From owner-p4-projects@FreeBSD.ORG Wed Jun 17 11:04:16 2009 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 492BD1065672; Wed, 17 Jun 2009 11:04:16 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 099A3106566B for ; Wed, 17 Jun 2009 11:04:16 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id CE7788FC1E for ; Wed, 17 Jun 2009 11:04:15 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n5HB4F5I081176 for ; Wed, 17 Jun 2009 11:04:15 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n5HB4FnC081170 for perforce@freebsd.org; Wed, 17 Jun 2009 11:04:15 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Wed, 17 Jun 2009 11:04:15 GMT Message-Id: <200906171104.n5HB4FnC081170@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 164565 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2009 11:04:17 -0000 http://perforce.freebsd.org/chv.cgi?CH=164565 Change 164565 by rwatson@rwatson_freebsd_capabilities on 2009/06/17 11:04:03 Rather than using a special binary name to get to the sandbox workloop when gzip runs, define 'cap_main' as the work loop function, and compile with -rdynamic so that the symbol is visible to rtld. This means that the sandbox component of the gzip binary is the only thing that runs in sandbox mode, but that the same binary is used for both environments. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/Makefile#3 edit .. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzip.c#5 edit .. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzip.h#1 add .. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzsandbox.c#2 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/Makefile#3 (text+ko) ==== @@ -10,6 +10,7 @@ DPADD= ${LIBZ} ${LIBCAPABILITY} LDADD= -lz -lcapability WARNS?= 6 +CFLAGS+= -rdynamic # For sandbox cap_main .if ${MK_BZIP2_SUPPORT} != "no" DPADD+= ${LIBBZ2} ==== //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzip.c#5 (text+ko) ==== @@ -304,8 +304,6 @@ else if (strcmp(progname, "zcat") == 0 || strcmp(progname, "gzcat") == 0) dflag = cflag = 1; - else if (strcmp(progname, "gzip_sandbox") == 0) - sandbox_workloop(); #ifdef SMALL #define OPT_LIST "123456789cdhltV" ==== //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzsandbox.c#2 (text+ko) ==== @@ -48,7 +48,7 @@ #include "gzip.h" -#define LC_USR_BIN_GZIP_SANDBOX "/usr/bin/gzip_sandbox" +#define LC_USR_BIN_GZIP_SANDBOX "/usr/bin/gzip" static char *lc_sandbox_argv[] = { __DECONST(char *, LC_USR_BIN_GZIP_SANDBOX), NULL }; @@ -243,8 +243,9 @@ filename)); } + int -sandbox_workloop(void) +cap_main(__unused int argc, __unused char *argv[]) { int fdarray[2], fdcount; struct lc_host *lchp;