PERFORCE change 134793 for review
Robert Watson
rwatson at FreeBSD.org
Mon Feb 4 10:04:56 PST 2008
http://perforce.freebsd.org/chv.cgi?CH=134793
Change 134793 by rwatson at rwatson_freebsd_capabilities on 2008/02/04 18:04:23
Update comments.
Use ENOTCAPABLE rather than EPERM since expanding capability
rights fails due to a lack of capability rights. We don't
want privilege to be able to override this in the current
thinking.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#13 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#13 (text+ko) ====
@@ -41,7 +41,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#12 $");
+__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#13 $");
#include <sys/param.h>
#include <sys/capability.h>
@@ -211,14 +211,11 @@
* If a new capability is being derived from an existing capability,
* then the new capability rights must be a subset of the existing
* rights.
- *
- * XXXRW: Should we have a priv_check() here that can override this
- * policy?
*/
if (fp->f_type == DTYPE_CAPABILITY) {
c_old = fp->f_data;
if ((c_old->cap_rights | uap->rights) != c_old->cap_rights) {
- error = EPERM;
+ error = ENOTCAPABLE;
goto fail2;
}
}
@@ -232,7 +229,10 @@
/*
* Rather than nesting capabilities, directly reference the object an
- * existing capability references.
+ * existing capability references. There's nothing else interesting
+ * to preserve for future use, as we've incorporated the previous
+ * rights mask into the new one. This prevents us from having to
+ * deal with capability chains.
*/
if (fp->f_type == DTYPE_CAPABILITY)
fp_object = ((struct capability *)fp->f_data)->cap_file;
More information about the p4-projects
mailing list