Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 25 Nov 2023 12:19:58 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 275330] Capsicum should have "static" initializer as well
Message-ID:  <bug-275330-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275330

            Bug ID: 275330
           Summary: Capsicum should have "static" initializer as well
           Product: Base System
           Version: 14.0-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: vini.ipsmaker@gmail.com

I recently wrote Lua bindings for Capsicum and faced two inconveniences with
the API.

First problem is related to initalization. I'm using gperf to translate a
string known only at runtime (whatever the Lua code is trying to do) to a
cap_rights_t. Something like:

cap_rights_t values[N] =3D {
  CAP_READ, // HASH("CAP_READ") =3D 0
  CAP_WRITE, // HASH("CAP_WRITE") =3D 0
  // ...
};

However there are several holes in this table that are used whenever the
known-at-runtime-string doesn't point to a valid capability and I need to
initialize them to a default value.

Other APIs such as POSIX threads solve this problem by offering a macro
(PTHREAD_MUTEX_INITIALIZER) that can be used to initialize the variable ins=
tead
of calling a function.

It'd be very helpful if Capsicum offered a macro CAP_RIGHTS_INITIALIZER in =
the
same fashion. That'd solve half of my problems with Capsicum's API.

The second problem I'm facing is a lack of a function to check whether
cap_rights_t is empty. Right now I have to do this:

cap_rights_t all_rights;
cap_rights_init(&all_rights);
CAP_ALL(&all_rights); //< I don't even know whether CAP_ALL() is part of the
intended public API
cap_rights_t complement =3D all_rights;
cap_rights_remove(&complement, &flag); //< flag is what I want to know whet=
her
is empty
if (cap_rights_contains(&complement, &all_rights)) {
    // ...
}

That's *very* inconvenient (and inefficient). Can we have
cap_rights_is_empty(flag)? That'd solve the other half of my problems with =
the
API.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-275330-227>