From owner-p4-projects@FreeBSD.ORG  Tue Feb  2 19:58:06 2010
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 9DA60106568B; Tue,  2 Feb 2010 19:58:06 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 621941065672
	for <perforce@freebsd.org>; Tue,  2 Feb 2010 19:58:06 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 4E4C88FC1A
	for <perforce@freebsd.org>; Tue,  2 Feb 2010 19:58:06 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id o12Jw6IF006675
	for <perforce@freebsd.org>; Tue, 2 Feb 2010 19:58:06 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id o12Jw6Ro006673
	for perforce@freebsd.org; Tue, 2 Feb 2010 19:58:06 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Tue, 2 Feb 2010 19:58:06 GMT
Message-Id: <201002021958.o12Jw6Ro006673@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Precedence: bulk
Cc: 
Subject: PERFORCE change 174184 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2010 19:58:06 -0000

http://p4web.freebsd.org/chv.cgi?CH=174184

Change 174184 by rwatson@rwatson_vimage_client on 2010/02/02 19:57:54

	Update a number of regression tests, some to the point of
	workingness, for the new world order.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/tools/cap/fdlist/fdlist.c#9 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/fdrpc/fdrpc.c#8 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/fdsendrecv/fdsendrecv.c#5 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_echo/sandbox_echo.c#12 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_world/sandbox_world.c#7 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/tools/cap/fdlist/fdlist.c#9 (text+ko) ====

@@ -56,69 +56,44 @@
 int
 main(int argc, char *argv[])
 {
+	struct lc_fdlist *lfp;
+	int testfd;
+
 	printf("fdlist: PID %d\n", getpid());
 
-	/* create a shared memory segment for FDs */
-	int shmfd = shm_open(SHM_ANON, O_RDWR, 0600);
-	if (shmfd < 0)
-		err(-1, "Error opening shared memory");
-
-
 	/* create an FD list and add some junk to it */
-	struct lc_fdlist *lfp = lc_fdlist_new();
-	if (lfp == NULL) err(-1, "Error in lc_fdlist_new()");
+	lfp = lc_fdlist_new();
+	if (lfp == NULL)
+		err(-1, "lc_fdlist_new()");
 
-	lc_fdlist_addcap(lfp, "org.freebsd.Capsicum.fdlist", "stdin", "",
+	lc_fdlist_addcap(lfp, "org.freebsd.test.fdlist", "stdin", "",
 	                 0, CAP_READ);
 
-	lc_fdlist_addcap(lfp, "org.freebsd.Capsicum.fdlist", "stdout", "",
+	lc_fdlist_addcap(lfp, "org.freebsd.test.fdlist", "stdout", "",
 	                 1, CAP_WRITE | CAP_SEEK);
 
-	lc_fdlist_addcap(lfp, "org.freebsd.Capsicum.fdlist", "stderr", "",
+	lc_fdlist_addcap(lfp, "org.freebsd.test.fdlist", "stderr", "",
 	                 2, CAP_WRITE | CAP_SEEK);
 
-	lc_fdlist_add(lfp, "org.freebsd.Capsicum.fdlist", "testfile",
+	lc_fdlist_add(lfp, "org.freebsd.test.fdlist", "testfile",
 	              "/etc/passwd", open("/etc/passwd", O_RDONLY));
-	lc_fdlist_addcap(lfp, "org.freebsd.Capsicum.fdlist", "testfile",
+	lc_fdlist_addcap(lfp, "org.freebsd.test.fdlist", "testfile",
 	                 "/etc/group", open("/etc/group", O_RDONLY), CAP_READ);
-	lc_fdlist_add(lfp, "org.freebsd.Capsicum.fdlist", "fdlist",
-	                 "<anonymous POSIX SHM>", shmfd);
-
-	print_fdlist(lfp);
-
-	printf("Reordering FDs...\n");
-	if (lc_fdlist_reorder(lfp))
-		err(-1, "lc_fdlist_reorder(lfp) failed");
 
 	print_fdlist(lfp);
 
-
 	char *name;
-	if (lc_fdlist_lookup(lfp, "org.freebsd.Capsicum.fdlist", "fdlist",
-	                     &name, &shmfd, NULL) < 0) {
-		err(-1, "Error in lc_fdlist_lookup()");
+	if (lc_fdlist_lookup(lfp, "org.freebsd.test.fdlist", "stdin",
+	                     &name, &testfd, NULL) < 0) {
+		err(-1, "lc_fdlist_lookup: can't find stdin");
 	}
 
-	int size = lc_fdlist_size(lfp);
-	if (ftruncate(shmfd, size) < 0)
-		err(-1, "Error truncating shmfd");
-
-	void *shm = mmap(NULL, size, PROT_READ | PROT_WRITE,
-	                 MAP_NOSYNC | MAP_SHARED, shmfd, 0);
-
-	if (shm == MAP_FAILED)
-		err(-1, "Error mmap'ing shared memory");
-
-
-	memcpy(shm, lfp, lc_fdlist_size(lfp));
-
-
 	printf("Starting sandbox...\n");
 
-
 	/* run sandbox */
 	int me = open(argv[0], O_RDONLY);
-	if (me < 0) err(-1, "Error opening my own binary, '%s'", argv[0]);
+	if (me < 0)
+		err(-1, "Error opening my own binary, '%s'", argv[0]);
 
 	char *sargv[] = { "fdlist-sandbox", NULL };
 	struct lc_sandbox *sandbox;
@@ -134,7 +109,8 @@
 
 
 
-int cap_main(__unused int argc, __unused char *argv[])
+int
+cap_main(__unused int argc, __unused char *argv[])
 {
 	printf("cap_main() alive\n"); fflush(stdout);
 
@@ -157,9 +133,8 @@
 	return 0;
 }
 
-
-
-void print_fdlist(struct lc_fdlist* lfp)
+void
+print_fdlist(struct lc_fdlist* lfp)
 {
 	int pos = 0;
 	char *subsystem;
@@ -173,4 +148,3 @@
 		       pos, subsystem, class, name, fd);
 	}
 }
-

==== //depot/projects/trustedbsd/capabilities/src/tools/cap/fdrpc/fdrpc.c#8 (text+ko) ====

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2009 Robert N. M. Watson
+ * Copyright (c) 2009-2010 Robert N. M. Watson
  * All rights reserved.
  *
  * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
@@ -71,7 +71,8 @@
 	/*
 	 * Create a sandbox, do permit access to stderr.
 	 */
-	if (lch_start(FDRPC_SANDBOX, fdrpc_argv, LCH_PERMIT_STDERR, &lcsp) < 0)
+	if (lch_start(FDRPC_SANDBOX, fdrpc_argv, LCH_PERMIT_STDERR, NULL,
+	    &lcsp) < 0)
 		err(-1, "lch_start %s", FDRPC_SANDBOX);
 
 	/*

==== //depot/projects/trustedbsd/capabilities/src/tools/cap/fdsendrecv/fdsendrecv.c#5 (text+ko) ====

@@ -60,7 +60,7 @@
 		errx(-1, "usage: fdsendrecv_host");
 
 	if (lch_start(FDSENDRECV_SANDBOX, fdsendrecv_argv, LCH_PERMIT_STDERR,
-	    &lcsp) < 0)
+	    NULL, &lcsp) < 0)
 		err(-1, "lch_start %s", FDSENDRECV_SANDBOX);
 
 	/*
@@ -79,7 +79,8 @@
 	if (fdcount == 1)
 		printf("lch_recv_rights: OK\n");
 	else
-		printf("lch_recv_rights: fdcount %d\n", fdcount);
+		printf("lch_recv_rights: fdcount %d: %d %d\n", fdcount,
+		    fdarray[0], fdarray[1]);
 
 	lch_stop(lcsp);
 }
@@ -97,14 +98,17 @@
 
 	while (1) {
 		fdcount = 2;
+		fdarray[0] = fdarray[1] = -1;
 		len = lcs_recv_rights(lchp, &ch, sizeof(ch), MSG_WAITALL,
 		    fdarray, &fdcount);
 		if (len < 0)
 			err(-1, "lcs_recv_rights");
 		if (len != sizeof(ch))
 			errx(-1, "lcs_recv_rights: len %d", len);
+		fflush(stdout);
 		if (fdcount != 1)
-			errx(-1, "lcs_recv_rights: fdcount %d", fdcount);
+			errx(-1, "lcs_recv_rights: fdcount %d: %d %d",
+			    fdcount, fdarray[0], fdarray[1]);
 		len = lcs_send_rights(lchp, &ch, sizeof(ch), 0, fdarray,
 		    fdcount);
 		if (len < 0)

==== //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_echo/sandbox_echo.c#12 (text+ko) ====

@@ -61,7 +61,7 @@
 		errx(-1, "usage: sandbox_echo");
 
 	if (lch_start(MYNAME, sandbox_argv,
-	    LCH_PERMIT_STDOUT | LCH_PERMIT_STDERR, &lcsp) < 0)
+	    LCH_PERMIT_STDOUT | LCH_PERMIT_STDERR, NULL, &lcsp) < 0)
 		err(-1, "lch_start %s", argv[1]);
 
 	for (i = 0; i < 10; i++) {
@@ -107,7 +107,7 @@
 			err(-10, "ld_libcache_lookup(%s)", MYNAME);
 
 		if (lch_startfd(fd, MYNAME, sandbox_argv, LCH_PERMIT_STDERR,
-		    &lcsp) < 0)
+		    NULL, &lcsp) < 0)
                 	err(-1, "lch_startfd %s", argv[1]);
 		while (1) {
 			if (lcs_recvrpc(lchp, &opno, &seqno, &buffer, &len)

==== //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_world/sandbox_world.c#7 (text+ko) ====

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2009 Robert N. M. Watson
+ * Copyright (c) 2009-2010 Robert N. M. Watson
  * All rights reserved.
  *
  * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
@@ -72,7 +72,7 @@
 	 * Create a sandbox, do permit access to stdout and stderr.
 	 */
 	if (lch_start(MYNAME, sandbox_argv, LCH_PERMIT_STDERR |
-	    LCH_PERMIT_STDOUT, &lcsp) < 0)
+	    LCH_PERMIT_STDOUT, NULL, &lcsp) < 0)
 		err(-1, "lch_start %s", argv[1]);
 
 	/*