PERFORCE change 164565 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=164565

Change 164565 by rwatson at rwatson_freebsd_capabilities on 2009/06/17 11:04:03

	Rather than using a special binary name to get to the sandbox
	workloop when gzip runs, define 'cap_main' as the work loop
	function, and compile with -rdynamic so that the symbol is
	visible to rtld.  This means that the sandbox component of the
	gzip binary is the only thing that runs in sandbox mode, but
	that the same binary is used for both environments.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/Makefile#3 edit
.. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzip.c#5 edit
.. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzip.h#1 add
.. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzsandbox.c#2 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/Makefile#3 (text+ko) ====

@@ -10,6 +10,7 @@
 DPADD=		${LIBZ} ${LIBCAPABILITY}
 LDADD=		-lz -lcapability
 WARNS?=		6
+CFLAGS+=	-rdynamic			# For sandbox cap_main
 
 .if ${MK_BZIP2_SUPPORT} != "no"
 DPADD+=		${LIBBZ2}

==== //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzip.c#5 (text+ko) ====

@@ -304,8 +304,6 @@
 	else if (strcmp(progname, "zcat") == 0 ||
 		 strcmp(progname, "gzcat") == 0)
 		dflag = cflag = 1;
-	else if (strcmp(progname, "gzip_sandbox") == 0)
-		sandbox_workloop();
 
 #ifdef SMALL
 #define OPT_LIST "123456789cdhltV"

==== //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzsandbox.c#2 (text+ko) ====

@@ -48,7 +48,7 @@
 
 #include "gzip.h"
 
-#define	LC_USR_BIN_GZIP_SANDBOX	"/usr/bin/gzip_sandbox"
+#define	LC_USR_BIN_GZIP_SANDBOX	"/usr/bin/gzip"
 static char *lc_sandbox_argv[] = { __DECONST(char *, LC_USR_BIN_GZIP_SANDBOX),
 				    NULL };
 
@@ -243,8 +243,9 @@
 		    filename));
 }
 
+
 int
-sandbox_workloop(void)
+cap_main(__unused int argc, __unused char *argv[])
 {
 	int fdarray[2], fdcount;
 	struct lc_host *lchp;