Date: Sat, 30 Jan 2010 11:39:39 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 173945 for review Message-ID: <201001301139.o0UBddgB035373@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/chv.cgi?CH=173945 Change 173945 by rwatson@rwatson_vimage_client on 2010/01/30 11:38:39 Support optionally passing the pshm segment into the sandbox better; don't try to install the fd if we don't have one. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#6 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#6 (text+ko) ==== @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#5 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#6 $ */ #include <sys/param.h> @@ -150,7 +150,7 @@ struct lc_library *lclp, u_int lcl_count, const char *binname, char *const argv[], struct lc_fdlist *fds) { - int *fd_array, fdcount; + int *fd_array, fdcount, fdnum; struct sbuf *sbufp; int shmfd = -1; size_t fdlistsize; @@ -196,7 +196,11 @@ if (lc_limitfd(fd_libsbuf, LIBCAPABILITY_CAPMASK_LIB) < 0) return; - fdcount = 11 + lcl_count; + fdnum = 10; + if (shmfd != -1) + fdnum++; + + fdcount = fdnum + lcl_count; fd_array = malloc(fdcount * sizeof(int)); if (fd_array == NULL) return; @@ -221,11 +225,12 @@ fd_array[7] = fd_libcapsicum; fd_array[8] = fd_libsbuf; fd_array[9] = fd_devnull; - fd_array[10] = shmfd; + if (shmfd != -1) + fd_array[10] = shmfd; for (i = 0; i < lcl_count; i++) { if (lc_limitfd(lclp->lcl_fd, LIBCAPABILITY_CAPMASK_LIB) < 0) return; - fd_array[i + 11] = lclp[i].lcl_fd; + fd_array[i + fdnum] = lclp[i].lcl_fd; } if (lch_installfds(fdcount, fd_array) < 0) @@ -238,7 +243,7 @@ 3, binname, 5, LD_ELF_CAP_SO, 6, LIBC_SO, 7, LIBCAPABILITY_SO, 8, LIBSBUF_SO, 9, _PATH_DEVNULL); for (i = 0; i < lcl_count; i++) - (void)sbuf_printf(sbufp, ",%d:%s", i + 11, + (void)sbuf_printf(sbufp, ",%d:%s", i + fdnum, lclp[i].lcl_libname); sbuf_finish(sbufp); if (sbuf_overflowed(sbufp)) @@ -258,7 +263,7 @@ return; sbuf_delete(sbufp); - if (fds != NULL) { + if (shmfd != -1) { sprintf(fdliststr, "%d", 10); if (setenv(LIBCAPABILITY_SANDBOX_FDLIST, fdliststr, 1) == -1) return;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001301139.o0UBddgB035373>