From nobody Tue Jan 9 03:08:27 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4T8G8r0l6zz55qSq; Tue, 9 Jan 2024 03:08:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4T8G8r0FyLz4bxC; Tue, 9 Jan 2024 03:08:28 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1704769708; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=zJmk4fP67Kl7W1PRY66o4zY+I/yiyN9Qpo19KL+M5AY=; b=ah6fEKetGwQD+4RwThlCrpcsY8BZ1ea7NgeAtkHpRzLuSaiymgx6Vgbzk5IKngE2j/1utf Rq+M0UyRtgwa9xCg7lEIkQCIJitznlcVMW4rCJgnM7QZId3pgvX6R4jsQZXnGx26884FPl LVQJh0jf6zP/lwcecxap6m07g305GMX9Ph98DaCF3M/768eI1VUp3Ko2ZpkcS78qPos75+ kk+XzJpAcWskDeYWy7pTMc/UAkYib3W5Xw8Yh7WlUVA+aAYmu6cDHnKnQKC3GOOtkCUQiX 0gFk+BL5OtdeiT16Tsz2OpK3pyGBuNCeM2pB2yh/QoCQCXpUsHsIiP8A2paCTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1704769708; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=zJmk4fP67Kl7W1PRY66o4zY+I/yiyN9Qpo19KL+M5AY=; b=gtDWnKnUV1I1XBQjVxV3iqoqLHBF7jZ7l9S5bEbI9jA2JRg6IueGo+edk3fK9bgulIirsp 1EZ62YKTHMQC2B1zo+qaO1iVVrzVxuWOjEO0OMxzYO0VYMzzJ3/z1SOB2lxT/Wc9A7858X 9hBCgq4jn9XmntX+is1Klpyuk632squ03G9BYvYoRsokxDGQ96ZBUSu9CEYLIm+xuAM+KX sq4ZfrMqkvFuv+pcp1GLmM/IsTPtip/1uDTvwKz6cMicFzTenAZgXFfDDRRAuD0m08kHa/ F++9Rkoo1WfaBx5f6lIjFIGhK478nIPMWIGNIZXVhAyAfihN6vUiz0K/vLbUoA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1704769708; a=rsa-sha256; cv=none; b=hYosPjisklVg7UGTdUu2HQfkPcqTru8uzKKyygRwzHK+25kx3kXms7ajD1kJRxHOW2OQNp fuvjS7JshsRfL2JhcMAec/hnxS4vQ05MZ2N/51aT2X4TQqFwwFIct7ZfD954BMm5jS3PBm eg6fcXfjV8gNO4k3O0KLizi6syEKx8057+jYXMysgSACbCeJGqGz0kjF5XbOS5a3SB/XdQ WFUwntLQ3WzZG3HLcsZGh3ivT71anjPoD0PmUSgOuQeVareJZh4++aZPXyozIQgt8Lh/kz R97ZSnuewls9ZhpCdQrjcbo9NUt1iotxeWEtjhlnYzKPGR/ap1l1lPgbs7rDCA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4T8G8q6QWZzZNW; Tue, 9 Jan 2024 03:08:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 40938RK9082383; Tue, 9 Jan 2024 03:08:27 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 40938Rm4082380; Tue, 9 Jan 2024 03:08:27 GMT (envelope-from git) Date: Tue, 9 Jan 2024 03:08:27 GMT Message-Id: <202401090308.40938Rm4082380@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kyle Evans Subject: git: cef5e56f3fea - main - bhyveload: add CAP_SEEK to our dirfd rights List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: cef5e56f3fea33d6c421276af49f2967453ad4ff Auto-Submitted: auto-generated The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=cef5e56f3fea33d6c421276af49f2967453ad4ff commit cef5e56f3fea33d6c421276af49f2967453ad4ff Author: Kyle Evans AuthorDate: 2024-01-09 03:08:16 +0000 Commit: Kyle Evans CommitDate: 2024-01-09 03:08:16 +0000 bhyveload: add CAP_SEEK to our dirfd rights In the case of hostbase_fd, this is infact a bug fix; we have a seek callback that the host: filesystem may use in loader, and we really don't have a good excuse to break it. bootfd-derived fds will only be used with fdlopen(3) and rtld doesn't seem to need pread / lseek at all for it today, but there's no reason to break if it finds a good reason to later. Suggested by: markj --- usr.sbin/bhyveload/bhyveload.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr.sbin/bhyveload/bhyveload.c b/usr.sbin/bhyveload/bhyveload.c index 4d89393424f4..5250e2120938 100644 --- a/usr.sbin/bhyveload/bhyveload.c +++ b/usr.sbin/bhyveload/bhyveload.c @@ -755,7 +755,7 @@ hostbase_open(const char *base) err(EX_OSERR, "open"); if (caph_rights_limit(hostbase_fd, cap_rights_init(&rights, CAP_FSTATAT, - CAP_LOOKUP, CAP_READ)) < 0) + CAP_LOOKUP, CAP_PREAD)) < 0) err(EX_OSERR, "caph_rights_limit"); } @@ -887,7 +887,7 @@ main(int argc, char** argv) * to the more usual lookup rights. */ if (caph_rights_limit(bootfd, cap_rights_init(&rights, - CAP_FSTATAT, CAP_LOOKUP, CAP_MMAP_RX, CAP_READ)) < 0) + CAP_FSTATAT, CAP_LOOKUP, CAP_MMAP_RX, CAP_PREAD)) < 0) err(1, "caph_rights_limit"); }