From owner-p4-projects@FreeBSD.ORG  Mon Jan 21 11:33:59 2008
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id ED2D616A469; Mon, 21 Jan 2008 11:33:58 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6F0E716A468
	for <perforce@freebsd.org>; Mon, 21 Jan 2008 11:33:58 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 612EC13C447
	for <perforce@freebsd.org>; Mon, 21 Jan 2008 11:33:58 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m0LBXwd6015164
	for <perforce@freebsd.org>; Mon, 21 Jan 2008 11:33:58 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m0LBXwrP015161
	for perforce@freebsd.org; Mon, 21 Jan 2008 11:33:58 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Mon, 21 Jan 2008 11:33:58 GMT
Message-Id: <200801211133.m0LBXwrP015161@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 133773 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2008 11:33:59 -0000

http://perforce.freebsd.org/chv.cgi?CH=133773

Change 133773 by rwatson@rwatson_freebsd_capabilities on 2008/01/21 11:33:35

	CAP_LSEEK -> CAP_SEEK, as it's a flag used alone for lseek() or
	in combination with other operations, such as CAP_READ and
	CAP_WRITE.  It really represents permission to change the file
	offset, not the underlying object.  Comment along these lines.
	Remove CAP_PREAD and CAP_PWRITE for similar reasons.
	
	Note complexities associated with aio and mmap.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#4 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#4 (text+ko) ====

@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#3 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#4 $
  */
 
 /*
@@ -45,7 +45,7 @@
 #define	CAP_READ		0x0000000000000001	/* read/recv */
 #define	CAP_WRITE		0x0000000000000002	/* write/send */
 #define	CAP_FCHDIR		0x0000000000000004	/* fchdir */
-#define	CAP_LSEEK		0x0000000000000008	/* lseek */
+#define	CAP_SEEK		0x0000000000000008	/* lseek, various io */
 #define	CAP_GETPEERNAME		0x0000000000000010	/* getpeername */
 #define	CAP_GETSOCKNAME		0x0000000000000020	/* getsockname */
 #define	CAP_FCHFLAGS		0x0000000000000040	/* fchflags */
@@ -61,8 +61,8 @@
 #define	CAP_FLOCK		0x0000000000010000	/* flock */
 #define	CAP_GETDIRENTRIES	0x0000000000020000	/* getdirentries */
 #define	CAP_FSTATFS		0x0000000000040000	/* fstatfs */
-#define	CAP_PREAD		0x0000000000080000	/* pread */
-#define	CAP_PWRITE		0x0000000000100000	/* pwrite */
+#define	_CAP_UNUSED0		0x0000000000080000
+#define	_CAP_UNUSED1		0x0000000000100000
 #define	CAP_FPATHCONF		0x0000000000200000	/* fpathconf */
 #define	CAP_FUTIMES		0x0000000000400000	/* futimes */
 #define	CAP_AIO			0x0000000000800000	/* aio_* */
@@ -84,7 +84,7 @@
 #define	CAP_LISTEN		0x0000008000000000	/* listen */
 #define	CAP_SHUTDOWN		0x0000010000000000	/* shutdown */
 #define	CAP_PEELOFF		0x0000020000000000	/* sctp_peeloff */
-#define	CAP_MASK_VALID		0x000003ffffffffff
+#define	CAP_MASK_VALID		0x000003ffffe7ffff
 
 /*
  * Notes:
@@ -92,6 +92,11 @@
  * Some system calls don't require a capability in order to perform an
  * operation on an fd.  These include: close, dup, dup2.
  *
+ * CAP_SEEK is used alone for lseek, but along-side CAP_READ and CAP_WRITE
+ * for various I/O calls, such as read/write/send/receive.
+ *
+ * pread and pwrite will not use CAP_SEEK.
+ *
  * CAP_EVENT covers select, poll, and kqueue registration for a capability.
  *
  * CAP_AIO is combined with other capabilities to authorize specific AIO
@@ -102,6 +107,9 @@
  *
  * sendto should check CAP_CONNECT as well as CAP_WRITE if an address is
  * specified.
+ *
+ * mmap() and aio*() system calls will need special attention as they may
+ * involve reads or writes depending a great deal on context.
  */
 
 #ifdef _KERNEL