Date: Sat, 13 Jul 2019 00:12:35 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r349959 - stable/11/usr.sbin/bhyve Message-ID: <201907130012.x6D0CZxF015364@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Sat Jul 13 00:12:35 2019 New Revision: 349959 URL: https://svnweb.freebsd.org/changeset/base/349959 Log: Add Capsicumification of the virtio_console device model. This is a direct commit to stable/11. This change was missed when merging virtio_console to 11 because the capsicum change and virtio_console changes were merged in the opposite order of the changes in head. Modified: stable/11/usr.sbin/bhyve/pci_virtio_console.c Modified: stable/11/usr.sbin/bhyve/pci_virtio_console.c ============================================================================== --- stable/11/usr.sbin/bhyve/pci_virtio_console.c Fri Jul 12 22:31:12 2019 (r349958) +++ stable/11/usr.sbin/bhyve/pci_virtio_console.c Sat Jul 13 00:12:35 2019 (r349959) @@ -34,12 +34,16 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> +#ifndef WITHOUT_CAPSICUM +#include <sys/capsicum.h> +#endif #include <sys/linker_set.h> #include <sys/uio.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/un.h> +#include <err.h> #include <errno.h> #include <fcntl.h> #include <stdio.h> @@ -50,6 +54,7 @@ __FBSDID("$FreeBSD$"); #include <assert.h> #include <pthread.h> #include <libgen.h> +#include <sysexits.h> #include "bhyverun.h" #include "pci_emul.h" @@ -270,6 +275,9 @@ pci_vtcon_sock_add(struct pci_vtcon_softc *sc, const c struct pci_vtcon_sock *sock; struct sockaddr_un sun; int s = -1, fd = -1, error = 0; +#ifndef WITHOUT_CAPSICUM + cap_rights_t rights; +#endif sock = calloc(1, sizeof(struct pci_vtcon_sock)); if (sock == NULL) { @@ -308,6 +316,11 @@ pci_vtcon_sock_add(struct pci_vtcon_softc *sc, const c goto out; } +#ifndef WITHOUT_CAPSICUM + cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE); + if (cap_rights_limit(s, &rights) == -1 && errno != ENOSYS) + errx(EX_OSERR, "Unable to apply rights for sandbox"); +#endif sock->vss_port = pci_vtcon_port_add(sc, name, pci_vtcon_sock_tx, sock); if (sock->vss_port == NULL) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201907130012.x6D0CZxF015364>