From owner-svn-src-projects@FreeBSD.ORG Sat Jan 30 19:48:02 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D1ABF106566B; Sat, 30 Jan 2010 19:48:02 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id C0FBA8FC14; Sat, 30 Jan 2010 19:48:02 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o0UJm2xd090544; Sat, 30 Jan 2010 19:48:02 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o0UJm2ad090539; Sat, 30 Jan 2010 19:48:02 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201001301948.o0UJm2ad090539@svn.freebsd.org> From: Robert Watson Date: Sat, 30 Jan 2010 19:48:02 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203238 - in projects/capabilities8/sys: kern sys X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jan 2010 19:48:02 -0000 Author: rwatson Date: Sat Jan 30 19:48:02 2010 New Revision: 203238 URL: http://svn.freebsd.org/changeset/base/203238 Log: Merge c173679 from the p4 TrustedBSD Capabilities branch to capabilities8: Enable more *at(2) system calls Submitted by: Jonathan Anderson Modified: projects/capabilities8/sys/kern/capabilities.conf projects/capabilities8/sys/kern/init_sysent.c projects/capabilities8/sys/kern/vfs_syscalls.c projects/capabilities8/sys/sys/capability.h Modified: projects/capabilities8/sys/kern/capabilities.conf ============================================================================== --- projects/capabilities8/sys/kern/capabilities.conf Sat Jan 30 19:45:34 2010 (r203237) +++ projects/capabilities8/sys/kern/capabilities.conf Sat Jan 30 19:48:02 2010 (r203238) @@ -38,7 +38,7 @@ ## - sys_exit(2), abort2(2) and close(2) are very important. ## - Sorted alphabetically, please keep it that way. ## -## $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#24 $ +## $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#25 $ ## ## @@ -458,7 +458,13 @@ olio_listio ## faccessat fchmodat +futimesat +mkdirat +rmdirat +mkfifoat +mknodat openat +renameat ## ## Allow poll(2), which will be scoped by capability rights. Modified: projects/capabilities8/sys/kern/init_sysent.c ============================================================================== --- projects/capabilities8/sys/kern/init_sysent.c Sat Jan 30 19:45:34 2010 (r203237) +++ projects/capabilities8/sys/kern/init_sysent.c Sat Jan 30 19:48:02 2010 (r203238) @@ -528,14 +528,14 @@ struct sysent sysent[] = { { AS(fchownat_args), (sy_call_t *)fchownat, AUE_FCHOWNAT, NULL, 0, 0, 0 }, /* 491 = fchownat */ { AS(fexecve_args), (sy_call_t *)fexecve, AUE_FEXECVE, NULL, 0, 0, SYF_CAPENABLED }, /* 492 = fexecve */ { AS(fstatat_args), (sy_call_t *)fstatat, AUE_FSTATAT, NULL, 0, 0, 0 }, /* 493 = fstatat */ - { AS(futimesat_args), (sy_call_t *)futimesat, AUE_FUTIMESAT, NULL, 0, 0, 0 }, /* 494 = futimesat */ + { AS(futimesat_args), (sy_call_t *)futimesat, AUE_FUTIMESAT, NULL, 0, 0, SYF_CAPENABLED }, /* 494 = futimesat */ { AS(linkat_args), (sy_call_t *)linkat, AUE_LINKAT, NULL, 0, 0, 0 }, /* 495 = linkat */ - { AS(mkdirat_args), (sy_call_t *)mkdirat, AUE_MKDIRAT, NULL, 0, 0, 0 }, /* 496 = mkdirat */ - { AS(mkfifoat_args), (sy_call_t *)mkfifoat, AUE_MKFIFOAT, NULL, 0, 0, 0 }, /* 497 = mkfifoat */ - { AS(mknodat_args), (sy_call_t *)mknodat, AUE_MKNODAT, NULL, 0, 0, 0 }, /* 498 = mknodat */ + { AS(mkdirat_args), (sy_call_t *)mkdirat, AUE_MKDIRAT, NULL, 0, 0, SYF_CAPENABLED }, /* 496 = mkdirat */ + { AS(mkfifoat_args), (sy_call_t *)mkfifoat, AUE_MKFIFOAT, NULL, 0, 0, SYF_CAPENABLED }, /* 497 = mkfifoat */ + { AS(mknodat_args), (sy_call_t *)mknodat, AUE_MKNODAT, NULL, 0, 0, SYF_CAPENABLED }, /* 498 = mknodat */ { AS(openat_args), (sy_call_t *)openat, AUE_OPENAT_RWTC, NULL, 0, 0, SYF_CAPENABLED }, /* 499 = openat */ { AS(readlinkat_args), (sy_call_t *)readlinkat, AUE_READLINKAT, NULL, 0, 0, 0 }, /* 500 = readlinkat */ - { AS(renameat_args), (sy_call_t *)renameat, AUE_RENAMEAT, NULL, 0, 0, 0 }, /* 501 = renameat */ + { AS(renameat_args), (sy_call_t *)renameat, AUE_RENAMEAT, NULL, 0, 0, SYF_CAPENABLED }, /* 501 = renameat */ { AS(symlinkat_args), (sy_call_t *)symlinkat, AUE_SYMLINKAT, NULL, 0, 0, 0 }, /* 502 = symlinkat */ { AS(unlinkat_args), (sy_call_t *)unlinkat, AUE_UNLINKAT, NULL, 0, 0, 0 }, /* 503 = unlinkat */ { AS(posix_openpt_args), (sy_call_t *)posix_openpt, AUE_POSIX_OPENPT, NULL, 0, 0, 0 }, /* 504 = posix_openpt */ Modified: projects/capabilities8/sys/kern/vfs_syscalls.c ============================================================================== --- projects/capabilities8/sys/kern/vfs_syscalls.c Sat Jan 30 19:45:34 2010 (r203237) +++ projects/capabilities8/sys/kern/vfs_syscalls.c Sat Jan 30 19:48:02 2010 (r203238) @@ -1372,7 +1372,12 @@ kern_mknodat(struct thread *td, int fd, if (error) return (error); restart: + if (IN_CAPABILITY_MODE(td)) + /* only mkfifoat(2) allowed in capability mode */ + return (EOPNOTSUPP); + bwillwrite(); + NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1, pathseg, path, fd, td); if ((error = namei(&nd)) != 0) @@ -1498,8 +1503,8 @@ kern_mkfifoat(struct thread *td, int fd, AUDIT_ARG_MODE(mode); restart: bwillwrite(); - NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1, - pathseg, path, fd, td); + NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1, + pathseg, path, fd, CAP_MKFIFO, td); if ((error = namei(&nd)) != 0) return (error); vfslocked = NDHASGIANT(&nd); @@ -3125,8 +3130,8 @@ kern_fchownat(struct thread *td, int fd, AUDIT_ARG_OWNER(uid, gid); follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW; - NDINIT_AT(&nd, LOOKUP, follow | MPSAFE | AUDITVNODE1, pathseg, path, - fd, td); + NDINIT_ATRIGHTS(&nd, LOOKUP, follow | MPSAFE | AUDITVNODE1, pathseg, path, + fd, CAP_FCHOWN, td); if ((error = namei(&nd)) != 0) return (error); @@ -3341,8 +3346,8 @@ kern_utimesat(struct thread *td, int fd, if ((error = getutimes(tptr, tptrseg, ts)) != 0) return (error); - NDINIT_AT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, - fd, td); + NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path, + fd, CAP_FUTIMES, td); if ((error = namei(&nd)) != 0) return (error); @@ -3672,11 +3677,11 @@ kern_renameat(struct thread *td, int old bwillwrite(); #ifdef MAC - NDINIT_AT(&fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART | MPSAFE | - AUDITVNODE1, pathseg, old, oldfd, td); + NDINIT_ATRIGHTS(&fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART | + MPSAFE | AUDITVNODE1, pathseg, old, oldfd, CAP_DELETE, td); #else - NDINIT_AT(&fromnd, DELETE, WANTPARENT | SAVESTART | MPSAFE | - AUDITVNODE1, pathseg, old, oldfd, td); + NDINIT_ATRIGHTS(&fromnd, DELETE, WANTPARENT | SAVESTART | MPSAFE | + AUDITVNODE1, pathseg, old, oldfd, CAP_DELETE, td); #endif if ((error = namei(&fromnd)) != 0) @@ -3699,8 +3704,8 @@ kern_renameat(struct thread *td, int old vrele(fvp); goto out1; } - NDINIT_AT(&tond, RENAME, LOCKPARENT | LOCKLEAF | NOCACHE | SAVESTART | - MPSAFE | AUDITVNODE2, pathseg, new, newfd, td); + NDINIT_ATRIGHTS(&tond, RENAME, LOCKPARENT | LOCKLEAF | NOCACHE | + SAVESTART | MPSAFE | AUDITVNODE2, pathseg, new, newfd, CAP_CREATE, td); if (fromnd.ni_vp->v_type == VDIR) tond.ni_cnd.cn_flags |= WILLBEDIR; if ((error = namei(&tond)) != 0) { @@ -3826,8 +3831,8 @@ kern_mkdirat(struct thread *td, int fd, AUDIT_ARG_MODE(mode); restart: bwillwrite(); - NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1, - segflg, path, fd, td); + NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1, + segflg, path, fd, CAP_MKDIR, td); nd.ni_cnd.cn_flags |= WILLBEDIR; if ((error = namei(&nd)) != 0) return (error); @@ -3915,8 +3920,8 @@ kern_rmdirat(struct thread *td, int fd, restart: bwillwrite(); - NDINIT_AT(&nd, DELETE, LOCKPARENT | LOCKLEAF | MPSAFE | AUDITVNODE1, - pathseg, path, fd, td); + NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | MPSAFE | AUDITVNODE1, + pathseg, path, fd, CAP_RMDIR, td); if ((error = namei(&nd)) != 0) return (error); vfslocked = NDHASGIANT(&nd); Modified: projects/capabilities8/sys/sys/capability.h ============================================================================== --- projects/capabilities8/sys/sys/capability.h Sat Jan 30 19:45:34 2010 (r203237) +++ projects/capabilities8/sys/sys/capability.h Sat Jan 30 19:48:02 2010 (r203238) @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#28 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#29 $ */ /* @@ -98,7 +98,12 @@ #define CAP_FSCK 0x0004000000000000ULL /* sysctl_ffs_fsck */ #define CAP_ATBASE 0x0008000000000000ULL /* openat(2), etc. */ #define CAP_ABSOLUTEPATH 0x0010000000000000ULL /* abs. lookup from '/' */ -#define CAP_MASK_VALID 0x001fffffffffffffULL +#define CAP_CREATE 0x0020000000000000ULL /* open, rename, etc. */ +#define CAP_DELETE 0x0040000000000000ULL /* rename, remove, etc. */ +#define CAP_MKDIR 0x0080000000000000ULL /* mkdirat(2), mknodat(2) */ +#define CAP_RMDIR 0x0100000000000000ULL /* rmdirat(2) */ +#define CAP_MKFIFO 0x0200000000000000ULL /* mkfifoat(2) */ +#define CAP_MASK_VALID 0x03ffffffffffffffULL /* * Notes: