From owner-p4-projects@FreeBSD.ORG Sun Jun 7 19:51:20 2009 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id EF3901065675; Sun, 7 Jun 2009 19:51:19 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AAB70106566B for ; Sun, 7 Jun 2009 19:51:19 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 7C9868FC1B for ; Sun, 7 Jun 2009 19:51:19 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n57JpJaQ076695 for ; Sun, 7 Jun 2009 19:51:19 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n57JpJYS076693 for perforce@freebsd.org; Sun, 7 Jun 2009 19:51:19 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Sun, 7 Jun 2009 19:51:19 GMT Message-Id: <200906071951.n57JpJYS076693@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 163729 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jun 2009 19:51:21 -0000 http://perforce.freebsd.org/chv.cgi?CH=163729 Change 163729 by rwatson@rwatson_freebsd_capabilities on 2009/06/07 19:51:12 Define three new capability rights for file descriptors: CAP_TTYHOOK, CAP_FCHDIR, and CAP_FSCK. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_new.2#8 edit .. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#23 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_new.2#8 (text+ko) ==== @@ -32,7 +32,7 @@ .\" .\" $FreeBSD$ .\" -.Dd February 3, 2008 +.Dd June 7, 2009 .Dt CAP_NEW 2 .Os .Sh NAME @@ -157,6 +157,9 @@ .It Dv CAP_EXTATTR_SET Permit .Xr extattr_set_fd 2 . +.It Dv CAP_FCHDIR +Permit +.Xr fchdir 2 . .It Dv CAP_FCHFLAGS Permit .Xr fchflags 2 . @@ -178,6 +181,8 @@ .It Dv CAP_FPATHCONF Permit .Xr fpathconf 2 . +.It Dv CAP_FSCK +Permit UFS background-fsck operations on the descriptor. .It Dv CAP_FSTAT Permit .Xr fstat 2 . @@ -302,6 +307,10 @@ Permit explicit .Xr shutdown 2 ; closing the socket will also generally shut down any connections on it. +.It Dv CAP_TTYHOOK +Allow configuration of TTY hooks, such as +.Xr snp 4 , +on the file descriptor. .It Dv CAP_WRITE Allow .Xr aio_write 2 , @@ -443,7 +452,8 @@ .Xr sem_getvalue 3 , .Xr sem_post 3 , .Xr sem_trywait 3 , -.Xr sem_wait 3 +.Xr sem_wait 3 , +.Xr snp 4 .Sh HISTORY Support for capabilities and capabilities mode was developed as part of the .Tn TrustedBSD ==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#23 (text+ko) ==== @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#22 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#23 $ */ /* @@ -92,7 +92,10 @@ #define CAP_PDWAIT 0x0000200000000000ULL /* pdwait(2) */ #define CAP_PDKILL 0x0000400000000000ULL /* pdkill(2) */ #define CAP_MAPEXEC 0x0000800000000000ULL /* mmap(2) as exec */ -#define CAP_MASK_VALID 0x0000ffffffffffffULL +#define CAP_TTYHOOK 0x0001000000000000ULL /* register tty hook */ +#define CAP_FCHDIR 0x0002000000000000ULL /* fchdir(2) */ +#define CAP_FSCK 0x0004000000000000ULL /* sysctl_ffs_fsck */ +#define CAP_MASK_VALID 0x0001ffffffffffffULL /* * Notes: