PERFORCE change 134790 for review
Robert Watson
rwatson at FreeBSD.org
Mon Feb 4 09:00:47 PST 2008
http://perforce.freebsd.org/chv.cgi?CH=134790
Change 134790 by rwatson at rwatson_freebsd_capabilities on 2008/02/04 17:00:10
Remove CAP_AIO since aio_fsync(), aio_read(), and aio_write()
are basically juse fsync(), read(), and write(). Check them
as such.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/vfs_aio.c#5 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#11 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/vfs_aio.c#5 (text+ko) ====
@@ -1412,16 +1412,16 @@
fd = aiocbe->uaiocb.aio_fildes;
switch (opcode) {
case LIO_WRITE:
- error = fget_write(td, fd, CAP_WRITE | CAP_AIO, &fp);
+ error = fget_write(td, fd, CAP_WRITE, &fp);
break;
case LIO_READ:
- error = fget_read(td, fd, CAP_READ | CAP_AIO, &fp);
+ error = fget_read(td, fd, CAP_READ, &fp);
break;
case LIO_SYNC:
- error = fget(td, fd, CAP_FSYNC | CAP_AIO, &fp);
+ error = fget(td, fd, CAP_FSYNC, &fp);
break;
case LIO_NOP:
- error = fget(td, fd, CAP_AIO, &fp);
+ error = fget(td, fd, 0, &fp);
break;
default:
error = EINVAL;
@@ -1799,7 +1799,7 @@
struct vnode *vp;
/* Lookup file object. */
- error = fget(td, uap->fd, CAP_AIO, &fp);
+ error = fget(td, uap->fd, 0, &fp);
if (error)
return (error);
==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#11 (text+ko) ====
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#10 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#11 $
*/
/*
@@ -39,45 +39,44 @@
*/
#define CAP_READ 0x0000000000000001ULL /* read/recv */
#define CAP_WRITE 0x0000000000000002ULL /* write/send */
-#define CAP_SEEK 0x0000000000000008ULL /* lseek, various io */
-#define CAP_GETPEERNAME 0x0000000000000010ULL /* getpeername */
-#define CAP_GETSOCKNAME 0x0000000000000020ULL /* getsockname */
-#define CAP_FCHFLAGS 0x0000000000000040ULL /* fchflags */
-#define CAP_IOCTL 0x0000000000000080ULL /* ioctl */
-#define CAP_FSTAT 0x0000000000000100ULL /* fstat */
-#define CAP_MMAP 0x0000000000000200ULL /* mmap */
-#define CAP_FCNTL 0x0000000000000400ULL /* fcntl */
-#define CAP_EVENT 0x0000000000000800ULL /* select/poll */
-#define CAP_FSYNC 0x0000000000001000ULL /* fsync */
-#define CAP_FCHOWN 0x0000000000002000ULL /* fchown */
-#define CAP_FCHMOD 0x0000000000004000ULL /* fchmod */
-#define CAP_FTRUNCATE 0x0000000000008000ULL /* ftruncate */
-#define CAP_FLOCK 0x0000000000010000ULL /* flock */
-#define CAP_FSTATFS 0x0000000000040000ULL /* fstatfs */
-#define CAP_REVOKE 0x0000000000080000ULL /* revoke */
-#define CAP_FEXECVE 0x0000000000100000ULL /* fexecve */
-#define CAP_FPATHCONF 0x0000000000200000ULL /* fpathconf */
-#define CAP_FUTIMES 0x0000000000400000ULL /* futimes */
-#define CAP_AIO 0x0000000000800000ULL /* aio_* */
-#define CAP_ACL_GET 0x0000000001000000ULL /* acl_get_fd */
-#define CAP_ACL_SET 0x0000000002000000ULL /* acl_set_fd */
-#define CAP_ACL_DELETE 0x0000000004000000ULL /* acl_delete_fd */
-#define CAP_ACL_CHECK 0x0000000008000000ULL /* acl_list_fd */
-#define CAP_EXTATTR_GET 0x0000000010000000ULL /* extattr_get_fd */
-#define CAP_EXTATTR_SET 0x0000000020000000ULL /* extattr_set_fd */
-#define CAP_EXTATTR_DELETE 0x0000000040000000ULL /* extattr_delete_fd */
-#define CAP_EXTATTR_LIST 0x0000000080000000ULL /* extattr_list_fd */
-#define CAP_MAC_GET 0x0000000100000000ULL /* mac_get_fd */
-#define CAP_MAC_SET 0x0000000200000000ULL /* mac_set_fd */
-#define CAP_ACCEPT 0x0000000400000000ULL /* accept */
-#define CAP_CONNECT 0x0000000800000000ULL /* connect/sendto */
-#define CAP_BIND 0x0000001000000000ULL /* bind */
-#define CAP_GETSOCKOPT 0x0000002000000000ULL /* getsockopt */
-#define CAP_SETSOCKOPT 0x0000004000000000ULL /* setsockopt */
-#define CAP_LISTEN 0x0000008000000000ULL /* listen */
-#define CAP_SHUTDOWN 0x0000010000000000ULL /* shutdown */
-#define CAP_PEELOFF 0x0000020000000000ULL /* sctp_peeloff */
-#define CAP_MASK_VALID 0x000003fffffdfffbULL
+#define CAP_SEEK 0x0000000000000004ULL /* lseek, various io */
+#define CAP_GETPEERNAME 0x0000000000000008ULL /* getpeername */
+#define CAP_GETSOCKNAME 0x0000000000000010ULL /* getsockname */
+#define CAP_FCHFLAGS 0x0000000000000020ULL /* fchflags */
+#define CAP_IOCTL 0x0000000000000040ULL /* ioctl */
+#define CAP_FSTAT 0x0000000000000080ULL /* fstat */
+#define CAP_MMAP 0x0000000000000100ULL /* mmap */
+#define CAP_FCNTL 0x0000000000000200ULL /* fcntl */
+#define CAP_EVENT 0x0000000000000400ULL /* select/poll */
+#define CAP_FSYNC 0x0000000000000800ULL /* fsync */
+#define CAP_FCHOWN 0x0000000000001000ULL /* fchown */
+#define CAP_FCHMOD 0x0000000000002000ULL /* fchmod */
+#define CAP_FTRUNCATE 0x0000000000004000ULL /* ftruncate */
+#define CAP_FLOCK 0x0000000000008000ULL /* flock */
+#define CAP_FSTATFS 0x0000000000010000ULL /* fstatfs */
+#define CAP_REVOKE 0x0000000000020000ULL /* revoke */
+#define CAP_FEXECVE 0x0000000000040000ULL /* fexecve */
+#define CAP_FPATHCONF 0x0000000000080000ULL /* fpathconf */
+#define CAP_FUTIMES 0x0000000000100000ULL /* futimes */
+#define CAP_ACL_GET 0x0000000000200000ULL /* acl_get_fd */
+#define CAP_ACL_SET 0x0000000000400000ULL /* acl_set_fd */
+#define CAP_ACL_DELETE 0x0000000000800000ULL /* acl_delete_fd */
+#define CAP_ACL_CHECK 0x0000000001000000ULL /* acl_list_fd */
+#define CAP_EXTATTR_GET 0x0000000002000000ULL /* extattr_get_fd */
+#define CAP_EXTATTR_SET 0x0000000004000000ULL /* extattr_set_fd */
+#define CAP_EXTATTR_DELETE 0x0000000008000000ULL /* extattr_delete_fd */
+#define CAP_EXTATTR_LIST 0x0000000010000000ULL /* extattr_list_fd */
+#define CAP_MAC_GET 0x0000000020000000ULL /* mac_get_fd */
+#define CAP_MAC_SET 0x0000000040000000ULL /* mac_set_fd */
+#define CAP_ACCEPT 0x0000000080000000ULL /* accept */
+#define CAP_CONNECT 0x0000000100000000ULL /* connect/sendto */
+#define CAP_BIND 0x0000000200000000ULL /* bind */
+#define CAP_GETSOCKOPT 0x0000000400000000ULL /* getsockopt */
+#define CAP_SETSOCKOPT 0x0000000800000000ULL /* setsockopt */
+#define CAP_LISTEN 0x0000001000000000ULL /* listen */
+#define CAP_SHUTDOWN 0x0000002000000000ULL /* shutdown */
+#define CAP_PEELOFF 0x0000004000000000ULL /* sctp_peeloff */
+#define CAP_MASK_VALID 0x0000007fffffffffULL
/*
* Notes:
@@ -92,9 +91,6 @@
*
* CAP_EVENT covers select, poll, and kqueue registration for a capability.
*
- * CAP_AIO is combined with other capabilities to authorize specific AIO
- * operations, such as AIO_READ. aio_cancel just requires CAP_AIO.
- *
* sendfile is authorized using CAP_READ on the file and CAP_WRITE on the
* socket.
*
More information about the p4-projects
mailing list