From owner-p4-projects@FreeBSD.ORG Mon Jun 8 09:18:14 2009 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 8CC121065673; Mon, 8 Jun 2009 09:18:14 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4CB22106566B for ; Mon, 8 Jun 2009 09:18:14 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 1F64D8FC0A for ; Mon, 8 Jun 2009 09:18:14 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n589IEiC004955 for ; Mon, 8 Jun 2009 09:18:14 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n589IDSn004953 for perforce@freebsd.org; Mon, 8 Jun 2009 09:18:13 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Mon, 8 Jun 2009 09:18:13 GMT Message-Id: <200906080918.n589IDSn004953@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 163770 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2009 09:18:15 -0000 http://perforce.freebsd.org/chv.cgi?CH=163770 Change 163770 by rwatson@rwatson_freebsd_capabilities on 2009/06/08 09:17:47 Add a few more utility libraries necessary to run common binaries for experimentation purposes. Finish expunging LDSO_MODE, we always use rtld-elf-cap.so now. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/Makefile#2 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/cap_exec.c#6 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/Makefile#2 (text+ko) ==== @@ -1,5 +1,5 @@ PROG=cap_exec NO_MAN= -CFLAGS=-Wall -g -DLDSO_MODE +CFLAGS=-Wall -g .include ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/cap_exec.c#6 (text+ko) ==== @@ -47,7 +47,6 @@ extern char **environ; -#ifdef LDSO_MODE #define LD_ELF_CAP_SO "/libexec/ld-elf-cap.so.1" char *ldso_argv[] = { LD_ELF_CAP_SO, @@ -55,8 +54,11 @@ }; #define LIBC_SO "libc.so.7" +#define LIBEDIT_SO "libedit.so.6" +#define LIBNCURSES_SO "libncurses.so.7" +#define LIBCRYPT_SO "libcrypt.so.4" + #define LIBPATH "/lib/" -#endif #define BASE_CAPS (CAP_IOCTL | CAP_EVENT | CAP_SEEK | CAP_FSTAT) #define STDIN_CAPS (BASE_CAPS | CAP_READ) @@ -95,7 +97,8 @@ int main(int argc, char *argv[]) { - int fd_exec, fd_ldso, fd_libc, fd_procdesc; + int fd_exec, fd_ldso, fd_procdesc; + int fd_libc, fd_libcrypt, fd_libedit, fd_libncurses; char *env_caplibindex; struct pollfd pollfd; pid_t pid; @@ -128,8 +131,19 @@ if (fcntl(fd_ldso, F_SETFD, FD_CLOEXEC) < 0) err(-1, "fcntl FD_CLOEXEC"); fd_libc = cap_open_limit(LIBPATH LIBC_SO, O_RDONLY, BIN_CAPS); - if (asprintf(&env_caplibindex, "%d:%s", fd_libc, LIBC_SO) == - -1) + fd_libcrypt = cap_open_limit(LIBPATH LIBCRYPT_SO, + O_RDONLY, BIN_CAPS); + fd_libedit = cap_open_limit(LIBPATH LIBEDIT_SO, O_RDONLY, + BIN_CAPS); + fd_libncurses = cap_open_limit(LIBPATH LIBNCURSES_SO, + O_RDONLY, BIN_CAPS); + + if (asprintf(&env_caplibindex, "%d:%s,%d:%s,%d:%s,%d:%s", + fd_libc, LIBC_SO, + fd_libcrypt, LIBCRYPT_SO, + fd_libedit, LIBEDIT_SO, + fd_libncurses, LIBNCURSES_SO + ) == -1) err(-1, "asprintf"); setenv("LD_CAPLIBINDEX", env_caplibindex, 1);