From owner-svn-src-stable-12@freebsd.org Sat Jul 13 00:23:24 2019 Return-Path: Delivered-To: svn-src-stable-12@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 235B915DB002; Sat, 13 Jul 2019 00:23:24 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C28AE934F5; Sat, 13 Jul 2019 00:23:23 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9D8471E3FE; Sat, 13 Jul 2019 00:23:23 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x6D0NNBo020882; Sat, 13 Jul 2019 00:23:23 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x6D0NLem020869; Sat, 13 Jul 2019 00:23:21 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <201907130023.x6D0NLem020869@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Sat, 13 Jul 2019 00:23:21 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r349961 - stable/12/usr.sbin/bhyve X-SVN-Group: stable-12 X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: stable/12/usr.sbin/bhyve X-SVN-Commit-Revision: 349961 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: C28AE934F5 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.97 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.97)[-0.968,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-src-stable-12@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 12-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jul 2019 00:23:24 -0000 Author: jhb Date: Sat Jul 13 00:23:20 2019 New Revision: 349961 URL: https://svnweb.freebsd.org/changeset/base/349961 Log: MFC 343068: Use capsicum_helpers(3) that allow us to simplify the code and its functions will return success when the kernel is built without support of the capability mode. It is important to note, that I'm taking a more conservative approach with these changes and it will be done in small steps. Modified: stable/12/usr.sbin/bhyve/bhyverun.c stable/12/usr.sbin/bhyve/block_if.c stable/12/usr.sbin/bhyve/consport.c stable/12/usr.sbin/bhyve/dbgport.c stable/12/usr.sbin/bhyve/gdb.c stable/12/usr.sbin/bhyve/mevent.c stable/12/usr.sbin/bhyve/pci_e82545.c stable/12/usr.sbin/bhyve/pci_passthru.c stable/12/usr.sbin/bhyve/pci_virtio_console.c stable/12/usr.sbin/bhyve/pci_virtio_net.c stable/12/usr.sbin/bhyve/pci_virtio_rnd.c stable/12/usr.sbin/bhyve/rfb.c stable/12/usr.sbin/bhyve/uart_emul.c Directory Properties: stable/12/ (props changed) Modified: stable/12/usr.sbin/bhyve/bhyverun.c ============================================================================== --- stable/12/usr.sbin/bhyve/bhyverun.c Sat Jul 13 00:19:57 2019 (r349960) +++ stable/12/usr.sbin/bhyve/bhyverun.c Sat Jul 13 00:23:20 2019 (r349961) @@ -54,7 +54,6 @@ __FBSDID("$FreeBSD$"); #include #include #include -#include #include #include #include @@ -949,15 +948,13 @@ do_open(const char *vmname) #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_IOCTL, CAP_MMAP_RW); - if (cap_rights_limit(vm_get_device_fd(ctx), &rights) == -1 && - errno != ENOSYS) + if (caph_rights_limit(vm_get_device_fd(ctx), &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); vm_get_ioctls(&ncmds); cmds = vm_get_ioctls(NULL); if (cmds == NULL) errx(EX_OSERR, "out of memory"); - if (cap_ioctls_limit(vm_get_device_fd(ctx), cmds, ncmds) == -1 && - errno != ENOSYS) + if (caph_ioctls_limit(vm_get_device_fd(ctx), cmds, ncmds) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); free((cap_ioctl_t *)cmds); #endif Modified: stable/12/usr.sbin/bhyve/block_if.c ============================================================================== --- stable/12/usr.sbin/bhyve/block_if.c Sat Jul 13 00:19:57 2019 (r349960) +++ stable/12/usr.sbin/bhyve/block_if.c Sat Jul 13 00:23:20 2019 (r349961) @@ -42,6 +42,9 @@ __FBSDID("$FreeBSD$"); #include #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -473,7 +476,7 @@ blockif_open(const char *optstr, const char *ident) if (ro) cap_rights_clear(&rights, CAP_FSYNC, CAP_WRITE); - if (cap_rights_limit(fd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(fd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif @@ -504,7 +507,7 @@ blockif_open(const char *optstr, const char *ident) psectsz = sbuf.st_blksize; #ifndef WITHOUT_CAPSICUM - if (cap_ioctls_limit(fd, cmds, nitems(cmds)) == -1 && errno != ENOSYS) + if (caph_ioctls_limit(fd, cmds, nitems(cmds)) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif Modified: stable/12/usr.sbin/bhyve/consport.c ============================================================================== --- stable/12/usr.sbin/bhyve/consport.c Sat Jul 13 00:19:57 2019 (r349960) +++ stable/12/usr.sbin/bhyve/consport.c Sat Jul 13 00:23:20 2019 (r349961) @@ -37,6 +37,9 @@ __FBSDID("$FreeBSD$"); #endif #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -138,11 +141,9 @@ console_handler(struct vmctx *ctx, int vcpu, int in, i #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_EVENT, CAP_IOCTL, CAP_READ, CAP_WRITE); - if (cap_rights_limit(STDIN_FILENO, &rights) == -1 && - errno != ENOSYS) + if (caph_rights_limit(STDIN_FILENO, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); - if (cap_ioctls_limit(STDIN_FILENO, cmds, nitems(cmds)) == -1 && - errno != ENOSYS) + if (caph_ioctls_limit(STDIN_FILENO, cmds, nitems(cmds)) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif ttyopen(); Modified: stable/12/usr.sbin/bhyve/dbgport.c ============================================================================== --- stable/12/usr.sbin/bhyve/dbgport.c Sat Jul 13 00:19:57 2019 (r349960) +++ stable/12/usr.sbin/bhyve/dbgport.c Sat Jul 13 00:23:20 2019 (r349961) @@ -40,6 +40,9 @@ __FBSDID("$FreeBSD$"); #include #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -167,7 +170,7 @@ init_dbgport(int sport) #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_ACCEPT, CAP_READ, CAP_WRITE); - if (cap_rights_limit(listen_fd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(listen_fd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif Modified: stable/12/usr.sbin/bhyve/gdb.c ============================================================================== --- stable/12/usr.sbin/bhyve/gdb.c Sat Jul 13 00:19:57 2019 (r349960) +++ stable/12/usr.sbin/bhyve/gdb.c Sat Jul 13 00:23:20 2019 (r349961) @@ -1252,9 +1252,9 @@ limit_gdb_socket(int s) cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE, CAP_SETSOCKOPT, CAP_IOCTL); - if (cap_rights_limit(s, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(s, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); - if (cap_ioctls_limit(s, ioctls, nitems(ioctls)) == -1 && errno != ENOSYS) + if (caph_ioctls_limit(s, ioctls, nitems(ioctls)) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); } #endif Modified: stable/12/usr.sbin/bhyve/mevent.c ============================================================================== --- stable/12/usr.sbin/bhyve/mevent.c Sat Jul 13 00:19:57 2019 (r349960) +++ stable/12/usr.sbin/bhyve/mevent.c Sat Jul 13 00:23:20 2019 (r349961) @@ -37,6 +37,9 @@ __FBSDID("$FreeBSD$"); #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -420,7 +423,7 @@ mevent_dispatch(void) #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_KQUEUE); - if (cap_rights_limit(mfd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(mfd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif @@ -437,9 +440,9 @@ mevent_dispatch(void) #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_WRITE); - if (cap_rights_limit(mevent_pipefd[0], &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(mevent_pipefd[0], &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); - if (cap_rights_limit(mevent_pipefd[1], &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(mevent_pipefd[1], &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif Modified: stable/12/usr.sbin/bhyve/pci_e82545.c ============================================================================== --- stable/12/usr.sbin/bhyve/pci_e82545.c Sat Jul 13 00:19:57 2019 (r349960) +++ stable/12/usr.sbin/bhyve/pci_e82545.c Sat Jul 13 00:23:20 2019 (r349961) @@ -43,6 +43,9 @@ __FBSDID("$FreeBSD$"); #include #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -2241,7 +2244,7 @@ e82545_open_tap(struct e82545_softc *sc, char *opts) #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_WRITE); - if (cap_rights_limit(sc->esc_tapfd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(sc->esc_tapfd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif Modified: stable/12/usr.sbin/bhyve/pci_passthru.c ============================================================================== --- stable/12/usr.sbin/bhyve/pci_passthru.c Sat Jul 13 00:19:57 2019 (r349960) +++ stable/12/usr.sbin/bhyve/pci_passthru.c Sat Jul 13 00:23:20 2019 (r349961) @@ -45,6 +45,9 @@ __FBSDID("$FreeBSD$"); #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -674,9 +677,9 @@ passthru_init(struct vmctx *ctx, struct pci_devinst *p } #ifndef WITHOUT_CAPSICUM - if (cap_rights_limit(pcifd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(pcifd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); - if (cap_ioctls_limit(pcifd, pci_ioctls, nitems(pci_ioctls)) == -1 && errno != ENOSYS) + if (caph_ioctls_limit(pcifd, pci_ioctls, nitems(pci_ioctls)) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif @@ -689,9 +692,9 @@ passthru_init(struct vmctx *ctx, struct pci_devinst *p } #ifndef WITHOUT_CAPSICUM - if (cap_rights_limit(iofd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(iofd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); - if (cap_ioctls_limit(iofd, io_ioctls, nitems(io_ioctls)) == -1 && errno != ENOSYS) + if (caph_ioctls_limit(iofd, io_ioctls, nitems(io_ioctls)) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif @@ -706,7 +709,7 @@ passthru_init(struct vmctx *ctx, struct pci_devinst *p #ifndef WITHOUT_CAPSICUM cap_rights_clear(&rights, CAP_IOCTL); cap_rights_set(&rights, CAP_MMAP_RW); - if (cap_rights_limit(memfd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(memfd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif Modified: stable/12/usr.sbin/bhyve/pci_virtio_console.c ============================================================================== --- stable/12/usr.sbin/bhyve/pci_virtio_console.c Sat Jul 13 00:19:57 2019 (r349960) +++ stable/12/usr.sbin/bhyve/pci_virtio_console.c Sat Jul 13 00:23:20 2019 (r349961) @@ -43,6 +43,9 @@ __FBSDID("$FreeBSD$"); #include #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -328,7 +331,7 @@ pci_vtcon_sock_add(struct pci_vtcon_softc *sc, const c #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE); - if (cap_rights_limit(s, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(s, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif Modified: stable/12/usr.sbin/bhyve/pci_virtio_net.c ============================================================================== --- stable/12/usr.sbin/bhyve/pci_virtio_net.c Sat Jul 13 00:19:57 2019 (r349960) +++ stable/12/usr.sbin/bhyve/pci_virtio_net.c Sat Jul 13 00:23:20 2019 (r349961) @@ -45,6 +45,9 @@ __FBSDID("$FreeBSD$"); #endif #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -731,7 +734,7 @@ pci_vtnet_tap_setup(struct pci_vtnet_softc *sc, char * #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_WRITE); - if (cap_rights_limit(sc->vsc_tapfd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(sc->vsc_tapfd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif Modified: stable/12/usr.sbin/bhyve/pci_virtio_rnd.c ============================================================================== --- stable/12/usr.sbin/bhyve/pci_virtio_rnd.c Sat Jul 13 00:19:57 2019 (r349960) +++ stable/12/usr.sbin/bhyve/pci_virtio_rnd.c Sat Jul 13 00:23:20 2019 (r349961) @@ -43,6 +43,9 @@ __FBSDID("$FreeBSD$"); #include #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -158,7 +161,7 @@ pci_vtrnd_init(struct vmctx *ctx, struct pci_devinst * #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_READ); - if (cap_rights_limit(fd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(fd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif Modified: stable/12/usr.sbin/bhyve/rfb.c ============================================================================== --- stable/12/usr.sbin/bhyve/rfb.c Sat Jul 13 00:19:57 2019 (r349960) +++ stable/12/usr.sbin/bhyve/rfb.c Sat Jul 13 00:23:20 2019 (r349961) @@ -45,6 +45,9 @@ __FBSDID("$FreeBSD$"); #include #include +#ifndef WITHOUT_CAPSICUM +#include +#endif #include #include #include @@ -1026,7 +1029,7 @@ rfb_init(char *hostname, int port, int wait, char *pas #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE); - if (cap_rights_limit(rc->sfd, &rights) == -1 && errno != ENOSYS) + if (caph_rights_limit(rc->sfd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); #endif Modified: stable/12/usr.sbin/bhyve/uart_emul.c ============================================================================== --- stable/12/usr.sbin/bhyve/uart_emul.c Sat Jul 13 00:19:57 2019 (r349960) +++ stable/12/usr.sbin/bhyve/uart_emul.c Sat Jul 13 00:23:20 2019 (r349961) @@ -684,14 +684,12 @@ uart_set_backend(struct uart_softc *sc, const char *op #ifndef WITHOUT_CAPSICUM cap_rights_init(&rights, CAP_EVENT, CAP_IOCTL, CAP_READ, CAP_WRITE); - if (cap_rights_limit(sc->tty.fd, &rights) == -1 && - errno != ENOSYS) + if (caph_rights_limit(sc->tty.fd, &rights) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); - if (cap_ioctls_limit(sc->tty.fd, cmds, nitems(cmds)) == -1 && - errno != ENOSYS) + if (caph_ioctls_limit(sc->tty.fd, cmds, nitems(cmds)) == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); if (!uart_stdio) { - if (caph_limit_stdin() == -1 && errno != ENOSYS) + if (caph_limit_stdin() == -1) errx(EX_OSERR, "Unable to apply rights for sandbox"); }