From owner-p4-projects@FreeBSD.ORG  Tue Feb  2 17:34:40 2010
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 3BBC11065692; Tue,  2 Feb 2010 17:34:40 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DC180106568D
	for <perforce@freebsd.org>; Tue,  2 Feb 2010 17:34:39 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id C9BBD8FC0A
	for <perforce@freebsd.org>; Tue,  2 Feb 2010 17:34:39 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id o12HYdEE093232
	for <perforce@freebsd.org>; Tue, 2 Feb 2010 17:34:39 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id o12HYdY9093230
	for perforce@freebsd.org; Tue, 2 Feb 2010 17:34:39 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Tue, 2 Feb 2010 17:34:39 GMT
Message-Id: <201002021734.o12HYdY9093230@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Precedence: bulk
Cc: 
Subject: PERFORCE change 174163 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2010 17:34:40 -0000

http://p4web.freebsd.org/chv.cgi?CH=174163

Change 174163 by rwatson@rwatson_vimage_client on 2010/02/02 17:33:46

	No longer need special handling of /dev/null during sandbox
	creation, we simply now pass in the original stdin/stdout/stderr,
	but without any capability rights.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#14 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#14 (text+ko) ====

@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#13 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#14 $
  */
 
 #include <sys/param.h>
@@ -55,7 +55,6 @@
 #include "libcapsicum_internal.h"
 #include "libcapsicum_sandbox_api.h"
 
-#define	LIBCAPSICUM_CAPMASK_DEVNULL	(CAP_EVENT | CAP_READ | CAP_WRITE)
 #define	LIBCAPSICUM_CAPMASK_SOCK	(CAP_EVENT | CAP_READ | CAP_WRITE)
 #define	LIBCAPSICUM_CAPMASK_BIN	(CAP_READ | CAP_EVENT | CAP_FSTAT | \
 					    CAP_FSTATFS | \
@@ -89,9 +88,8 @@
  * especially calls to err().
  */
 static void
-lch_sandbox(int fd_sock, int fd_binary, int fd_rtld, int fd_devnull,
-    u_int flags, const char *binname, char *const argv[],
-    struct lc_fdlist *userfds)
+lch_sandbox(int fd_sock, int fd_binary, int fd_rtld, u_int flags,
+    const char *binname, char *const argv[], struct lc_fdlist *userfds)
 {
 	struct sbuf *sbufp;
 	int shmfd = -1;
@@ -137,10 +135,6 @@
 	                     fd_sock, LIBCAPSICUM_CAPMASK_SOCK) < 0)
 		err(-1, "Error in lc_fdlist_addcap(fd_sock)");
 
-	if (lc_fdlist_addcap(fds, LIBCAPSICUM_FQNAME, "/dev/null", "",
-	                     fd_devnull, LIBCAPSICUM_CAPMASK_DEVNULL) < 0)
-		err(-1, "Error in lc_fdlist_addcap(fd_devnull)");
-
 	if (lc_fdlist_addcap(fds, LIBCAPSICUM_FQNAME, "fdlist", "",
 	                     shmfd, LIBCAPSICUM_CAPMASK_FDLIST) < 0)
 		err(-1, "Error in lc_fdlist_addcap(shmfd)");
@@ -269,13 +263,12 @@
     u_int flags, struct lc_fdlist *fds, struct lc_sandbox **lcspp)
 {
 	struct lc_sandbox *lcsp;
-	int fd_devnull, fd_rtld;
+	int fd_rtld;
 	int fd_procdesc, fd_sockpair[2];
 	int error, val;
 	pid_t pid;
 
-	fd_devnull = fd_rtld = fd_procdesc = fd_sockpair[0] =
-	    fd_sockpair[1] = -1;
+	fd_rtld = fd_procdesc = fd_sockpair[0] = fd_sockpair[1] = -1;
 
 	lcsp = malloc(sizeof(*lcsp));
 	if (lcsp == NULL)
@@ -285,16 +278,11 @@
 	if (ld_insandbox()) {
 		if (ld_libcache_lookup(LD_ELF_CAP_SO, &fd_rtld) < 0)
 			goto out_error;
-		if (ld_libcache_lookup(_PATH_DEVNULL, &fd_devnull) < 0)
-			goto out_error;
 	} else {
 		fd_rtld = open(PATH_LD_ELF_CAP_SO "/" LD_ELF_CAP_SO,
 		    O_RDONLY);
 		if (fd_rtld < 0)
 			goto out_error;
-		fd_devnull = open(_PATH_DEVNULL, O_RDWR);
-		if (fd_devnull < 0)
-			goto out_error;
 	}
 
 	if (socketpair(PF_LOCAL, SOCK_STREAM, 0, fd_sockpair) < 0)
@@ -313,12 +301,11 @@
 		goto out_error;
 	}
 	if (pid == 0) {
-		lch_sandbox(fd_sockpair[1], fd_binary, fd_rtld, fd_devnull,
-		    flags, binname, argv, fds);
+		lch_sandbox(fd_sockpair[1], fd_binary, fd_rtld, flags,
+		    binname, argv, fds);
 		exit(-1);
 	}
 #ifndef IN_CAP_MODE
-	close(fd_devnull);
 	close(fd_rtld);
 #endif
 	close(fd_sockpair[1]);
@@ -337,8 +324,6 @@
 	if (fd_sockpair[1] != -1)
 		close(fd_sockpair[1]);
 #ifndef IN_CAP_MODE
-	if (fd_devnull != -1)
-		close(fd_devnull);
 	if (fd_rtld != -1)
 		close(fd_rtld);
 #endif