Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 14 Feb 2013 19:55:49 +0100
From:      Jilles Tjoelker <jilles@stack.nl>
To:        Pawel Jakub Dawidek <pjd@FreeBSD.org>
Cc:        Konstantin Belousov <kostikbel@gmail.com>, freebsd-arch@FreeBSD.org
Subject:   Re: bindat(2) and connectat(2) syscalls for review.
Message-ID:  <20130214185549.GA36288@stack.nl>
In-Reply-To: <20130213234030.GD1375@garage.freebsd.pl>
References:  <20130213230354.GC1375@garage.freebsd.pl> <20130213232004.GA2522@kib.kiev.ua> <20130213234030.GD1375@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Feb 14, 2013 at 12:40:31AM +0100, Pawel Jakub Dawidek wrote:
> On Thu, Feb 14, 2013 at 01:20:04AM +0200, Konstantin Belousov wrote:
> > On Thu, Feb 14, 2013 at 12:03:54AM +0100, Pawel Jakub Dawidek wrote:

> > > 	http://people.freebsd.org/~pjd/patches/bindconnectat.patch

> > > It implements bindat(2) and connectat(2) syscalls that will allow to
> > > manage UNIX domain sockets from within capability mode sandbox.

> > > They work just like any other *at(2) syscall and their prototypes look
> > > like this:

> > > 	int bindat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen);
> > > 	int connectat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen);

> > > Where 'fd' is directory descriptor. The only supported socket domain is
> > > PF_LOCAL.

> > > The audit subsystem was updated to audit the new syscalls properly.

> > > Comments and reviews are welcome.

> > Looking only at prototypes, I think it is useful to add at last the flags
> > argument.  The first application of it is for O_CLOEXEC-like flag.

> And this flag should be applied to?

> Note that those syscalls don't create new descriptors, they operate on
> existing descriptors (directory descriptor and socket descriptor) that
> should eventually have close-on-exec flag set if required.

A flag parameter is a good thing; you may not know yet what you will
need it for.

Looking through some of the other *at calls, AT_SYMLINK_NOFOLLOW might
be interesting.

-- 
Jilles Tjoelker

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130214185549.GA36288>