PERFORCE change 164035 for review
Robert Watson
rwatson at FreeBSD.org
Wed Jun 10 19:30:04 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=164035
Change 164035 by rwatson at rwatson_freebsd_capabilities on 2009/06/10 19:29:57
Continue agent -> sandbox rename.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/Makefile#6 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#5 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.c#5 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#7 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#6 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox_api.h#2 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/Makefile#6 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#5 (text+ko) ====
@@ -47,27 +47,27 @@
.Ft int
.Fn lc_limitfd "int fd" "cap_rights_t rights"
.Ft int
-.Fn lch_start "const char *agent" "char *const argv[]" "struct lc_agent **lcap"
+.Fn lch_start "const char *sandbox" "char *const argv[]" "struct lc_sandbox **lcap"
.Ft void
-.Fn lch_stop "struct lc_agent *lcap"
+.Fn lch_stop "struct lc_sandbox *lcap"
.Ft int
-.Fn lch_getsock "struct lc_agent *lcap" "int *fdp"
+.Fn lch_getsock "struct lc_sandbox *lcap" "int *fdp"
.Ft int
-.Fn lch_getpid "struct lc_agent *lcap" "pid_t *pidp"
+.Fn lch_getpid "struct lc_sandbox *lcap" "pid_t *pidp"
.Ft int
-.Fn lch_getprocdesc "struct lc_agent *lcap" "int *fdp"
+.Fn lch_getprocdesc "struct lc_sandbox *lcap" "int *fdp"
.Ft ssize_t
-.Fn lch_recv "struct lc_agent *lcap, void *buf" "size_t len" "int flags"
+.Fn lch_recv "struct lc_sandbox *lcap, void *buf" "size_t len" "int flags"
.Ft ssize_t
-.Fn lch_send "struct lc_agent *lcap" "const void *msg" "size_t len" "int flags"
+.Fn lch_send "struct lc_sandbox *lcap" "const void *msg" "size_t len" "int flags"
.Ft int
-.Fn lca_get "struct lc_host **lchpp"
+.Fn lcs_get "struct lc_host **lchpp"
.Ft int
-.Fn lca_getsock "struct lc_host *lchp" "int *fdp"
+.Fn lcs_getsock "struct lc_host *lchp" "int *fdp"
.Ft ssize_t
-.Fn lca_recv "struct lc_host *lchp" "void *buf" "size_t len" "int flags"
+.Fn lcs_recv "struct lc_host *lchp" "void *buf" "size_t len" "int flags"
.Ft ssize_t
-.Fn lca_send "struct lc_host *lchp" "const void *msg" "size_t len" "int flags"
+.Fn lcs_send "struct lc_host *lchp" "const void *msg" "size_t len" "int flags"
.Sh DESCRIPTION
The
.Nm
@@ -76,25 +76,25 @@
.Sh HOST API
The
.Nm
-host API allows processes to start, stop, and manage agents running in
+host API allows processes to start, stop, and manage sandboxs running in
capability mode.
Host API functions can be identified by their function name prefix,
.Dv lch_ .
.Pp
-Each executing agent instance is described by an opaque
-.Dt "struct lc_agent" ,
+Each executing sandbox instance is described by an opaque
+.Dt "struct lc_sandbox" ,
which is returned by
.Fn lch_start
-for successfully started agents, and passed into other APIs to indicate which
-agent should be acted on.
+for successfully started sandboxs, and passed into other APIs to indicate which
+sandbox should be acted on.
.Fn lch_start
-creates a new executing agent, given the name of the agent binary via
-.Va agent .
-Executing agents may be stopped (and state freed) using
+creates a new executing sandbox, given the name of the sandbox binary via
+.Va sandbox .
+Executing sandboxs may be stopped (and state freed) using
.Fn lch_stop .
.Pp
-Properties of the agent, such as the socket used to communicate with it,
-the proces descriptor for the agent process, and the pid, may be queried
+Properties of the sandbox, such as the socket used to communicate with it,
+the proces descriptor for the sandbox process, and the pid, may be queried
using
.Fn lch_getsock ,
.Fn lch_getprocdesc ,
@@ -108,32 +108,32 @@
.Xr recv 2
and
.Xr send 2
-to avoid agent consumers from having to query agent socket file descriptors
+to avoid sandbox consumers from having to query sandbox socket file descriptors
before use.
-.Sh AGENT API
+.Sh SANDBOX API
The
.Nm
-agent API allows agent processes to interact with their host process.
-Agent API functions can be identified by their function name prefix,
-.Dv lca_ .
+sandbox API allows sandbox processes to interact with their host process.
+Sandbox API functions can be identified by their function name prefix,
+.Dv lcs_ .
.Pp
-Each executing agent will have a single corresponding host instance,
+Each executing sandbox will have a single corresponding host instance,
described by an opaque
.Dt "struct lc_host" ,
which is returned by
-.Fn lca_get .
+.Fn lcs_get .
.Pp
The socket for the host may be queried using
-.Fn lca_getsock .
+.Fn lcs_getsock .
.Pp
-.Fn lca_recv
+.Fn lcs_recv
and
-.Fn lca_send
+.Fn lcs_send
provide simple wrappers around
.Xr recv 2
and
.Xr send 2
-to avoid agents having to query host socket file descriptors before use.
+to avoid sandboxs having to query host socket file descriptors before use.
.Sh SEE ALSO
.Xr cap_enter 2
.Xr cap_new 2
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.c#5 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.c#4 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.c#5 $
*/
#include <sys/types.h>
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#7 (text+ko) ====
@@ -30,13 +30,13 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#6 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#7 $
*/
#ifndef _LIBCAPABILITY_H_
#define _LIBCAPABILITY_H_
-struct lc_agent;
+struct lc_sandbox;
struct lc_host;
/*
@@ -45,33 +45,33 @@
int lc_limitfd(int fd, cap_rights_t rights);
/*
- * Interfaces to start and stop capability mode agents.
+ * Interfaces to start and stop capability mode sandboxs.
*/
-int lch_start(const char *agent, char *const argv[],
- struct lc_agent **lcapp);
-void lch_stop(struct lc_agent *lcap);
+int lch_start(const char *sandbox, char *const argv[],
+ struct lc_sandbox **lcapp);
+void lch_stop(struct lc_sandbox *lcap);
/*
- * Interfaces to query state about capability mode agents.
+ * Interfaces to query state about capability mode sandboxs.
*/
-int lch_getsock(struct lc_agent *lcap, int *fdp);
-int lch_getpid(struct lc_agent *lcap, pid_t *pidp);
-int lch_getprocdesc(struct lc_agent *lcap, int *fdp);
+int lch_getsock(struct lc_sandbox *lcap, int *fdp);
+int lch_getpid(struct lc_sandbox *lcap, pid_t *pidp);
+int lch_getprocdesc(struct lc_sandbox *lcap, int *fdp);
/*
- * I/O interfaces for capability mode agents.
+ * I/O interfaces for capability mode sandboxs.
*/
-ssize_t lch_recv(struct lc_agent *lcap, void *buf, size_t len, int flags);
-ssize_t lch_send(struct lc_agent *lcap, const void *msg, size_t len,
+ssize_t lch_recv(struct lc_sandbox *lcap, void *buf, size_t len, int flags);
+ssize_t lch_send(struct lc_sandbox *lcap, const void *msg, size_t len,
int flags);
/*
- * Capability mode agent APIs.
+ * Capability mode sandbox APIs.
*/
-int lca_get(struct lc_host **lchpp);
-int lca_getsock(struct lc_host *lchp, int *fdp);
-ssize_t lca_recv(struct lc_host *lchp, void *buf, size_t len, int flags);
-ssize_t lca_send(struct lc_host *lchp, const void *msg, size_t len,
+int lcs_get(struct lc_host **lchpp);
+int lcs_getsock(struct lc_host *lchp, int *fdp);
+ssize_t lcs_recv(struct lc_host *lchp, void *buf, size_t len, int flags);
+ssize_t lcs_send(struct lc_host *lchp, const void *msg, size_t len,
int flags);
#endif /* !_LIBCAPABILITY_H_ */
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#6 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#5 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#6 $
*/
#include <sys/types.h>
@@ -47,7 +47,7 @@
#include <unistd.h>
#include "libcapability.h"
-#include "libcapability_agent_api.h"
+#include "libcapability_sandbox_api.h"
#define LIBCAPABILITY_CAPMASK_DEVNULL (CAP_EVENT | CAP_READ | CAP_WRITE)
#define LIBCAPABILITY_CAPMASK_SOCK (CAP_EVENT | CAP_READ | CAP_WRITE)
@@ -55,7 +55,7 @@
CAP_SEEK | CAP_FSTATFS | \
CAP_FEXECVE | CAP_MMAP | \
CAP_MAPEXEC)
-#define LIBCAPABILITY_CAPMASK_AGENT LIBCAPABILITY_CAPMASK_BIN
+#define LIBCAPABILITY_CAPMASK_SANDBOX LIBCAPABILITY_CAPMASK_BIN
#define LIBCAPABILITY_CAPMASK_LDSO LIBCAPABILITY_CAPMASK_BIN
#define LIBCAPABILITY_CAPMASK_LIBC LIBCAPABILITY_CAPMASK_BIN
#define LIBCAPABILITY_CAPMASK_LIBZ LIBCAPABILITY_CAPMASK_BIN
@@ -74,10 +74,10 @@
int closefrom(int lowfd);
-struct lc_agent {
- int lca_fd_sock;
- int lca_fd_procdesc;
- pid_t lca_pid;
+struct lc_sandbox {
+ int lcs_fd_sock;
+ int lcs_fd_procdesc;
+ pid_t lcs_pid;
};
/*
@@ -139,10 +139,10 @@
}
static void
-lch_agent(int fd_sock, int fd_agent, int fd_ldso, int fd_libc, int fd_libz,
- char *const argv[])
+lch_sandbox(int fd_sock, int fd_sandbox, int fd_ldso, int fd_libc,
+ int fd_libz, char *const argv[])
{
- char *env_caplibindex, *env_libcapability_agent_api;
+ char *env_caplibindex, *env_libcapability_sandbox_api;
int fd_array[8], fd_devnull;
fd_devnull = open(_PATH_DEVNULL, O_RDWR);
@@ -151,7 +151,7 @@
if (lc_limitfd(fd_devnull, LIBCAPABILITY_CAPMASK_DEVNULL) < 0)
return;
- if (lc_limitfd(fd_agent, LIBCAPABILITY_CAPMASK_AGENT) < 0)
+ if (lc_limitfd(fd_sandbox, LIBCAPABILITY_CAPMASK_SANDBOX) < 0)
return;
if (lc_limitfd(fd_sock, LIBCAPABILITY_CAPMASK_SOCK) < 0)
return;
@@ -165,7 +165,7 @@
fd_array[0] = fd_devnull;
fd_array[1] = fd_devnull;
fd_array[2] = fd_devnull;
- fd_array[3] = fd_agent;
+ fd_array[3] = fd_sandbox;
fd_array[4] = fd_sock;
fd_array[5] = fd_ldso;
fd_array[6] = fd_libc;
@@ -188,13 +188,13 @@
* Make sure that libcapability in the sandbox knows that its API
* assumptions hold.
*/
- if (asprintf(&env_libcapability_agent_api, "%s:%d",
- LIBCAPABILITY_AGENT_API_SOCK, 4) == -1)
+ if (asprintf(&env_libcapability_sandbox_api, "%s:%d",
+ LIBCAPABILITY_SANDBOX_API_SOCK, 4) == -1)
return;
- if (setenv(LIBCAPABILITY_AGENT_API_ENV, env_libcapability_agent_api,
- 1) == -1)
+ if (setenv(LIBCAPABILITY_SANDBOX_API_ENV,
+ env_libcapability_sandbox_api, 1) == -1)
return;
- free(env_libcapability_agent_api);
+ free(env_libcapability_sandbox_api);
if (cap_enter() < 0)
return;
@@ -203,14 +203,15 @@
}
int
-lch_start(const char *agent, char *const argv[], struct lc_agent **lcapp)
+lch_start(const char *sandbox, char *const argv[], struct lc_sandbox **lcapp)
{
- struct lc_agent *lcap;
- int fd_agent, fd_ldso, fd_libc, fd_libz, fd_procdesc, fd_sockpair[2];
+ struct lc_sandbox *lcap;
+ int fd_sandbox, fd_ldso, fd_libc, fd_libz, fd_procdesc;
+ int fd_sockpair[2];
int error, val;
pid_t pid;
- fd_agent = fd_ldso = fd_libc = fd_libz = fd_procdesc =
+ fd_sandbox = fd_ldso = fd_libc = fd_libz = fd_procdesc =
fd_sockpair[0] = fd_sockpair[1] = -1;
lcap = malloc(sizeof(*lcap));
@@ -218,9 +219,9 @@
return (-1);
bzero(lcap, sizeof(*lcap));
- /* Try the agent first so that ENOENT most likely refers to it. */
- fd_agent = open(agent, O_RDONLY);
- if (fd_agent < 0)
+ /* Try the sandbox first so that ENOENT most likely refers to it. */
+ fd_sandbox = open(sandbox, O_RDONLY);
+ if (fd_sandbox < 0)
goto out_error;
fd_ldso = open(LD_ELF_CAP_SO, O_RDONLY);
@@ -251,19 +252,19 @@
goto out_error;
}
if (pid == 0) {
- lch_agent(fd_sockpair[1], fd_agent, fd_ldso, fd_libc,
+ lch_sandbox(fd_sockpair[1], fd_sandbox, fd_ldso, fd_libc,
fd_libz, argv);
exit(-1);
}
close(fd_libz);
close(fd_libc);
close(fd_ldso);
- close(fd_agent);
+ close(fd_sandbox);
close(fd_sockpair[1]);
- lcap->lca_fd_procdesc = fd_procdesc;
- lcap->lca_fd_sock = fd_sockpair[0];
- lcap->lca_pid = pid;
+ lcap->lcs_fd_procdesc = fd_procdesc;
+ lcap->lcs_fd_sock = fd_sockpair[0];
+ lcap->lcs_pid = pid;
*lcapp = lcap;
return (0);
@@ -280,8 +281,8 @@
close(fd_libc);
if (fd_ldso != -1)
close(fd_ldso);
- if (fd_agent != -1)
- close(fd_agent);
+ if (fd_sandbox != -1)
+ close(fd_sandbox);
if (lcap != NULL)
free(lcap);
errno = error;
@@ -289,37 +290,37 @@
}
void
-lch_stop(struct lc_agent *lcap)
+lch_stop(struct lc_sandbox *lcap)
{
- close(lcap->lca_fd_sock);
- close(lcap->lca_fd_procdesc);
- lcap->lca_fd_sock = -1;
- lcap->lca_fd_procdesc = -1;
- lcap->lca_pid = -1;
+ close(lcap->lcs_fd_sock);
+ close(lcap->lcs_fd_procdesc);
+ lcap->lcs_fd_sock = -1;
+ lcap->lcs_fd_procdesc = -1;
+ lcap->lcs_pid = -1;
}
int
-lch_getsock(struct lc_agent *lcap, int *fdp)
+lch_getsock(struct lc_sandbox *lcap, int *fdp)
{
- *fdp = lcap->lca_fd_sock;
+ *fdp = lcap->lcs_fd_sock;
return (0);
}
int
-lch_getpid(struct lc_agent *lcap, pid_t *pidp)
+lch_getpid(struct lc_sandbox *lcap, pid_t *pidp)
{
- *pidp = lcap->lca_pid;
+ *pidp = lcap->lcs_pid;
return (0);
}
int
-lch_getprocdesc(struct lc_agent *lcap, int *fdp)
+lch_getprocdesc(struct lc_sandbox *lcap, int *fdp)
{
- *fdp = lcap->lca_fd_procdesc;
+ *fdp = lcap->lcs_fd_procdesc;
return (0);
}
@@ -328,25 +329,25 @@
* on the worker should take place here.
*/
ssize_t
-lch_send(struct lc_agent *lcap, const void *msg, size_t len, int flags)
+lch_send(struct lc_sandbox *lcap, const void *msg, size_t len, int flags)
{
- if (lcap->lca_fd_sock == -1 ||
- lcap->lca_fd_sock == 0) {
+ if (lcap->lcs_fd_sock == -1 ||
+ lcap->lcs_fd_sock == 0) {
errno = ESRCH;
return (-1);
}
- return (send(lcap->lca_fd_sock, msg, len, flags));
+ return (send(lcap->lcs_fd_sock, msg, len, flags));
}
ssize_t
-lch_recv(struct lc_agent *lcap, void *buf, size_t len, int flags)
+lch_recv(struct lc_sandbox *lcap, void *buf, size_t len, int flags)
{
- if (lcap->lca_fd_sock == -1 ||
- lcap->lca_fd_sock == 0) {
+ if (lcap->lcs_fd_sock == -1 ||
+ lcap->lcs_fd_sock == 0) {
errno = ESRCH;
return (-1);
}
- return (recv(lcap->lca_fd_sock, buf, len, flags));
+ return (recv(lcap->lcs_fd_sock, buf, len, flags));
}
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox.c#2 (text+ko) ====
@@ -44,7 +44,7 @@
#include <string.h>
#include "libcapability.h"
-#include "libcapability_agent_api.h"
+#include "libcapability_sandbox_api.h"
struct lc_host {
int lch_fd_sock;
@@ -54,7 +54,7 @@
static struct lc_host lch_global;
int
-lca_get(struct lc_host **lchpp)
+lcs_get(struct lc_host **lchpp)
{
char *endp, *env, *env_dup, *env_dup_free, *name, *token, *value;
long long ll;
@@ -65,7 +65,7 @@
return (0);
}
- env = getenv(LIBCAPABILITY_AGENT_API_ENV);
+ env = getenv(LIBCAPABILITY_SANDBOX_API_ENV);
if (env == NULL) {
errno = EINVAL; /* XXXRW: Better errno? */
return (-1);
@@ -81,7 +81,7 @@
value = strsep(&token, ":");
if (value == NULL)
continue;
- if (strcmp(name, LIBCAPABILITY_AGENT_API_SOCK) == 0) {
+ if (strcmp(name, LIBCAPABILITY_SANDBOX_API_SOCK) == 0) {
ll = strtoll(value, &endp, 10);
if (*endp != '\0' || ll < 0 || ll > INT_MAX)
continue;
@@ -96,7 +96,7 @@
}
int
-lca_getsock(struct lc_host *lchp, int *fdp)
+lcs_getsock(struct lc_host *lchp, int *fdp)
{
*fdp = lchp->lch_fd_sock;
@@ -104,14 +104,14 @@
}
ssize_t
-lca_recv(struct lc_host *lchp, void *buf, size_t len, int flags)
+lcs_recv(struct lc_host *lchp, void *buf, size_t len, int flags)
{
return (recv(lchp->lch_fd_sock, buf, len, flags));
}
ssize_t
-lca_send(struct lc_host *lchp, const void *msg, size_t len, int flags)
+lcs_send(struct lc_host *lchp, const void *msg, size_t len, int flags)
{
return (send(lchp->lch_fd_sock, msg, len, flags));
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox_api.h#2 (text+ko) ====
@@ -30,17 +30,17 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox_api.h#1 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_sandbox_api.h#2 $
*/
-#ifndef _LIBCAPABILITY_AGENT_API_H_
-#define _LIBCAPABILITY_AGENT_API_H_
+#ifndef _LIBCAPABILITY_SANDBOX_API_H_
+#define _LIBCAPABILITY_SANDBOX_API_H_
/*
- * This include file captures the assumptions libcapability agents will make
- * about the runtime environment set up by libcapability hosts.
+ * This include file captures the assumptions libcapability sandboxs will
+ * make about the runtime environment set up by libcapability hosts.
*/
-#define LIBCAPABILITY_AGENT_API_ENV "LIBCAPABILITY_AGENT"
-#define LIBCAPABILITY_AGENT_API_SOCK "sock"
+#define LIBCAPABILITY_SANDBOX_API_ENV "LIBCAPABILITY_SANDBOX"
+#define LIBCAPABILITY_SANDBOX_API_SOCK "sock"
#endif /* !_LIBCAPABILITY_H_ */
More information about the p4-projects
mailing list