From owner-svn-src-head@FreeBSD.ORG  Mon May 23 20:59:50 2011
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6DD6C106564A;
	Mon, 23 May 2011 20:59:50 +0000 (UTC) (envelope-from pjd@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 5F1808FC14;
	Mon, 23 May 2011 20:59:50 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p4NKxoAK037497;
	Mon, 23 May 2011 20:59:50 GMT (envelope-from pjd@svn.freebsd.org)
Received: (from pjd@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id p4NKxoJc037495;
	Mon, 23 May 2011 20:59:50 GMT (envelope-from pjd@svn.freebsd.org)
Message-Id: <201105232059.p4NKxoJc037495@svn.freebsd.org>
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
Date: Mon, 23 May 2011 20:59:50 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r222224 - head/sbin/hastd
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 23 May 2011 20:59:50 -0000

Author: pjd
Date: Mon May 23 20:59:50 2011
New Revision: 222224
URL: http://svn.freebsd.org/changeset/base/222224

Log:
  To handle BIO_FLUSH and BIO_DELETE requests in secondary worker we need
  to use ioctl(2). This is why we can't use capsicum for now to sandbox
  secondary. Capsicum is still used to sandbox hastctl.
  
  MFC after:	1 week

Modified:
  head/sbin/hastd/subr.c

Modified: head/sbin/hastd/subr.c
==============================================================================
--- head/sbin/hastd/subr.c	Mon May 23 20:18:09 2011	(r222223)
+++ head/sbin/hastd/subr.c	Mon May 23 20:59:50 2011	(r222224)
@@ -224,7 +224,13 @@ drop_privs(struct hast_resource *res)
 		return (-1);
 	}
 
-	if (res == NULL || res->hr_role != HAST_ROLE_PRIMARY)
+	/*
+	 * Until capsicum doesn't allow ioctl(2) we cannot use it to sandbox
+	 * primary and secondary worker processes, as primary uses GGATE
+	 * ioctls and secondary uses ioctls to handle BIO_DELETE and BIO_FLUSH.
+	 * For now capsicum is only used to sandbox hastctl.
+	 */
+	if (res == NULL)
 		capsicum = (cap_enter() == 0);
 	else
 		capsicum = false;