Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 1 Mar 2011 13:14:28 +0000 (UTC)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r219128 - in head/sys: bsm security/audit sys
Message-ID:  <201103011314.p21DESH9027261@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: rwatson
Date: Tue Mar  1 13:14:28 2011
New Revision: 219128
URL: http://svn.freebsd.org/changeset/base/219128

Log:
  Add ECAPMODE, "Not permitted in capability mode", a new kernel errno
  constant to indicate that a system call (or perhaps an operation requested
  via a system call) is not permitted for a capability mode process.
  
  Submitted by:	anderson
  Sponsored by:	Google, Inc.
  Obtained from:	Capsicum Project
  MFC after:	1 week

Modified:
  head/sys/bsm/audit_errno.h
  head/sys/security/audit/audit_bsm_errno.c
  head/sys/sys/errno.h

Modified: head/sys/bsm/audit_errno.h
==============================================================================
--- head/sys/bsm/audit_errno.h	Tue Mar  1 13:10:56 2011	(r219127)
+++ head/sys/bsm/audit_errno.h	Tue Mar  1 13:14:28 2011	(r219128)
@@ -205,6 +205,8 @@
 #define	BSM_ERRNO_EKEYEXPIRED		220	/* Linux-specific. */
 #define	BSM_ERRNO_EKEYREVOKED		221	/* Linux-specific. */
 #define	BSM_ERRNO_EKEYREJECTED		222	/* Linux-specific. */
+#define	BSM_ERRNO_ENOTCAPABLE		223	/* FreeBSD-specific. */
+#define	BSM_ERRNO_ECAPMODE		224	/* FreeBSD-specific. */
 
 /*
  * In the event that OpenBSM doesn't have a file representation of a local

Modified: head/sys/security/audit/audit_bsm_errno.c
==============================================================================
--- head/sys/security/audit/audit_bsm_errno.c	Tue Mar  1 13:10:56 2011	(r219127)
+++ head/sys/security/audit/audit_bsm_errno.c	Tue Mar  1 13:14:28 2011	(r219128)
@@ -686,6 +686,20 @@ static const struct bsm_errno bsm_errnos
 	ERRNO_NO_LOCAL_MAPPING,
 #endif
 	ES("Key was rejected by service") },
+	{ BSM_ERRNO_ENOTCAPABLE,
+#ifdef ENOTCAPABLE
+	ENOTCAPABLE,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	ES("Capabilities insufficient") },
+	{ BSM_ERRNO_ECAPMODE,
+#ifdef ECAPMODE
+	ECAPMODE,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	ES("Not permitted in capability mode") },
 };
 static const int bsm_errnos_count = sizeof(bsm_errnos) / sizeof(bsm_errnos[0]);
 

Modified: head/sys/sys/errno.h
==============================================================================
--- head/sys/sys/errno.h	Tue Mar  1 13:10:56 2011	(r219127)
+++ head/sys/sys/errno.h	Tue Mar  1 13:14:28 2011	(r219128)
@@ -175,10 +175,11 @@ __END_DECLS
 
 #ifndef _POSIX_SOURCE
 #define	ENOTCAPABLE	93		/* Capabilities insufficient */
+#define	ECAPMODE		94		/* Not permitted in capability mode */
 #endif /* _POSIX_SOURCE */
 
 #ifndef _POSIX_SOURCE
-#define	ELAST		93		/* Must be equal largest errno */
+#define	ELAST		94		/* Must be equal largest errno */
 #endif /* _POSIX_SOURCE */
 
 #ifdef _KERNEL

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201103011314.p21DESH9027261>