From owner-p4-projects@FreeBSD.ORG Wed Jun 10 19:30:04 2009 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 960E6106566C; Wed, 10 Jun 2009 19:30:03 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5761E106564A for ; Wed, 10 Jun 2009 19:30:03 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 4289D8FC13 for ; Wed, 10 Jun 2009 19:30:03 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n5AJU3pQ066597 for ; Wed, 10 Jun 2009 19:30:03 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n5AJU3GX066579 for perforce@freebsd.org; Wed, 10 Jun 2009 19:30:03 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Wed, 10 Jun 2009 19:30:03 GMT Message-Id: <200906101930.n5AJU3GX066579@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 164035 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2009 19:30:04 -0000 http://perforce.freebsd.org/chv.cgi?CH=164035 Change 164035 by rwatson@rwatson_freebsd_capabilities on 2009/06/10 19:29:57 Continue agent -> sandbox rename. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/Makefile#6 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#5 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.c#5 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#7 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#6 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox.c#2 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox_api.h#2 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/Makefile#6 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#5 (text+ko) ==== @@ -47,27 +47,27 @@ .Ft int .Fn lc_limitfd "int fd" "cap_rights_t rights" .Ft int -.Fn lch_start "const char *agent" "char *const argv[]" "struct lc_agent **lcap" +.Fn lch_start "const char *sandbox" "char *const argv[]" "struct lc_sandbox **lcap" .Ft void -.Fn lch_stop "struct lc_agent *lcap" +.Fn lch_stop "struct lc_sandbox *lcap" .Ft int -.Fn lch_getsock "struct lc_agent *lcap" "int *fdp" +.Fn lch_getsock "struct lc_sandbox *lcap" "int *fdp" .Ft int -.Fn lch_getpid "struct lc_agent *lcap" "pid_t *pidp" +.Fn lch_getpid "struct lc_sandbox *lcap" "pid_t *pidp" .Ft int -.Fn lch_getprocdesc "struct lc_agent *lcap" "int *fdp" +.Fn lch_getprocdesc "struct lc_sandbox *lcap" "int *fdp" .Ft ssize_t -.Fn lch_recv "struct lc_agent *lcap, void *buf" "size_t len" "int flags" +.Fn lch_recv "struct lc_sandbox *lcap, void *buf" "size_t len" "int flags" .Ft ssize_t -.Fn lch_send "struct lc_agent *lcap" "const void *msg" "size_t len" "int flags" +.Fn lch_send "struct lc_sandbox *lcap" "const void *msg" "size_t len" "int flags" .Ft int -.Fn lca_get "struct lc_host **lchpp" +.Fn lcs_get "struct lc_host **lchpp" .Ft int -.Fn lca_getsock "struct lc_host *lchp" "int *fdp" +.Fn lcs_getsock "struct lc_host *lchp" "int *fdp" .Ft ssize_t -.Fn lca_recv "struct lc_host *lchp" "void *buf" "size_t len" "int flags" +.Fn lcs_recv "struct lc_host *lchp" "void *buf" "size_t len" "int flags" .Ft ssize_t -.Fn lca_send "struct lc_host *lchp" "const void *msg" "size_t len" "int flags" +.Fn lcs_send "struct lc_host *lchp" "const void *msg" "size_t len" "int flags" .Sh DESCRIPTION The .Nm @@ -76,25 +76,25 @@ .Sh HOST API The .Nm -host API allows processes to start, stop, and manage agents running in +host API allows processes to start, stop, and manage sandboxs running in capability mode. Host API functions can be identified by their function name prefix, .Dv lch_ . .Pp -Each executing agent instance is described by an opaque -.Dt "struct lc_agent" , +Each executing sandbox instance is described by an opaque +.Dt "struct lc_sandbox" , which is returned by .Fn lch_start -for successfully started agents, and passed into other APIs to indicate which -agent should be acted on. +for successfully started sandboxs, and passed into other APIs to indicate which +sandbox should be acted on. .Fn lch_start -creates a new executing agent, given the name of the agent binary via -.Va agent . -Executing agents may be stopped (and state freed) using +creates a new executing sandbox, given the name of the sandbox binary via +.Va sandbox . +Executing sandboxs may be stopped (and state freed) using .Fn lch_stop . .Pp -Properties of the agent, such as the socket used to communicate with it, -the proces descriptor for the agent process, and the pid, may be queried +Properties of the sandbox, such as the socket used to communicate with it, +the proces descriptor for the sandbox process, and the pid, may be queried using .Fn lch_getsock , .Fn lch_getprocdesc , @@ -108,32 +108,32 @@ .Xr recv 2 and .Xr send 2 -to avoid agent consumers from having to query agent socket file descriptors +to avoid sandbox consumers from having to query sandbox socket file descriptors before use. -.Sh AGENT API +.Sh SANDBOX API The .Nm -agent API allows agent processes to interact with their host process. -Agent API functions can be identified by their function name prefix, -.Dv lca_ . +sandbox API allows sandbox processes to interact with their host process. +Sandbox API functions can be identified by their function name prefix, +.Dv lcs_ . .Pp -Each executing agent will have a single corresponding host instance, +Each executing sandbox will have a single corresponding host instance, described by an opaque .Dt "struct lc_host" , which is returned by -.Fn lca_get . +.Fn lcs_get . .Pp The socket for the host may be queried using -.Fn lca_getsock . +.Fn lcs_getsock . .Pp -.Fn lca_recv +.Fn lcs_recv and -.Fn lca_send +.Fn lcs_send provide simple wrappers around .Xr recv 2 and .Xr send 2 -to avoid agents having to query host socket file descriptors before use. +to avoid sandboxs having to query host socket file descriptors before use. .Sh SEE ALSO .Xr cap_enter 2 .Xr cap_new 2 ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.c#5 (text+ko) ==== @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.c#4 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.c#5 $ */ #include ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#7 (text+ko) ==== @@ -30,13 +30,13 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#6 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#7 $ */ #ifndef _LIBCAPABILITY_H_ #define _LIBCAPABILITY_H_ -struct lc_agent; +struct lc_sandbox; struct lc_host; /* @@ -45,33 +45,33 @@ int lc_limitfd(int fd, cap_rights_t rights); /* - * Interfaces to start and stop capability mode agents. + * Interfaces to start and stop capability mode sandboxs. */ -int lch_start(const char *agent, char *const argv[], - struct lc_agent **lcapp); -void lch_stop(struct lc_agent *lcap); +int lch_start(const char *sandbox, char *const argv[], + struct lc_sandbox **lcapp); +void lch_stop(struct lc_sandbox *lcap); /* - * Interfaces to query state about capability mode agents. + * Interfaces to query state about capability mode sandboxs. */ -int lch_getsock(struct lc_agent *lcap, int *fdp); -int lch_getpid(struct lc_agent *lcap, pid_t *pidp); -int lch_getprocdesc(struct lc_agent *lcap, int *fdp); +int lch_getsock(struct lc_sandbox *lcap, int *fdp); +int lch_getpid(struct lc_sandbox *lcap, pid_t *pidp); +int lch_getprocdesc(struct lc_sandbox *lcap, int *fdp); /* - * I/O interfaces for capability mode agents. + * I/O interfaces for capability mode sandboxs. */ -ssize_t lch_recv(struct lc_agent *lcap, void *buf, size_t len, int flags); -ssize_t lch_send(struct lc_agent *lcap, const void *msg, size_t len, +ssize_t lch_recv(struct lc_sandbox *lcap, void *buf, size_t len, int flags); +ssize_t lch_send(struct lc_sandbox *lcap, const void *msg, size_t len, int flags); /* - * Capability mode agent APIs. + * Capability mode sandbox APIs. */ -int lca_get(struct lc_host **lchpp); -int lca_getsock(struct lc_host *lchp, int *fdp); -ssize_t lca_recv(struct lc_host *lchp, void *buf, size_t len, int flags); -ssize_t lca_send(struct lc_host *lchp, const void *msg, size_t len, +int lcs_get(struct lc_host **lchpp); +int lcs_getsock(struct lc_host *lchp, int *fdp); +ssize_t lcs_recv(struct lc_host *lchp, void *buf, size_t len, int flags); +ssize_t lcs_send(struct lc_host *lchp, const void *msg, size_t len, int flags); #endif /* !_LIBCAPABILITY_H_ */ ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#6 (text+ko) ==== @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#5 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#6 $ */ #include @@ -47,7 +47,7 @@ #include #include "libcapability.h" -#include "libcapability_agent_api.h" +#include "libcapability_sandbox_api.h" #define LIBCAPABILITY_CAPMASK_DEVNULL (CAP_EVENT | CAP_READ | CAP_WRITE) #define LIBCAPABILITY_CAPMASK_SOCK (CAP_EVENT | CAP_READ | CAP_WRITE) @@ -55,7 +55,7 @@ CAP_SEEK | CAP_FSTATFS | \ CAP_FEXECVE | CAP_MMAP | \ CAP_MAPEXEC) -#define LIBCAPABILITY_CAPMASK_AGENT LIBCAPABILITY_CAPMASK_BIN +#define LIBCAPABILITY_CAPMASK_SANDBOX LIBCAPABILITY_CAPMASK_BIN #define LIBCAPABILITY_CAPMASK_LDSO LIBCAPABILITY_CAPMASK_BIN #define LIBCAPABILITY_CAPMASK_LIBC LIBCAPABILITY_CAPMASK_BIN #define LIBCAPABILITY_CAPMASK_LIBZ LIBCAPABILITY_CAPMASK_BIN @@ -74,10 +74,10 @@ int closefrom(int lowfd); -struct lc_agent { - int lca_fd_sock; - int lca_fd_procdesc; - pid_t lca_pid; +struct lc_sandbox { + int lcs_fd_sock; + int lcs_fd_procdesc; + pid_t lcs_pid; }; /* @@ -139,10 +139,10 @@ } static void -lch_agent(int fd_sock, int fd_agent, int fd_ldso, int fd_libc, int fd_libz, - char *const argv[]) +lch_sandbox(int fd_sock, int fd_sandbox, int fd_ldso, int fd_libc, + int fd_libz, char *const argv[]) { - char *env_caplibindex, *env_libcapability_agent_api; + char *env_caplibindex, *env_libcapability_sandbox_api; int fd_array[8], fd_devnull; fd_devnull = open(_PATH_DEVNULL, O_RDWR); @@ -151,7 +151,7 @@ if (lc_limitfd(fd_devnull, LIBCAPABILITY_CAPMASK_DEVNULL) < 0) return; - if (lc_limitfd(fd_agent, LIBCAPABILITY_CAPMASK_AGENT) < 0) + if (lc_limitfd(fd_sandbox, LIBCAPABILITY_CAPMASK_SANDBOX) < 0) return; if (lc_limitfd(fd_sock, LIBCAPABILITY_CAPMASK_SOCK) < 0) return; @@ -165,7 +165,7 @@ fd_array[0] = fd_devnull; fd_array[1] = fd_devnull; fd_array[2] = fd_devnull; - fd_array[3] = fd_agent; + fd_array[3] = fd_sandbox; fd_array[4] = fd_sock; fd_array[5] = fd_ldso; fd_array[6] = fd_libc; @@ -188,13 +188,13 @@ * Make sure that libcapability in the sandbox knows that its API * assumptions hold. */ - if (asprintf(&env_libcapability_agent_api, "%s:%d", - LIBCAPABILITY_AGENT_API_SOCK, 4) == -1) + if (asprintf(&env_libcapability_sandbox_api, "%s:%d", + LIBCAPABILITY_SANDBOX_API_SOCK, 4) == -1) return; - if (setenv(LIBCAPABILITY_AGENT_API_ENV, env_libcapability_agent_api, - 1) == -1) + if (setenv(LIBCAPABILITY_SANDBOX_API_ENV, + env_libcapability_sandbox_api, 1) == -1) return; - free(env_libcapability_agent_api); + free(env_libcapability_sandbox_api); if (cap_enter() < 0) return; @@ -203,14 +203,15 @@ } int -lch_start(const char *agent, char *const argv[], struct lc_agent **lcapp) +lch_start(const char *sandbox, char *const argv[], struct lc_sandbox **lcapp) { - struct lc_agent *lcap; - int fd_agent, fd_ldso, fd_libc, fd_libz, fd_procdesc, fd_sockpair[2]; + struct lc_sandbox *lcap; + int fd_sandbox, fd_ldso, fd_libc, fd_libz, fd_procdesc; + int fd_sockpair[2]; int error, val; pid_t pid; - fd_agent = fd_ldso = fd_libc = fd_libz = fd_procdesc = + fd_sandbox = fd_ldso = fd_libc = fd_libz = fd_procdesc = fd_sockpair[0] = fd_sockpair[1] = -1; lcap = malloc(sizeof(*lcap)); @@ -218,9 +219,9 @@ return (-1); bzero(lcap, sizeof(*lcap)); - /* Try the agent first so that ENOENT most likely refers to it. */ - fd_agent = open(agent, O_RDONLY); - if (fd_agent < 0) + /* Try the sandbox first so that ENOENT most likely refers to it. */ + fd_sandbox = open(sandbox, O_RDONLY); + if (fd_sandbox < 0) goto out_error; fd_ldso = open(LD_ELF_CAP_SO, O_RDONLY); @@ -251,19 +252,19 @@ goto out_error; } if (pid == 0) { - lch_agent(fd_sockpair[1], fd_agent, fd_ldso, fd_libc, + lch_sandbox(fd_sockpair[1], fd_sandbox, fd_ldso, fd_libc, fd_libz, argv); exit(-1); } close(fd_libz); close(fd_libc); close(fd_ldso); - close(fd_agent); + close(fd_sandbox); close(fd_sockpair[1]); - lcap->lca_fd_procdesc = fd_procdesc; - lcap->lca_fd_sock = fd_sockpair[0]; - lcap->lca_pid = pid; + lcap->lcs_fd_procdesc = fd_procdesc; + lcap->lcs_fd_sock = fd_sockpair[0]; + lcap->lcs_pid = pid; *lcapp = lcap; return (0); @@ -280,8 +281,8 @@ close(fd_libc); if (fd_ldso != -1) close(fd_ldso); - if (fd_agent != -1) - close(fd_agent); + if (fd_sandbox != -1) + close(fd_sandbox); if (lcap != NULL) free(lcap); errno = error; @@ -289,37 +290,37 @@ } void -lch_stop(struct lc_agent *lcap) +lch_stop(struct lc_sandbox *lcap) { - close(lcap->lca_fd_sock); - close(lcap->lca_fd_procdesc); - lcap->lca_fd_sock = -1; - lcap->lca_fd_procdesc = -1; - lcap->lca_pid = -1; + close(lcap->lcs_fd_sock); + close(lcap->lcs_fd_procdesc); + lcap->lcs_fd_sock = -1; + lcap->lcs_fd_procdesc = -1; + lcap->lcs_pid = -1; } int -lch_getsock(struct lc_agent *lcap, int *fdp) +lch_getsock(struct lc_sandbox *lcap, int *fdp) { - *fdp = lcap->lca_fd_sock; + *fdp = lcap->lcs_fd_sock; return (0); } int -lch_getpid(struct lc_agent *lcap, pid_t *pidp) +lch_getpid(struct lc_sandbox *lcap, pid_t *pidp) { - *pidp = lcap->lca_pid; + *pidp = lcap->lcs_pid; return (0); } int -lch_getprocdesc(struct lc_agent *lcap, int *fdp) +lch_getprocdesc(struct lc_sandbox *lcap, int *fdp) { - *fdp = lcap->lca_fd_procdesc; + *fdp = lcap->lcs_fd_procdesc; return (0); } @@ -328,25 +329,25 @@ * on the worker should take place here. */ ssize_t -lch_send(struct lc_agent *lcap, const void *msg, size_t len, int flags) +lch_send(struct lc_sandbox *lcap, const void *msg, size_t len, int flags) { - if (lcap->lca_fd_sock == -1 || - lcap->lca_fd_sock == 0) { + if (lcap->lcs_fd_sock == -1 || + lcap->lcs_fd_sock == 0) { errno = ESRCH; return (-1); } - return (send(lcap->lca_fd_sock, msg, len, flags)); + return (send(lcap->lcs_fd_sock, msg, len, flags)); } ssize_t -lch_recv(struct lc_agent *lcap, void *buf, size_t len, int flags) +lch_recv(struct lc_sandbox *lcap, void *buf, size_t len, int flags) { - if (lcap->lca_fd_sock == -1 || - lcap->lca_fd_sock == 0) { + if (lcap->lcs_fd_sock == -1 || + lcap->lcs_fd_sock == 0) { errno = ESRCH; return (-1); } - return (recv(lcap->lca_fd_sock, buf, len, flags)); + return (recv(lcap->lcs_fd_sock, buf, len, flags)); } ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox.c#2 (text+ko) ==== @@ -44,7 +44,7 @@ #include #include "libcapability.h" -#include "libcapability_agent_api.h" +#include "libcapability_sandbox_api.h" struct lc_host { int lch_fd_sock; @@ -54,7 +54,7 @@ static struct lc_host lch_global; int -lca_get(struct lc_host **lchpp) +lcs_get(struct lc_host **lchpp) { char *endp, *env, *env_dup, *env_dup_free, *name, *token, *value; long long ll; @@ -65,7 +65,7 @@ return (0); } - env = getenv(LIBCAPABILITY_AGENT_API_ENV); + env = getenv(LIBCAPABILITY_SANDBOX_API_ENV); if (env == NULL) { errno = EINVAL; /* XXXRW: Better errno? */ return (-1); @@ -81,7 +81,7 @@ value = strsep(&token, ":"); if (value == NULL) continue; - if (strcmp(name, LIBCAPABILITY_AGENT_API_SOCK) == 0) { + if (strcmp(name, LIBCAPABILITY_SANDBOX_API_SOCK) == 0) { ll = strtoll(value, &endp, 10); if (*endp != '\0' || ll < 0 || ll > INT_MAX) continue; @@ -96,7 +96,7 @@ } int -lca_getsock(struct lc_host *lchp, int *fdp) +lcs_getsock(struct lc_host *lchp, int *fdp) { *fdp = lchp->lch_fd_sock; @@ -104,14 +104,14 @@ } ssize_t -lca_recv(struct lc_host *lchp, void *buf, size_t len, int flags) +lcs_recv(struct lc_host *lchp, void *buf, size_t len, int flags) { return (recv(lchp->lch_fd_sock, buf, len, flags)); } ssize_t -lca_send(struct lc_host *lchp, const void *msg, size_t len, int flags) +lcs_send(struct lc_host *lchp, const void *msg, size_t len, int flags) { return (send(lchp->lch_fd_sock, msg, len, flags)); ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox_api.h#2 (text+ko) ==== @@ -30,17 +30,17 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox_api.h#1 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox_api.h#2 $ */ -#ifndef _LIBCAPABILITY_AGENT_API_H_ -#define _LIBCAPABILITY_AGENT_API_H_ +#ifndef _LIBCAPABILITY_SANDBOX_API_H_ +#define _LIBCAPABILITY_SANDBOX_API_H_ /* - * This include file captures the assumptions libcapability agents will make - * about the runtime environment set up by libcapability hosts. + * This include file captures the assumptions libcapability sandboxs will + * make about the runtime environment set up by libcapability hosts. */ -#define LIBCAPABILITY_AGENT_API_ENV "LIBCAPABILITY_AGENT" -#define LIBCAPABILITY_AGENT_API_SOCK "sock" +#define LIBCAPABILITY_SANDBOX_API_ENV "LIBCAPABILITY_SANDBOX" +#define LIBCAPABILITY_SANDBOX_API_SOCK "sock" #endif /* !_LIBCAPABILITY_H_ */