Date: Sun, 20 Jan 2008 21:31:46 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 133742 for review Message-ID: <200801202131.m0KLVkEY012612@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=133742 Change 133742 by rwatson@rwatson_freebsd_capabilities on 2008/01/20 21:31:33 Add definitions for TrustedBSD capability interface: - A mask of capability rights reflecting various sorts of fd-based operations, undoubtably to get bigger. - New system call cap_new(), which returns a capability with the specified rights derived from an existing file descriptor. If the existing descriptor is a capability, the new rights must be a subset of the existing rights. - New system call cap_getrights(), which queries the rights associated with a capability. - Implement capability wrappers for the basic fo_*_t methods, passing operations through to the underlying file descriptor. - Lots of XXX's. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/sys/conf/NOTES#2 edit .. //depot/projects/trustedbsd/capabilities/src/sys/conf/files#2 edit .. //depot/projects/trustedbsd/capabilities/src/sys/conf/options#2 edit .. //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_capability.c#1 add .. //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_descrip.c#2 edit .. //depot/projects/trustedbsd/capabilities/src/sys/kern/syscalls.master#2 edit .. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#1 add .. //depot/projects/trustedbsd/capabilities/src/sys/sys/file.h#2 edit .. //depot/projects/trustedbsd/capabilities/src/sys/sys/user.h#2 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/sys/conf/NOTES#2 (text+ko) ==== @@ -1090,6 +1090,9 @@ # Support for BSM audit options AUDIT +# Support for kernel capabilities +options CAPABILITIES + # Support for Mandatory Access Control (MAC): options MAC options MAC_BIBA ==== //depot/projects/trustedbsd/capabilities/src/sys/conf/files#2 (text+ko) ==== @@ -1420,6 +1420,7 @@ kern/ksched.c optional _kposix_priority_scheduling kern/kern_acct.c standard kern/kern_alq.c optional alq +kern/kern_capability.c optional capabilities kern/kern_clock.c standard kern/kern_condvar.c standard kern/kern_conf.c standard ==== //depot/projects/trustedbsd/capabilities/src/sys/conf/options#2 (text+ko) ==== @@ -61,6 +61,7 @@ ADAPTIVE_SX ALQ AUDIT opt_global.h +CAPABILITIES opt_capabilities.h CODA_COMPAT_5 opt_coda.h COMPAT_43 opt_compat.h COMPAT_43TTY opt_compat.h ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_descrip.c#2 (text+ko) ==== @@ -2514,6 +2514,14 @@ kif->kf_type = KF_TYPE_MQUEUE; break; + case DTYPE_SHM: + kif->kf_type = KF_TYPE_SHM; + break; + + case DTYPE_CAPABILITY: + kif->kf_type = KF_TYPE_CAPABILITY; + break; + default: kif->kf_type = KF_TYPE_UNKNOWN; break; ==== //depot/projects/trustedbsd/capabilities/src/sys/kern/syscalls.master#2 (text+ko) ==== @@ -850,5 +850,8 @@ 482 AUE_NULL STD { int shm_open(const char *path, int flags, \ mode_t mode); } 483 AUE_NULL STD { int shm_unlink(const char *path); } +484 AUE_NULL STD { int cap_new(int fd, u_int64_t rights); } +485 AUE_NULL STD { int cap_getrights(int fd, \ + u_int64_t *rightsp); } ; Please copy any additions and changes to the following compatability tables: ; sys/compat/freebsd32/syscalls.master ==== //depot/projects/trustedbsd/capabilities/src/sys/sys/file.h#2 (text+ko) ==== @@ -60,6 +60,7 @@ #define DTYPE_CRYPTO 6 /* crypto */ #define DTYPE_MQUEUE 7 /* posix message queue */ #define DTYPE_SHM 8 /* swap-backed shared memory */ +#define DTYPE_CAPABILITY 9 /* capability */ #ifdef _KERNEL ==== //depot/projects/trustedbsd/capabilities/src/sys/sys/user.h#2 (text+ko) ==== @@ -245,6 +245,8 @@ #define KF_TYPE_KQUEUE 5 #define KF_TYPE_CRYPTO 6 #define KF_TYPE_MQUEUE 7 +#define KF_TYPE_SHM 8 +#define KF_TYPE_CAPABILITY 9 #define KF_TYPE_UNKNOWN 255 #define KF_VTYPE_VNON 0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801202131.m0KLVkEY012612>