if (fp->f_type != DTYPE_VNODE) {
@@ -1363,12 +1355,11 @@ int
 kern_fstat(struct thread *td, int fd, struct stat *sbp)
 {
 	struct file *fp;
-	cap_rights_t rights;
 	int error;
 
 	AUDIT_ARG_FD(fd);
 
-	error = fget(td, fd, cap_rights_init(&rights, CAP_FSTAT), &fp);
+	error = fget(td, fd, &cap_fstat_rights, &fp);
 	if (error != 0)
 		return (error);
 
@@ -1445,10 +1436,9 @@ kern_fpathconf(struct thread *td, int fd, int name, lo
 {
 	struct file *fp;
 	struct vnode *vp;
-	cap_rights_t rights;
 	int error;
 
-	error = fget(td, fd, cap_rights_init(&rights, CAP_FPATHCONF), &fp);
+	error = fget(td, fd, &cap_fpathconf_rights, &fp);
 	if (error != 0)
 		return (error);
 
@@ -2982,10 +2972,9 @@ sys_flock(struct thread *td, struct flock_args *uap)
 	struct file *fp;
 	struct vnode *vp;
 	struct flock lf;
-	cap_rights_t rights;
 	int error;
 
-	error = fget(td, uap->fd, cap_rights_init(&rights, CAP_FLOCK), &fp);
+	error = fget(td, uap->fd, &cap_flock_rights, &fp);
 	if (error != 0)
 		return (error);
 	if (fp->f_type != DTYPE_VNODE) {
@@ -3633,7 +3622,7 @@ kern_proc_filedesc_out(struct proc *p,  struct sbuf *s
 #ifdef CAPABILITIES
 		rights = *cap_rights(fdp, i);
 #else /* !CAPABILITIES */
-		cap_rights_init(&rights);
+		rights = cap_no_rights;
 #endif
 		/*
 		 * Create sysctl entry.  It is OK to drop the filedesc

Modified: head/sys/kern/kern_event.c
==============================================================================
--- head/sys/kern/kern_event.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/kern/kern_event.c	Wed May  9 18:47:24 2018	(r333425)
@@ -1286,7 +1286,6 @@ kqueue_register(struct kqueue *kq, struct kevent *kev,
 	struct file *fp;
 	struct knote *kn, *tkn;
 	struct knlist *knl;
-	cap_rights_t rights;
 	int error, filt, event;
 	int haskqglobal, filedesc_unlock;
 
@@ -1322,8 +1321,7 @@ findkn:
 		if (kev->ident > INT_MAX)
 			error = EBADF;
 		else
-			error = fget(td, kev->ident,
-			    cap_rights_init(&rights, CAP_EVENT), &fp);
+			error = fget(td, kev->ident, &cap_event_rights, &fp);
 		if (error)
 			goto done;
 

Modified: head/sys/kern/kern_exec.c
==============================================================================
--- head/sys/kern/kern_exec.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/kern/kern_exec.c	Wed May  9 18:47:24 2018	(r333425)
@@ -374,7 +374,6 @@ do_execve(struct thread *td, struct image_args *args, 
 	struct ucred *tracecred = NULL;
 #endif
 	struct vnode *oldtextvp = NULL, *newtextvp;
-	cap_rights_t rights;
 	int credential_changing;
 	int textset;
 #ifdef MAC
@@ -455,8 +454,7 @@ interpret:
 		/*
 		 * Descriptors opened only with O_EXEC or O_RDONLY are allowed.
 		 */
-		error = fgetvp_exec(td, args->fd,
-		    cap_rights_init(&rights, CAP_FEXECVE), &newtextvp);
+		error = fgetvp_exec(td, args->fd, &cap_fexecve_rights, &newtextvp);
 		if (error)
 			goto exec_fail;
 		vn_lock(newtextvp, LK_EXCLUSIVE | LK_RETRY);

Modified: head/sys/kern/kern_sendfile.c
==============================================================================
--- head/sys/kern/kern_sendfile.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/kern/kern_sendfile.c	Wed May  9 18:47:24 2018	(r333425)
@@ -511,7 +511,6 @@ static int
 sendfile_getsock(struct thread *td, int s, struct file **sock_fp,
     struct socket **so)
 {
-	cap_rights_t rights;
 	int error;
 
 	*sock_fp = NULL;
@@ -520,7 +519,7 @@ sendfile_getsock(struct thread *td, int s, struct file
 	/*
 	 * The socket must be a stream socket and connected.
 	 */
-	error = getsock_cap(td, s, cap_rights_init(&rights, CAP_SEND),
+	error = getsock_cap(td, s, &cap_send_rights,
 	    sock_fp, NULL, NULL);
 	if (error != 0)
 		return (error);
@@ -949,7 +948,6 @@ sendfile(struct thread *td, struct sendfile_args *uap,
 	struct sf_hdtr hdtr;
 	struct uio *hdr_uio, *trl_uio;
 	struct file *fp;
-	cap_rights_t rights;
 	off_t sbytes;
 	int error;
 
@@ -1000,10 +998,8 @@ sendfile(struct thread *td, struct sendfile_args *uap,
 	 * sendfile(2) can start at any offset within a file so we require
 	 * CAP_READ+CAP_SEEK = CAP_PREAD.
 	 */
-	if ((error = fget_read(td, uap->fd,
-	    cap_rights_init(&rights, CAP_PREAD), &fp)) != 0) {
+	if ((error = fget_read(td, uap->fd, &cap_pread_rights, &fp)) != 0)
 		goto out;
-	}
 
 	error = fo_sendfile(fp, uap->s, hdr_uio, trl_uio, uap->offset,
 	    uap->nbytes, &sbytes, uap->flags, td);

Modified: head/sys/kern/kern_sig.c
==============================================================================
--- head/sys/kern/kern_sig.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/kern/kern_sig.c	Wed May  9 18:47:24 2018	(r333425)
@@ -1789,7 +1789,6 @@ int
 sys_pdkill(struct thread *td, struct pdkill_args *uap)
 {
 	struct proc *p;
-	cap_rights_t rights;
 	int error;
 
 	AUDIT_ARG_SIGNUM(uap->signum);
@@ -1797,8 +1796,7 @@ sys_pdkill(struct thread *td, struct pdkill_args *uap)
 	if ((u_int)uap->signum > _SIG_MAXSIG)
 		return (EINVAL);
 
-	error = procdesc_find(td, uap->fd,
-	    cap_rights_init(&rights, CAP_PDKILL), &p);
+	error = procdesc_find(td, uap->fd, &cap_pdkill_rights, &p);
 	if (error)
 		return (error);
 	AUDIT_ARG_PROCESS(p);

Modified: head/sys/kern/subr_capability.c
==============================================================================
--- head/sys/kern/subr_capability.c	Wed May  9 18:41:04 2018	(r333424)
+++ head/sys/kern/subr_capability.c	Wed May  9 18:47:24 2018	(r333425)
@@ -41,7 +41,7 @@ __FBSDID("$FreeBSD$");
 
 #ifdef _KERNEL
 #include <sys/systm.h>
-
+#include <sys/kernel.h>
 #include <machine/stdarg.h>
 #else	/* !_KERNEL */
 #include <assert.h>
@@ -53,6 +53,38 @@ __FBSDID("$FreeBSD$");
 
 #ifdef _KERNEL
 #define	assert(exp)	KASSERT((exp), ("%s:%u", __func__, __LINE__))
+
+CAP_RIGHTS_DEFINE1(cap_accept_rights, CAP_ACCEPT);
+CAP_RIGHTS_DEFINE1(cap_bind_rights, CAP_BIND);
+CAP_RIGHTS_DEFINE1(cap_connect_rights, CAP_CONNECT);
+CAP_RIGHTS_DEFINE1(cap_event_rights, CAP_EVENT);
+CAP_RIGHTS_DEFINE1(cap_fchdir_rights, CAP_FCHDIR);
+CAP_RIGHTS_DEFINE1(cap_fcntl_rights, CAP_FCNTL);
+CAP_RIGHTS_DEFINE1(cap_fexecve_rights, CAP_FEXECVE);
+CAP_RIGHTS_DEFINE1(cap_flock_rights, CAP_FLOCK);
+CAP_RIGHTS_DEFINE1(cap_fpathconf_rights, CAP_FPATHCONF);
+CAP_RIGHTS_DEFINE1(cap_fstat_rights, CAP_FSTAT);
+CAP_RIGHTS_DEFINE1(cap_fsync_rights, CAP_FSYNC);
+CAP_RIGHTS_DEFINE1(cap_ftruncate_rights, CAP_FTRUNCATE);
+CAP_RIGHTS_DEFINE1(cap_getpeername_rights, CAP_GETPEERNAME);
+CAP_RIGHTS_DEFINE1(cap_getsockname_rights, CAP_GETSOCKNAME);
+CAP_RIGHTS_DEFINE1(cap_getsockopt_rights, CAP_GETSOCKOPT);
+CAP_RIGHTS_DEFINE1(cap_ioctl_rights, CAP_IOCTL);
+CAP_RIGHTS_DEFINE1(cap_listen_rights, CAP_LISTEN);
+CAP_RIGHTS_DEFINE1(cap_mmap_rights, CAP_MMAP);
+CAP_RIGHTS_DEFINE1(cap_pdgetpid_rights, CAP_PDGETPID);
+CAP_RIGHTS_DEFINE1(cap_pdkill_rights, CAP_PDKILL);
+CAP_RIGHTS_DEFINE1(cap_pread_rights, CAP_PREAD);
+CAP_RIGHTS_DEFINE1(cap_pwrite_rights, CAP_PWRITE);
+CAP_RIGHTS_DEFINE1(cap_read_rights, CAP_READ);
+CAP_RIGHTS_DEFINE1(cap_recv_rights, CAP_RECV);
+CAP_RIGHTS_DEFINE1(cap_send_rights, CAP_SEND);
+CAP_RIGHTS_DEFINE1(cap_setsockopt_rights, CAP_SETSOCKOPT);
+CAP_RIGHTS_DEFINE1(cap_shutdown_rights, CAP_SHUTDOWN);
+CAP_RIGHTS_DEFINE1(cap_write_rights, CAP_WRITE);
+
+__read_mostly cap_rights_t cap_no_rights;
+CAP_RIGHTS_SYSINIT0(cap_no_rights, cap_no_rights);
 #endif
 
 #define	CAPARSIZE_MIN	(CAP_RIGHTS_VERSION_00 + 2)

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201805091847.w49IlPPa014617>