Date: Thu, 21 Aug 2008 23:33:12 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 148066 for review Message-ID: <200808212333.m7LNXCAS035779@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=148066 Change 148066 by rwatson@rwatson_freebsd_capabilities on 2008/08/21 23:32:57 Allow shm_open(2) in capability mode, but only with SHM_ANON objects. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#9 edit .. //depot/projects/trustedbsd/capabilities/src/sys/kern/uipc_shm.c#4 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#9 (text+ko) ==== @@ -5,7 +5,7 @@ # - sys_exit() and close() are very important. # - Sorted alphabetically, please keep it that way. # -# $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#8 $ +# $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#9 $ # __acl_aclcheck_fd __acl_delete_fd @@ -261,9 +261,9 @@ # setuid # -# shm_open needs scoping (just anonymous memory). +# We allow shm_open(2), but only when used with anonymous objects. # -#shm_open +shm_open shutdown sigaction sigaltstack ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/uipc_shm.c#4 (text+ko) ==== @@ -462,6 +462,14 @@ mode_t cmode; int fd, error; + /* + * shm_open(2) of anonymous objects is allowed in capability mode, + * but naming of globally scoped objects is not. + */ + if ((td->td_ucred->cr_flags & CRED_FLAG_CAPMODE) && + (uap->path != SHM_ANON)) + return (ENOSYS); + if ((uap->flags & O_ACCMODE) != O_RDONLY && (uap->flags & O_ACCMODE) != O_RDWR) return (EINVAL);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808212333.m7LNXCAS035779>