Date: Thu, 18 Jun 2009 11:24:48 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 164660 for review Message-ID: <200906181124.n5IBOm21001925@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=164660 Change 164660 by rwatson@rwatson_freebsd_capabilities on 2009/06/18 11:24:33 Collapse lch_start_flags/lch_startfd_flags into lch_start/ lch_startfd, since we seem to almost always use them that way. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/Makefile#15 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#21 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.3#8 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#18 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/fdrpc/fdrpc.c#4 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/fdsendrecv/fdsendrecv.c#3 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_echo/sandbox_echo.c#8 edit .. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzsandbox.c#4 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/Makefile#15 (text+ko) ==== @@ -23,9 +23,7 @@ MLINKS= libcapability.3 lc_limitfd.3 \ libcapability_host.3 lch_autosandbox_isenabled.3 \ libcapability_host.3 lch_start.3 \ - libcapability_host.3 lch_start_flags.3 \ libcapability_host.3 lch_startfd.3 \ - libcapability_host.3 lch_startfd_flags.3 \ libcapability_host.3 lch_stop.3 \ libcapability_host.3 lch_getsock.3 \ libcapability_host.3 lch_getpid.3 \ ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#21 (text+ko) ==== @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#20 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#21 $ */ #ifndef _LIBCAPABILITY_H_ @@ -53,14 +53,10 @@ /* * Interfaces to start and stop capability mode sandboxs. */ -int lch_start(const char *sandbox, char *const argv[], - struct lc_sandbox **lcspp); -int lch_start_flags(const char *sandbox, char *const argv[], u_int flags, +int lch_start(const char *sandbox, char *const argv[], u_int flags, struct lc_sandbox **lcspp); int lch_startfd(int fd_sandbox, const char *binname, char *const argv[], - struct lc_sandbox **lcspp); -int lch_startfd_flags(int fd_sandbox, const char *binname, - char *const argv[], u_int flags, struct lc_sandbox **lcspp); + u_int flags, struct lc_sandbox **lcspp); void lch_stop(struct lc_sandbox *lcsp); /* ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.3#8 (text+ko) ==== @@ -45,13 +45,9 @@ .In sys/capability.h .In libcapability.h .Ft int -.Fn lch_start "const char *sandbox" "char *const argv[]" "struct lc_sandbox **lcsp" +.Fn lch_start "const char *sandbox" "char *const argv[]" "u_int flags" "struct lc_sandbox **lcsp" .Ft int -.Fn lch_start_flags "const char *sandbox" "char *const argv[]" "u_int flags" "struct lc_sandbox **lcsp" -.Ft int -.Fn lch_startfd "int fd_sandbox" "char *const argv[]" "struct lc_sandbox **lcsp" -.Ft int -.Fn lch_startfd_flags "int fd_sandbox" "char *const argv[]" "u_int flags" "struct lc_sandbox **lcsp" +.Fn lch_startfd "int fd_sandbox" "char *const argv[]" "u_int flags" "struct lc_sandbox **lcsp" .Ft void .Fn lch_stop "struct lc_sandbox *lcsp" .Ft int @@ -104,34 +100,28 @@ .Dv lch_ . .Pp Each executing sandbox instance is described by an opaque -.Dt "struct lc_sandbox" , +.Dt "struct lc_sandbox *" , which is returned by .Fn lch_start -and -.Fn lch_start_flags for successfully started sandboxes, and passed into other APIs to indicate which sandbox should be acted on. -Both calls create new executing sandboxes, given the name of the sandbox -binary via +.Fn lch_start +creates a new executing sandboxes, given the name of the sandbox binary via .Va sandbox , and command line arguments -.Va argv . -.Pp -.Fn lch_start_flags -accepts an optional flags field to fine-tune aspects of sandbox operation; -the only currently defined flag is +.Va argv , +and optional flags +.Va flags +to fine-tune aspects of sandbox operation; the only currently defined flag is .Dv LCH_PERMIT_STDERR , which allows the sandbox to write to the current process's .Dv stderr . By default, this is not permitted. .Pp -Two further variations to start sandboxes are also defined, .Fn lch_startfd -and -.Fn lch_startfd_flags , -which accept a file descriptor argument, +accept a file descriptor argument, .Va fd_sandbox , -rather than a path. +rather than a path, so is appropriate for use within a sandbox. .Pp Executing sandboxes may be stopped (and all state freed) using .Fn lch_stop . ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#18 (text+ko) ==== @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#17 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#18 $ */ #include <sys/param.h> @@ -223,7 +223,7 @@ } int -lch_startfd_flags(int fd_sandbox, const char *binname, char *const argv[], +lch_startfd(int fd_sandbox, const char *binname, char *const argv[], u_int flags, struct lc_sandbox **lcspp) { struct lc_sandbox *lcsp; @@ -338,17 +338,9 @@ } int -lch_startfd(int fd_sandbox, const char *binname, char *const argv[], +lch_start(const char *sandbox, char *const argv[], u_int flags, struct lc_sandbox **lcspp) { - - return (lch_startfd_flags(fd_sandbox, binname, argv, 0, lcspp)); -} - -int -lch_start_flags(const char *sandbox, char *const argv[], u_int flags, - struct lc_sandbox **lcspp) -{ char binname[MAXPATHLEN]; int error, fd_sandbox, ret; @@ -359,20 +351,13 @@ if (fd_sandbox < 0) return (-1); - ret = lch_startfd_flags(fd_sandbox, binname, argv, flags, lcspp); + ret = lch_startfd(fd_sandbox, binname, argv, flags, lcspp); error = errno; close(fd_sandbox); errno = error; return (ret); } -int -lch_start(const char *sandbox, char *const argv[], struct lc_sandbox **lcspp) -{ - - return (lch_start_flags(sandbox, argv, 0, lcspp)); -} - void lch_stop(struct lc_sandbox *lcsp) { ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/fdrpc/fdrpc.c#4 (text+ko) ==== @@ -65,8 +65,8 @@ if (argc != 1) errx(-1, "usage: fdrpc_host"); - if (lch_start_flags(FDRPC_SANDBOX, fdrpc_argv, LCH_PERMIT_STDERR, - &lcsp) < 0) + if (lch_start(FDRPC_SANDBOX, fdrpc_argv, LCH_PERMIT_STDERR, &lcsp) + < 0) err(-1, "lch_start %s", FDRPC_SANDBOX); ch = 'X'; /* RPC data. */ ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/fdsendrecv/fdsendrecv.c#3 (text+ko) ==== @@ -59,8 +59,8 @@ if (argc != 1) errx(-1, "usage: fdsendrecv_host"); - if (lch_start_flags(FDSENDRECV_SANDBOX, fdsendrecv_argv, - LCH_PERMIT_STDERR, &lcsp) < 0) + if (lch_start(FDSENDRECV_SANDBOX, fdsendrecv_argv, LCH_PERMIT_STDERR, + &lcsp) < 0) err(-1, "lch_start %s", FDSENDRECV_SANDBOX); /* ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_echo/sandbox_echo.c#8 (text+ko) ==== @@ -60,8 +60,7 @@ if (argc != 1) errx(-1, "usage: sandbox_echo"); - if (lch_start_flags(MYNAME, sandbox_argv, LCH_PERMIT_STDERR, &lcsp) - < 0) + if (lch_start(MYNAME, sandbox_argv, LCH_PERMIT_STDERR, &lcsp) < 0) err(-1, "lch_start %s", argv[1]); for (i = 0; i < 10; i++) { @@ -103,13 +102,12 @@ * requests to it. Otherwise, service the requests in this sandbox. */ if (argc > 1 && strcmp(argv[1], "nested") == 0) { - if (ld_caplibindex_lookup(MYNAME, &fd) < 0) err(-10, "ld_caplibindex_lookup(%s)", MYNAME); - if (lch_startfd_flags(fd, MYNAME, sandbox_argv, - LCH_PERMIT_STDERR, &lcsp) < 0) - err(-1, "lch_start %s", argv[1]); + if (lch_startfd(fd, MYNAME, sandbox_argv, LCH_PERMIT_STDERR, + &lcsp) < 0) + err(-1, "lch_startfd %s", argv[1]); while (1) { if (lcs_recvrpc(lchp, &opno, &seqno, &buffer, &len) < 0) { ==== //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzsandbox.c#4 (text+ko) ==== @@ -89,7 +89,7 @@ size_t len; if (lcsp == NULL) { - if (lch_start_flags(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv, + if (lch_start(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv, LCH_PERMIT_STDERR, &lcsp) < 0) err(-1, "lch_start %s", LC_USR_BIN_GZIP_SANDBOX); } @@ -175,7 +175,7 @@ size_t len; if (lcsp == NULL) { - if (lch_start_flags(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv, + if (lch_start(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv, LCH_PERMIT_STDERR, &lcsp) < 0) err(-1, "lch_start %s", LC_USR_BIN_GZIP_SANDBOX); } @@ -264,7 +264,7 @@ size_t len; if (lcsp == NULL) { - if (lch_start_flags(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv, + if (lch_start(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv, LCH_PERMIT_STDERR, &lcsp) < 0) err(-1, "lch_start %s", LC_USR_BIN_GZIP_SANDBOX); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906181124.n5IBOm21001925>