Date: Mon, 19 Jan 2009 15:15:51 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 156388 for review Message-ID: <200901191515.n0JFFpiL083585@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=156388 Change 156388 by rwatson@rwatson_freebsd_capabilities on 2009/01/19 15:15:21 fork(), wait(), and kill() syscalls no longer required in capability mode, since we have process descriptor variations on these that are capability-centric. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#14 edit .. //depot/projects/trustedbsd/capabilities/src/sys/kern/init_sysent.c#24 edit .. //depot/projects/trustedbsd/capabilities/src/sys/kern/syscalls.c#25 edit .. //depot/projects/trustedbsd/capabilities/src/sys/kern/systrace_args.c#25 edit .. //depot/projects/trustedbsd/capabilities/src/sys/sys/syscall.h#25 edit .. //depot/projects/trustedbsd/capabilities/src/sys/sys/syscall.mk#25 edit .. //depot/projects/trustedbsd/capabilities/src/sys/sys/sysproto.h#25 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#14 (text+ko) ==== @@ -38,7 +38,7 @@ ## - sys_exit(2), abort2(2) and close(2) are very important. ## - Sorted alphabetically, please keep it that way. ## -## $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#13 $ +## $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#14 $ ## ## @@ -191,11 +191,6 @@ flock ## -## Allow fork(2). -## -fork - -## ## Allow fpathconf(2), subject to capability rights. ## fpathconf @@ -356,15 +351,6 @@ kmq_timedsend ## -## For now, don't allow kill(2) and friends, but in the future we will need -## something here to allow inter-process signalling and control. -## -## XXXRW: Revisit. -## -#kill -#killpg - -## ## Allow kqueue(2), we will control use. ## kqueue @@ -530,11 +516,6 @@ recvmsg ## -## Allow rfork(2). -## -rfork - -## ## Allow real-time scheduling primitives to be used. ## ## XXXRW: These require scoping. @@ -743,19 +724,6 @@ uuidgen ## -## Allow vfork(2). -## -vfork - -## -## For now, allow wait(2), wait4(2), etc. -## -## XXXRW: These require scoping. -## -wait -wait4 - -## ## Allow I/O-related file descriptors, subject to capability rights. ## write ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/init_sysent.c#24 (text+ko) ==== @@ -30,12 +30,12 @@ struct sysent sysent[] = { { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0 }, /* 0 = syscall */ { AS(sys_exit_args), (sy_call_t *)sys_exit, AUE_EXIT, NULL, 0, 0, SYF_CAPENABLED }, /* 1 = exit */ - { 0, (sy_call_t *)fork, AUE_FORK, NULL, 0, 0, SYF_CAPENABLED }, /* 2 = fork */ + { 0, (sy_call_t *)fork, AUE_FORK, NULL, 0, 0, 0 }, /* 2 = fork */ { AS(read_args), (sy_call_t *)read, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED }, /* 3 = read */ { AS(write_args), (sy_call_t *)write, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED }, /* 4 = write */ { AS(open_args), (sy_call_t *)open, AUE_OPEN_RWTC, NULL, 0, 0, 0 }, /* 5 = open */ { AS(close_args), (sy_call_t *)close, AUE_CLOSE, NULL, 0, 0, SYF_CAPENABLED }, /* 6 = close */ - { AS(wait_args), (sy_call_t *)wait4, AUE_WAIT4, NULL, 0, 0, SYF_CAPENABLED }, /* 7 = wait4 */ + { AS(wait_args), (sy_call_t *)wait4, AUE_WAIT4, NULL, 0, 0, 0 }, /* 7 = wait4 */ { compat(AS(ocreat_args),creat), AUE_CREAT, NULL, 0, 0, 0 }, /* 8 = old creat */ { AS(link_args), (sy_call_t *)link, AUE_LINK, NULL, 0, 0, 0 }, /* 9 = link */ { AS(unlink_args), (sy_call_t *)unlink, AUE_UNLINK, NULL, 0, 0, 0 }, /* 10 = unlink */ @@ -94,7 +94,7 @@ { compat(AS(getkerninfo_args),getkerninfo), AUE_NULL, NULL, 0, 0, 0 }, /* 63 = old getkerninfo */ { compat(0,getpagesize), AUE_NULL, NULL, 0, 0, SYF_CAPENABLED }, /* 64 = old getpagesize */ { AS(msync_args), (sy_call_t *)msync, AUE_MSYNC, NULL, 0, 0, SYF_CAPENABLED }, /* 65 = msync */ - { 0, (sy_call_t *)vfork, AUE_VFORK, NULL, 0, 0, SYF_CAPENABLED }, /* 66 = vfork */ + { 0, (sy_call_t *)vfork, AUE_VFORK, NULL, 0, 0, 0 }, /* 66 = vfork */ { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0 }, /* 67 = obsolete vread */ { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0 }, /* 68 = obsolete vwrite */ { AS(sbrk_args), (sy_call_t *)sbrk, AUE_SBRK, NULL, 0, 0, SYF_CAPENABLED }, /* 69 = sbrk */ @@ -112,7 +112,7 @@ { 0, (sy_call_t *)getpgrp, AUE_GETPGRP, NULL, 0, 0, SYF_CAPENABLED }, /* 81 = getpgrp */ { AS(setpgid_args), (sy_call_t *)setpgid, AUE_SETPGRP, NULL, 0, 0, 0 }, /* 82 = setpgid */ { AS(setitimer_args), (sy_call_t *)setitimer, AUE_SETITIMER, NULL, 0, 0, SYF_CAPENABLED }, /* 83 = setitimer */ - { compat(0,wait), AUE_WAIT4, NULL, 0, 0, SYF_CAPENABLED }, /* 84 = old wait */ + { compat(0,wait), AUE_WAIT4, NULL, 0, 0, 0 }, /* 84 = old wait */ { AS(swapon_args), (sy_call_t *)swapon, AUE_SWAPON, NULL, 0, 0, 0 }, /* 85 = swapon */ { AS(getitimer_args), (sy_call_t *)getitimer, AUE_GETITIMER, NULL, 0, 0, SYF_CAPENABLED }, /* 86 = getitimer */ { compat(AS(gethostname_args),gethostname), AUE_SYSCTL, NULL, 0, 0, SYF_CAPENABLED }, /* 87 = old gethostname */ @@ -279,7 +279,7 @@ { AS(ntp_gettime_args), (sy_call_t *)ntp_gettime, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED }, /* 248 = ntp_gettime */ { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0 }, /* 249 = nosys */ { AS(minherit_args), (sy_call_t *)minherit, AUE_MINHERIT, NULL, 0, 0, SYF_CAPENABLED }, /* 250 = minherit */ - { AS(rfork_args), (sy_call_t *)rfork, AUE_RFORK, NULL, 0, 0, SYF_CAPENABLED }, /* 251 = rfork */ + { AS(rfork_args), (sy_call_t *)rfork, AUE_RFORK, NULL, 0, 0, 0 }, /* 251 = rfork */ { AS(openbsd_poll_args), (sy_call_t *)openbsd_poll, AUE_POLL, NULL, 0, 0, SYF_CAPENABLED }, /* 252 = openbsd_poll */ { 0, (sy_call_t *)issetugid, AUE_ISSETUGID, NULL, 0, 0, SYF_CAPENABLED }, /* 253 = issetugid */ { AS(lchown_args), (sy_call_t *)lchown, AUE_LCHOWN, NULL, 0, 0, 0 }, /* 254 = lchown */ ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/syscalls.c#25 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/systrace_args.c#25 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/sys/sys/syscall.h#25 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/sys/sys/syscall.mk#25 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/sys/sys/sysproto.h#25 (text+ko) ====
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901191515.n0JFFpiL083585>