PERFORCE change 163770 for review
Robert Watson
rwatson at FreeBSD.org
Mon Jun 8 09:18:15 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=163770
Change 163770 by rwatson at rwatson_freebsd_capabilities on 2009/06/08 09:17:47
Add a few more utility libraries necessary to run common binaries
for experimentation purposes. Finish expunging LDSO_MODE, we always
use rtld-elf-cap.so now.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/Makefile#2 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/cap_exec.c#6 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/Makefile#2 (text+ko) ====
@@ -1,5 +1,5 @@
PROG=cap_exec
NO_MAN=
-CFLAGS=-Wall -g -DLDSO_MODE
+CFLAGS=-Wall -g
.include <bsd.prog.mk>
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/cap_exec.c#6 (text+ko) ====
@@ -47,7 +47,6 @@
extern char **environ;
-#ifdef LDSO_MODE
#define LD_ELF_CAP_SO "/libexec/ld-elf-cap.so.1"
char *ldso_argv[] = {
LD_ELF_CAP_SO,
@@ -55,8 +54,11 @@
};
#define LIBC_SO "libc.so.7"
+#define LIBEDIT_SO "libedit.so.6"
+#define LIBNCURSES_SO "libncurses.so.7"
+#define LIBCRYPT_SO "libcrypt.so.4"
+
#define LIBPATH "/lib/"
-#endif
#define BASE_CAPS (CAP_IOCTL | CAP_EVENT | CAP_SEEK | CAP_FSTAT)
#define STDIN_CAPS (BASE_CAPS | CAP_READ)
@@ -95,7 +97,8 @@
int
main(int argc, char *argv[])
{
- int fd_exec, fd_ldso, fd_libc, fd_procdesc;
+ int fd_exec, fd_ldso, fd_procdesc;
+ int fd_libc, fd_libcrypt, fd_libedit, fd_libncurses;
char *env_caplibindex;
struct pollfd pollfd;
pid_t pid;
@@ -128,8 +131,19 @@
if (fcntl(fd_ldso, F_SETFD, FD_CLOEXEC) < 0)
err(-1, "fcntl FD_CLOEXEC");
fd_libc = cap_open_limit(LIBPATH LIBC_SO, O_RDONLY, BIN_CAPS);
- if (asprintf(&env_caplibindex, "%d:%s", fd_libc, LIBC_SO) ==
- -1)
+ fd_libcrypt = cap_open_limit(LIBPATH LIBCRYPT_SO,
+ O_RDONLY, BIN_CAPS);
+ fd_libedit = cap_open_limit(LIBPATH LIBEDIT_SO, O_RDONLY,
+ BIN_CAPS);
+ fd_libncurses = cap_open_limit(LIBPATH LIBNCURSES_SO,
+ O_RDONLY, BIN_CAPS);
+
+ if (asprintf(&env_caplibindex, "%d:%s,%d:%s,%d:%s,%d:%s",
+ fd_libc, LIBC_SO,
+ fd_libcrypt, LIBCRYPT_SO,
+ fd_libedit, LIBEDIT_SO,
+ fd_libncurses, LIBNCURSES_SO
+ ) == -1)
err(-1, "asprintf");
setenv("LD_CAPLIBINDEX", env_caplibindex, 1);
More information about the p4-projects
mailing list