Date: Wed, 3 Jan 2024 16:21:42 -0600 From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: bf7c4fcbbb05 - main - bhyveload: hold /boot and do relative lookups for the loader Message-ID: <151ec650-488a-4ec5-998c-c7a95228205b@FreeBSD.org> In-Reply-To: <202401032219.403MJR4h090902@gitrepo.freebsd.org> References: <202401032219.403MJR4h090902@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/3/24 16:19, Kyle Evans wrote: > The branch main has been updated by kevans: > > URL: https://cgit.FreeBSD.org/src/commit/?id=bf7c4fcbbb05ff99afde0744d013feeb35d77191 > > commit bf7c4fcbbb05ff99afde0744d013feeb35d77191 > Author: Kyle Evans <kevans@FreeBSD.org> > AuthorDate: 2024-01-03 22:17:59 +0000 > Commit: Kyle Evans <kevans@FreeBSD.org> > CommitDate: 2024-01-03 22:19:15 +0000 > > bhyveload: hold /boot and do relative lookups for the loader > > The next change will push bhyveload into capability mode right after we > allocate vcpu state, before we've setup or entered the loader, to limit > the surface area that a rogue loader script can touch. > > With an explicit -l loader, we don't need to preopen /boot because > changing interpreters isn't allowed. We'll just dlopen() entirely in > advance in that case to eliminate some complexity. > Sigh, sorry, just realized I forgot to update this part... the final version just opens the file in advance, it didn't dlopen() it in advance so that, e.g., ctors run in the sandbox. The remark about not preopening /boot is still correct. > Reviewed by: allanjude (earlier version), markj > Differential Revision: https://reviews.freebsd.org/D43285 Thanks, Kyle Evans
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?151ec650-488a-4ec5-998c-c7a95228205b>