Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 21 Aug 2008 15:18:28 GMT
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 148006 for review
Message-ID:  <200808211518.m7LFISDo047612@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=148006

Change 148006 by rwatson@rwatson_freebsd_capabilities on 2008/08/21 15:18:20

	Check capabilities for ZFS file descriptor ioctls.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ioctl.c#2 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ioctl.c#2 (text+ko) ====

@@ -28,6 +28,7 @@
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/systm.h>
+#include <sys/capability.h>
 #include <sys/conf.h>
 #include <sys/kernel.h>
 #include <sys/lock.h>
@@ -1468,7 +1469,8 @@
 	    strchr(zc->zc_value, '@') == NULL)
 		return (EINVAL);
 
-	error = fget_read(td, zc->zc_cookie, &fp);
+	/* XXXRW: Is this the right capability? */
+	error = fget_read(td, zc->zc_cookie, CAP_READ | CAP_SEEK, &fp);
 	if (error)
 		return (error);
 
@@ -1515,7 +1517,8 @@
 	}
 
 	fd = zc->zc_cookie;
-	error = fget_write(td, fd, &fp);
+	/* XXXRW: Is this the right capability? */
+	error = fget_write(td, fd, CAP_WRITE | CAP_SEEK, &fp);
 	if (error) {
 		dmu_objset_close(tosnap);
 		if (fromsnap)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808211518.m7LFISDo047612>