Date: Mon, 21 Jan 2008 11:33:58 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 133773 for review Message-ID: <200801211133.m0LBXwrP015161@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=133773 Change 133773 by rwatson@rwatson_freebsd_capabilities on 2008/01/21 11:33:35 CAP_LSEEK -> CAP_SEEK, as it's a flag used alone for lseek() or in combination with other operations, such as CAP_READ and CAP_WRITE. It really represents permission to change the file offset, not the underlying object. Comment along these lines. Remove CAP_PREAD and CAP_PWRITE for similar reasons. Note complexities associated with aio and mmap. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#4 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#4 (text+ko) ==== @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#3 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#4 $ */ /* @@ -45,7 +45,7 @@ #define CAP_READ 0x0000000000000001 /* read/recv */ #define CAP_WRITE 0x0000000000000002 /* write/send */ #define CAP_FCHDIR 0x0000000000000004 /* fchdir */ -#define CAP_LSEEK 0x0000000000000008 /* lseek */ +#define CAP_SEEK 0x0000000000000008 /* lseek, various io */ #define CAP_GETPEERNAME 0x0000000000000010 /* getpeername */ #define CAP_GETSOCKNAME 0x0000000000000020 /* getsockname */ #define CAP_FCHFLAGS 0x0000000000000040 /* fchflags */ @@ -61,8 +61,8 @@ #define CAP_FLOCK 0x0000000000010000 /* flock */ #define CAP_GETDIRENTRIES 0x0000000000020000 /* getdirentries */ #define CAP_FSTATFS 0x0000000000040000 /* fstatfs */ -#define CAP_PREAD 0x0000000000080000 /* pread */ -#define CAP_PWRITE 0x0000000000100000 /* pwrite */ +#define _CAP_UNUSED0 0x0000000000080000 +#define _CAP_UNUSED1 0x0000000000100000 #define CAP_FPATHCONF 0x0000000000200000 /* fpathconf */ #define CAP_FUTIMES 0x0000000000400000 /* futimes */ #define CAP_AIO 0x0000000000800000 /* aio_* */ @@ -84,7 +84,7 @@ #define CAP_LISTEN 0x0000008000000000 /* listen */ #define CAP_SHUTDOWN 0x0000010000000000 /* shutdown */ #define CAP_PEELOFF 0x0000020000000000 /* sctp_peeloff */ -#define CAP_MASK_VALID 0x000003ffffffffff +#define CAP_MASK_VALID 0x000003ffffe7ffff /* * Notes: @@ -92,6 +92,11 @@ * Some system calls don't require a capability in order to perform an * operation on an fd. These include: close, dup, dup2. * + * CAP_SEEK is used alone for lseek, but along-side CAP_READ and CAP_WRITE + * for various I/O calls, such as read/write/send/receive. + * + * pread and pwrite will not use CAP_SEEK. + * * CAP_EVENT covers select, poll, and kqueue registration for a capability. * * CAP_AIO is combined with other capabilities to authorize specific AIO @@ -102,6 +107,9 @@ * * sendto should check CAP_CONNECT as well as CAP_WRITE if an address is * specified. + * + * mmap() and aio*() system calls will need special attention as they may + * involve reads or writes depending a great deal on context. */ #ifdef _KERNEL
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801211133.m0LBXwrP015161>