PERFORCE change 164255 for review
Robert Watson
rwatson at FreeBSD.org
Sat Jun 13 10:04:38 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=164255
Change 164255 by rwatson at rwatson_freebsd_capabilities on 2009/06/13 10:04:01
Remove CAP_SEEK from shared object capabilities passed into
[further] sandboxes -- it isn't required by the linker.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#11 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#11 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#10 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#11 $
*/
#include <sys/param.h>
@@ -54,7 +54,7 @@
#define LIBCAPABILITY_CAPMASK_DEVNULL (CAP_EVENT | CAP_READ | CAP_WRITE)
#define LIBCAPABILITY_CAPMASK_SOCK (CAP_EVENT | CAP_READ | CAP_WRITE)
#define LIBCAPABILITY_CAPMASK_BIN (CAP_READ | CAP_EVENT | CAP_FSTAT | \
- CAP_SEEK | CAP_FSTATFS | \
+ CAP_FSTATFS | \
CAP_FEXECVE | CAP_MMAP | \
CAP_MAPEXEC)
#define LIBCAPABILITY_CAPMASK_SANDBOX LIBCAPABILITY_CAPMASK_BIN
More information about the p4-projects
mailing list