Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 Jan 2024 17:30:05 GMT
From:      Kyle Evans <kevans@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: a95fbd3da860 - stable/14 - bhyveload: add CAP_SEEK to our dirfd rights
Message-ID:  <202401221730.40MHU5fv009318@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/14 has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=a95fbd3da860dc9db776c5cb0acd064aff5c1610

commit a95fbd3da860dc9db776c5cb0acd064aff5c1610
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2024-01-09 03:08:16 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2024-01-22 17:19:14 +0000

    bhyveload: add CAP_SEEK to our dirfd rights
    
    In the case of hostbase_fd, this is infact a bug fix; we have a seek
    callback that the host: filesystem may use in loader, and we really
    don't have a good excuse to break it.
    
    bootfd-derived fds will only be used with fdlopen(3) and rtld doesn't
    seem to need pread / lseek at all for it today, but there's no reason to
    break if it finds a good reason to later.
    
    Suggested by:   markj
    
    (cherry picked from commit cef5e56f3fea33d6c421276af49f2967453ad4ff)
---
 usr.sbin/bhyveload/bhyveload.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/usr.sbin/bhyveload/bhyveload.c b/usr.sbin/bhyveload/bhyveload.c
index 4d89393424f4..5250e2120938 100644
--- a/usr.sbin/bhyveload/bhyveload.c
+++ b/usr.sbin/bhyveload/bhyveload.c
@@ -755,7 +755,7 @@ hostbase_open(const char *base)
 		err(EX_OSERR, "open");
 
 	if (caph_rights_limit(hostbase_fd, cap_rights_init(&rights, CAP_FSTATAT,
-	    CAP_LOOKUP, CAP_READ)) < 0)
+	    CAP_LOOKUP, CAP_PREAD)) < 0)
 		err(EX_OSERR, "caph_rights_limit");
 }
 
@@ -887,7 +887,7 @@ main(int argc, char** argv)
 		 * to the more usual lookup rights.
 		 */
 		if (caph_rights_limit(bootfd, cap_rights_init(&rights,
-		    CAP_FSTATAT, CAP_LOOKUP, CAP_MMAP_RX, CAP_READ)) < 0)
+		    CAP_FSTATAT, CAP_LOOKUP, CAP_MMAP_RX, CAP_PREAD)) < 0)
 			err(1, "caph_rights_limit");
 	}

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202401221730.40MHU5fv009318>