Date: Thu, 21 Aug 2008 18:02:21 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 148019 for review Message-ID: <200808211802.m7LI2LXS074354@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=148019 Change 148019 by rwatson@rwatson_freebsd_capabilities on 2008/08/21 18:01:42 Allow building a kernel without options CAPABILITIES by providing some no-op stubs. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/sys/conf/files#8 edit .. //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#17 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/sys/conf/files#8 (text+ko) ==== @@ -1650,7 +1650,7 @@ kern/subr_turnstile.c standard kern/subr_unit.c standard kern/subr_witness.c optional witness -kern/sys_capability.c optional capabilities +kern/sys_capability.c standard kern/sys_generic.c standard kern/sys_pipe.c standard kern/sys_process.c standard ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#17 (text+ko) ==== @@ -40,8 +40,10 @@ * XXXRW: See the global TODO for things that need to be done. */ +#include "opt_capabilities.h" + #include <sys/cdefs.h> -__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#16 $"); +__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#17 $"); #include <sys/param.h> #include <sys/capability.h> @@ -52,11 +54,14 @@ #include <sys/mutex.h> #include <sys/proc.h> #include <sys/sysproto.h> +#include <sys/sysctl.h> #include <sys/systm.h> #include <sys/ucred.h> #include <vm/uma.h> +#ifdef CAPABILITIES + /* * struct capability describes a capability, and is hung off of its struct * file f_data field. cap_file and cap_rightss are static once hooked up, as @@ -111,6 +116,14 @@ static uma_zone_t capability_zone; +/* + * We don't currently have any MIB entries for sysctls, but we do expose + * security.capabilities so that it's easy to tell if options CAPABILITIES is + * compiled into the kernel. + */ +SYSCTL_NODE(_security, OID_AUTO, capabilities, CTLFLAG_RW, 0, + "TrustedBSD Capabilities controls"); + static void capability_init(void *dummy __unused) { @@ -383,3 +396,50 @@ panic("capability_stat"); } + +#else /* !CAPABILITIES */ + +/* + * Stub Capability functions for when options CAPABILITIES isn't compiled + * into the kernel. + */ +int +cap_fextract(struct file *fp_cap, cap_rights_t rights, struct file **fpp) +{ + + KASSERT(fp_cap->f_type != DTYPE_CAPABILITY, + ("cap_fextract: saw capability")); + + *fpp = fp_cap; + return (0); +} + +int +cap_enter(struct thread *td, struct cap_enter_args *uap) +{ + + return (ENOSYS); +} + +int +cap_getmode(struct thread *td, struct cap_getmode_args *uap) +{ + + return (ENOSYS); +} + +int +cap_new(struct thread *td, struct cap_new_args *uap) +{ + + return (ENOSYS); +} + +int +cap_getrights(struct thread *td, struct cap_getrights_args *uap) +{ + + return (ENOSYS); +} + +#endif /* CAPABILITIES */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808211802.m7LI2LXS074354>