From owner-svn-src-all@FreeBSD.ORG Tue Mar 1 13:14:28 2011
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id DF9941065674;
Tue, 1 Mar 2011 13:14:28 +0000 (UTC)
(envelope-from rwatson@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
by mx1.freebsd.org (Postfix) with ESMTP id B4ACE8FC16;
Tue, 1 Mar 2011 13:14:28 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id p21DESQZ027265;
Tue, 1 Mar 2011 13:14:28 GMT (envelope-from rwatson@svn.freebsd.org)
Received: (from rwatson@localhost)
by svn.freebsd.org (8.14.3/8.14.3/Submit) id p21DESH9027261;
Tue, 1 Mar 2011 13:14:28 GMT (envelope-from rwatson@svn.freebsd.org)
Message-Id: <201103011314.p21DESH9027261@svn.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Tue, 1 Mar 2011 13:14:28 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc:
Subject: svn commit: r219128 - in head/sys: bsm security/audit sys
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for "
user" and " projects" \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Mar 2011 13:14:29 -0000
Author: rwatson
Date: Tue Mar 1 13:14:28 2011
New Revision: 219128
URL: http://svn.freebsd.org/changeset/base/219128
Log:
Add ECAPMODE, "Not permitted in capability mode", a new kernel errno
constant to indicate that a system call (or perhaps an operation requested
via a system call) is not permitted for a capability mode process.
Submitted by: anderson
Sponsored by: Google, Inc.
Obtained from: Capsicum Project
MFC after: 1 week
Modified:
head/sys/bsm/audit_errno.h
head/sys/security/audit/audit_bsm_errno.c
head/sys/sys/errno.h
Modified: head/sys/bsm/audit_errno.h
==============================================================================
--- head/sys/bsm/audit_errno.h Tue Mar 1 13:10:56 2011 (r219127)
+++ head/sys/bsm/audit_errno.h Tue Mar 1 13:14:28 2011 (r219128)
@@ -205,6 +205,8 @@
#define BSM_ERRNO_EKEYEXPIRED 220 /* Linux-specific. */
#define BSM_ERRNO_EKEYREVOKED 221 /* Linux-specific. */
#define BSM_ERRNO_EKEYREJECTED 222 /* Linux-specific. */
+#define BSM_ERRNO_ENOTCAPABLE 223 /* FreeBSD-specific. */
+#define BSM_ERRNO_ECAPMODE 224 /* FreeBSD-specific. */
/*
* In the event that OpenBSM doesn't have a file representation of a local
Modified: head/sys/security/audit/audit_bsm_errno.c
==============================================================================
--- head/sys/security/audit/audit_bsm_errno.c Tue Mar 1 13:10:56 2011 (r219127)
+++ head/sys/security/audit/audit_bsm_errno.c Tue Mar 1 13:14:28 2011 (r219128)
@@ -686,6 +686,20 @@ static const struct bsm_errno bsm_errnos
ERRNO_NO_LOCAL_MAPPING,
#endif
ES("Key was rejected by service") },
+ { BSM_ERRNO_ENOTCAPABLE,
+#ifdef ENOTCAPABLE
+ ENOTCAPABLE,
+#else
+ ERRNO_NO_LOCAL_MAPPING,
+#endif
+ ES("Capabilities insufficient") },
+ { BSM_ERRNO_ECAPMODE,
+#ifdef ECAPMODE
+ ECAPMODE,
+#else
+ ERRNO_NO_LOCAL_MAPPING,
+#endif
+ ES("Not permitted in capability mode") },
};
static const int bsm_errnos_count = sizeof(bsm_errnos) / sizeof(bsm_errnos[0]);
Modified: head/sys/sys/errno.h
==============================================================================
--- head/sys/sys/errno.h Tue Mar 1 13:10:56 2011 (r219127)
+++ head/sys/sys/errno.h Tue Mar 1 13:14:28 2011 (r219128)
@@ -175,10 +175,11 @@ __END_DECLS
#ifndef _POSIX_SOURCE
#define ENOTCAPABLE 93 /* Capabilities insufficient */
+#define ECAPMODE 94 /* Not permitted in capability mode */
#endif /* _POSIX_SOURCE */
#ifndef _POSIX_SOURCE
-#define ELAST 93 /* Must be equal largest errno */
+#define ELAST 94 /* Must be equal largest errno */
#endif /* _POSIX_SOURCE */
#ifdef _KERNEL