Date: Sat, 23 Feb 2013 23:11:16 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: freebsd-arch@FreeBSD.org Subject: Re: Large Capsicum patch for review. Message-ID: <20130223221116.GR1377@garage.freebsd.pl> In-Reply-To: <20130213230221.GB1375@garage.freebsd.pl> References: <20130213025547.GA2025@garage.freebsd.pl> <20130213230221.GB1375@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
--dLXnlYbDJNCwF3YM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 14, 2013 at 12:02:22AM +0100, Pawel Jakub Dawidek wrote: > Hi. >=20 > I'd like to commit this patch: >=20 > http://people.freebsd.org/~pjd/patches/capkern.diff The patch was updated after the following changes and is available at the link above: - Added defines for consistency as some rights allow for both regular syscalls and *at() variant of the syscall, eg. CAP_FCHMOD allows for both fchmod(2) and fchmodat(2): #define CAP_FCHMODAT CAP_FCHMOD #define CAP_FCHOWNAT CAP_FCHOWN #define CAP_FSTATAT CAP_FSTAT #define CAP_FUTIMESAT CAP_FUTIMES - Now that we have cap_ioctls_limit(2) syscalls I made ioctl(2) available in the capability mode (should've been done earlier). - Removed cap_new(2) manual page, as it should not be used in new code. - Because the fgetvp_rights() was only used in one place where the filedesc lock was held, the function was modified to make use of this fact, which allowed to simplify some code. - Introduced new right - CAP_RENAMEAT which has to be set on the source (from) directory descriptor for renameat(2) syscall. CAP_UNLINKAT didn't really fit here, as the file is not completely removed from the file system, it just changes place. - If renaming via renameat(2) would cause removal of an already existing entry, we now require CAP_UNLINKAT on the destination (to) directory descriptor in addition to CAP_LINKAT. - If O_WRONLY or O_RDWR is specified _without_ the O_APPEND flag for openat(2), we now also require CAP_SEEK capability right. Without CAP_SEEK, file can be opened for writing only when O_APPEND flag is also specified. - Updated documentation of all capability rights in cap_rights_limit(2). A review would be very welcome! --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --dLXnlYbDJNCwF3YM Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlEpPoQACgkQForvXbEpPzQAmgCgxKblcJhSOGRSie35Yqz61ElX 2sgAoOB7n9npebmO3tZVtmnYLQbC7HKt =vh6r -----END PGP SIGNATURE----- --dLXnlYbDJNCwF3YM--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130223221116.GR1377>