PERFORCE change 163786 for review
Robert Watson
rwatson at FreeBSD.org
Mon Jun 8 14:24:28 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=163786
Change 163786 by rwatson at rwatson_cinnamon on 2009/06/08 14:23:31
If we're going to allow socketpair(2) in sandboxes, also allow
socket(2).
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#18 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/init_sysent.c#31 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/syscalls.c#31 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/systrace_args.c#31 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/syscall.h#31 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/syscall.mk#31 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/sysproto.h#31 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#18 (text+ko) ====
@@ -38,7 +38,7 @@
## - sys_exit(2), abort2(2) and close(2) are very important.
## - Sorted alphabetically, please keep it that way.
##
-## $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#17 $
+## $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#18 $
##
##
@@ -652,8 +652,9 @@
sigwaitinfo
##
-## Allow creating new socket pairs with socketpair(2).
+## Allow creating new socket pairs with socket(2) and socketpair(2).
##
+socket
socketpair
##
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/init_sysent.c#31 (text+ko) ====
@@ -125,7 +125,7 @@
{ 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0 }, /* 94 = setdopt */
{ AS(fsync_args), (sy_call_t *)fsync, AUE_FSYNC, NULL, 0, 0, SYF_CAPENABLED }, /* 95 = fsync */
{ AS(setpriority_args), (sy_call_t *)setpriority, AUE_SETPRIORITY, NULL, 0, 0, SYF_CAPENABLED }, /* 96 = setpriority */
- { AS(socket_args), (sy_call_t *)socket, AUE_SOCKET, NULL, 0, 0, 0 }, /* 97 = socket */
+ { AS(socket_args), (sy_call_t *)socket, AUE_SOCKET, NULL, 0, 0, SYF_CAPENABLED }, /* 97 = socket */
{ AS(connect_args), (sy_call_t *)connect, AUE_CONNECT, NULL, 0, 0, SYF_CAPENABLED }, /* 98 = connect */
{ compat(AS(accept_args),accept), AUE_ACCEPT, NULL, 0, 0, SYF_CAPENABLED }, /* 99 = old accept */
{ AS(getpriority_args), (sy_call_t *)getpriority, AUE_GETPRIORITY, NULL, 0, 0, SYF_CAPENABLED }, /* 100 = getpriority */
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/syscalls.c#31 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/systrace_args.c#31 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/sys/sys/syscall.h#31 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/sys/sys/syscall.mk#31 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/sys/sys/sysproto.h#31 (text+ko) ====
More information about the p4-projects
mailing list