PERFORCE change 174184 for review
Robert Watson
rwatson at FreeBSD.org
Tue Feb 2 19:58:06 UTC 2010
http://p4web.freebsd.org/chv.cgi?CH=174184
Change 174184 by rwatson at rwatson_vimage_client on 2010/02/02 19:57:54
Update a number of regression tests, some to the point of
workingness, for the new world order.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/fdlist/fdlist.c#9 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/fdrpc/fdrpc.c#8 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/fdsendrecv/fdsendrecv.c#5 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_echo/sandbox_echo.c#12 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_world/sandbox_world.c#7 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/fdlist/fdlist.c#9 (text+ko) ====
@@ -56,69 +56,44 @@
int
main(int argc, char *argv[])
{
+ struct lc_fdlist *lfp;
+ int testfd;
+
printf("fdlist: PID %d\n", getpid());
- /* create a shared memory segment for FDs */
- int shmfd = shm_open(SHM_ANON, O_RDWR, 0600);
- if (shmfd < 0)
- err(-1, "Error opening shared memory");
-
-
/* create an FD list and add some junk to it */
- struct lc_fdlist *lfp = lc_fdlist_new();
- if (lfp == NULL) err(-1, "Error in lc_fdlist_new()");
+ lfp = lc_fdlist_new();
+ if (lfp == NULL)
+ err(-1, "lc_fdlist_new()");
- lc_fdlist_addcap(lfp, "org.freebsd.Capsicum.fdlist", "stdin", "",
+ lc_fdlist_addcap(lfp, "org.freebsd.test.fdlist", "stdin", "",
0, CAP_READ);
- lc_fdlist_addcap(lfp, "org.freebsd.Capsicum.fdlist", "stdout", "",
+ lc_fdlist_addcap(lfp, "org.freebsd.test.fdlist", "stdout", "",
1, CAP_WRITE | CAP_SEEK);
- lc_fdlist_addcap(lfp, "org.freebsd.Capsicum.fdlist", "stderr", "",
+ lc_fdlist_addcap(lfp, "org.freebsd.test.fdlist", "stderr", "",
2, CAP_WRITE | CAP_SEEK);
- lc_fdlist_add(lfp, "org.freebsd.Capsicum.fdlist", "testfile",
+ lc_fdlist_add(lfp, "org.freebsd.test.fdlist", "testfile",
"/etc/passwd", open("/etc/passwd", O_RDONLY));
- lc_fdlist_addcap(lfp, "org.freebsd.Capsicum.fdlist", "testfile",
+ lc_fdlist_addcap(lfp, "org.freebsd.test.fdlist", "testfile",
"/etc/group", open("/etc/group", O_RDONLY), CAP_READ);
- lc_fdlist_add(lfp, "org.freebsd.Capsicum.fdlist", "fdlist",
- "<anonymous POSIX SHM>", shmfd);
-
- print_fdlist(lfp);
-
- printf("Reordering FDs...\n");
- if (lc_fdlist_reorder(lfp))
- err(-1, "lc_fdlist_reorder(lfp) failed");
print_fdlist(lfp);
-
char *name;
- if (lc_fdlist_lookup(lfp, "org.freebsd.Capsicum.fdlist", "fdlist",
- &name, &shmfd, NULL) < 0) {
- err(-1, "Error in lc_fdlist_lookup()");
+ if (lc_fdlist_lookup(lfp, "org.freebsd.test.fdlist", "stdin",
+ &name, &testfd, NULL) < 0) {
+ err(-1, "lc_fdlist_lookup: can't find stdin");
}
- int size = lc_fdlist_size(lfp);
- if (ftruncate(shmfd, size) < 0)
- err(-1, "Error truncating shmfd");
-
- void *shm = mmap(NULL, size, PROT_READ | PROT_WRITE,
- MAP_NOSYNC | MAP_SHARED, shmfd, 0);
-
- if (shm == MAP_FAILED)
- err(-1, "Error mmap'ing shared memory");
-
-
- memcpy(shm, lfp, lc_fdlist_size(lfp));
-
-
printf("Starting sandbox...\n");
-
/* run sandbox */
int me = open(argv[0], O_RDONLY);
- if (me < 0) err(-1, "Error opening my own binary, '%s'", argv[0]);
+ if (me < 0)
+ err(-1, "Error opening my own binary, '%s'", argv[0]);
char *sargv[] = { "fdlist-sandbox", NULL };
struct lc_sandbox *sandbox;
@@ -134,7 +109,8 @@
-int cap_main(__unused int argc, __unused char *argv[])
+int
+cap_main(__unused int argc, __unused char *argv[])
{
printf("cap_main() alive\n"); fflush(stdout);
@@ -157,9 +133,8 @@
return 0;
}
-
-
-void print_fdlist(struct lc_fdlist* lfp)
+void
+print_fdlist(struct lc_fdlist* lfp)
{
int pos = 0;
char *subsystem;
@@ -173,4 +148,3 @@
pos, subsystem, class, name, fd);
}
}
-
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/fdrpc/fdrpc.c#8 (text+ko) ====
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2009 Robert N. M. Watson
+ * Copyright (c) 2009-2010 Robert N. M. Watson
* All rights reserved.
*
* WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
@@ -71,7 +71,8 @@
/*
* Create a sandbox, do permit access to stderr.
*/
- if (lch_start(FDRPC_SANDBOX, fdrpc_argv, LCH_PERMIT_STDERR, &lcsp) < 0)
+ if (lch_start(FDRPC_SANDBOX, fdrpc_argv, LCH_PERMIT_STDERR, NULL,
+ &lcsp) < 0)
err(-1, "lch_start %s", FDRPC_SANDBOX);
/*
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/fdsendrecv/fdsendrecv.c#5 (text+ko) ====
@@ -60,7 +60,7 @@
errx(-1, "usage: fdsendrecv_host");
if (lch_start(FDSENDRECV_SANDBOX, fdsendrecv_argv, LCH_PERMIT_STDERR,
- &lcsp) < 0)
+ NULL, &lcsp) < 0)
err(-1, "lch_start %s", FDSENDRECV_SANDBOX);
/*
@@ -79,7 +79,8 @@
if (fdcount == 1)
printf("lch_recv_rights: OK\n");
else
- printf("lch_recv_rights: fdcount %d\n", fdcount);
+ printf("lch_recv_rights: fdcount %d: %d %d\n", fdcount,
+ fdarray[0], fdarray[1]);
lch_stop(lcsp);
}
@@ -97,14 +98,17 @@
while (1) {
fdcount = 2;
+ fdarray[0] = fdarray[1] = -1;
len = lcs_recv_rights(lchp, &ch, sizeof(ch), MSG_WAITALL,
fdarray, &fdcount);
if (len < 0)
err(-1, "lcs_recv_rights");
if (len != sizeof(ch))
errx(-1, "lcs_recv_rights: len %d", len);
+ fflush(stdout);
if (fdcount != 1)
- errx(-1, "lcs_recv_rights: fdcount %d", fdcount);
+ errx(-1, "lcs_recv_rights: fdcount %d: %d %d",
+ fdcount, fdarray[0], fdarray[1]);
len = lcs_send_rights(lchp, &ch, sizeof(ch), 0, fdarray,
fdcount);
if (len < 0)
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_echo/sandbox_echo.c#12 (text+ko) ====
@@ -61,7 +61,7 @@
errx(-1, "usage: sandbox_echo");
if (lch_start(MYNAME, sandbox_argv,
- LCH_PERMIT_STDOUT | LCH_PERMIT_STDERR, &lcsp) < 0)
+ LCH_PERMIT_STDOUT | LCH_PERMIT_STDERR, NULL, &lcsp) < 0)
err(-1, "lch_start %s", argv[1]);
for (i = 0; i < 10; i++) {
@@ -107,7 +107,7 @@
err(-10, "ld_libcache_lookup(%s)", MYNAME);
if (lch_startfd(fd, MYNAME, sandbox_argv, LCH_PERMIT_STDERR,
- &lcsp) < 0)
+ NULL, &lcsp) < 0)
err(-1, "lch_startfd %s", argv[1]);
while (1) {
if (lcs_recvrpc(lchp, &opno, &seqno, &buffer, &len)
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_world/sandbox_world.c#7 (text+ko) ====
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2009 Robert N. M. Watson
+ * Copyright (c) 2009-2010 Robert N. M. Watson
* All rights reserved.
*
* WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
@@ -72,7 +72,7 @@
* Create a sandbox, do permit access to stdout and stderr.
*/
if (lch_start(MYNAME, sandbox_argv, LCH_PERMIT_STDERR |
- LCH_PERMIT_STDOUT, &lcsp) < 0)
+ LCH_PERMIT_STDOUT, NULL, &lcsp) < 0)
err(-1, "lch_start %s", argv[1]);
/*
More information about the p4-projects
mailing list