Date: Sun, 7 Jun 2009 19:51:19 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 163729 for review Message-ID: <200906071951.n57JpJYS076693@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=163729 Change 163729 by rwatson@rwatson_freebsd_capabilities on 2009/06/07 19:51:12 Define three new capability rights for file descriptors: CAP_TTYHOOK, CAP_FCHDIR, and CAP_FSCK. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_new.2#8 edit .. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#23 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_new.2#8 (text+ko) ==== @@ -32,7 +32,7 @@ .\" .\" $FreeBSD$ .\" -.Dd February 3, 2008 +.Dd June 7, 2009 .Dt CAP_NEW 2 .Os .Sh NAME @@ -157,6 +157,9 @@ .It Dv CAP_EXTATTR_SET Permit .Xr extattr_set_fd 2 . +.It Dv CAP_FCHDIR +Permit +.Xr fchdir 2 . .It Dv CAP_FCHFLAGS Permit .Xr fchflags 2 . @@ -178,6 +181,8 @@ .It Dv CAP_FPATHCONF Permit .Xr fpathconf 2 . +.It Dv CAP_FSCK +Permit UFS background-fsck operations on the descriptor. .It Dv CAP_FSTAT Permit .Xr fstat 2 . @@ -302,6 +307,10 @@ Permit explicit .Xr shutdown 2 ; closing the socket will also generally shut down any connections on it. +.It Dv CAP_TTYHOOK +Allow configuration of TTY hooks, such as +.Xr snp 4 , +on the file descriptor. .It Dv CAP_WRITE Allow .Xr aio_write 2 , @@ -443,7 +452,8 @@ .Xr sem_getvalue 3 , .Xr sem_post 3 , .Xr sem_trywait 3 , -.Xr sem_wait 3 +.Xr sem_wait 3 , +.Xr snp 4 .Sh HISTORY Support for capabilities and capabilities mode was developed as part of the .Tn TrustedBSD ==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#23 (text+ko) ==== @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#22 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#23 $ */ /* @@ -92,7 +92,10 @@ #define CAP_PDWAIT 0x0000200000000000ULL /* pdwait(2) */ #define CAP_PDKILL 0x0000400000000000ULL /* pdkill(2) */ #define CAP_MAPEXEC 0x0000800000000000ULL /* mmap(2) as exec */ -#define CAP_MASK_VALID 0x0000ffffffffffffULL +#define CAP_TTYHOOK 0x0001000000000000ULL /* register tty hook */ +#define CAP_FCHDIR 0x0002000000000000ULL /* fchdir(2) */ +#define CAP_FSCK 0x0004000000000000ULL /* sysctl_ffs_fsck */ +#define CAP_MASK_VALID 0x0001ffffffffffffULL /* * Notes:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906071951.n57JpJYS076693>