PERFORCE change 173679 for review
Jonathan Anderson
jona at FreeBSD.org
Mon Jan 25 17:58:03 UTC 2010
http://p4web.freebsd.org/chv.cgi?CH=173679
Change 173679 by jona at jona-capsicum-kent64 on 2010/01/25 17:57:56
Enable more *at(2) system calls
Affected files ...
.. //depot/projects/trustedbsd/capabilities/TODO#18 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#25 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/init_sysent.c#45 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/vfs_syscalls.c#28 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#29 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/TODO#18 (text+ko) ====
@@ -29,17 +29,18 @@
- Add support for capability-mode *at() system calls:
faccessat DONE 2 Dec 2009 JA
- fchmodat INPROGRESS JA
+ fchmodat DONE 22 Jan 2010 JA
fchownat ----
fstatat ----
- futimesat ----
+ futimesat DONE 22 Jan 2010 JA
linkat ----
- mkdirat ----
- mkfifoat ----
- mknodat ----
+ mkdirat DONE 22 Jan 2010 JA
+ rmdirat DONE 22 Jan 2010 JA
+ mkfifoat DONE 22 Jan 2010 JA
+ mknodat DONE 22 Jan 2010 JA
openat DONE 25 Nov 2009 JA
readlinkat ----
- renameat ----
+ renameat DONE 22 Jan 2010 JA
symlinkat ----
unlinkat ----
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#25 (text+ko) ====
@@ -38,7 +38,7 @@
## - sys_exit(2), abort2(2) and close(2) are very important.
## - Sorted alphabetically, please keep it that way.
##
-## $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#24 $
+## $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#25 $
##
##
@@ -458,7 +458,13 @@
##
faccessat
fchmodat
+futimesat
+mkdirat
+rmdirat
+mkfifoat
+mknodat
openat
+renameat
##
## Allow poll(2), which will be scoped by capability rights.
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/init_sysent.c#45 (text+ko) ====
@@ -528,14 +528,14 @@
{ AS(fchownat_args), (sy_call_t *)fchownat, AUE_FCHOWNAT, NULL, 0, 0, 0 }, /* 491 = fchownat */
{ AS(fexecve_args), (sy_call_t *)fexecve, AUE_FEXECVE, NULL, 0, 0, SYF_CAPENABLED }, /* 492 = fexecve */
{ AS(fstatat_args), (sy_call_t *)fstatat, AUE_FSTATAT, NULL, 0, 0, 0 }, /* 493 = fstatat */
- { AS(futimesat_args), (sy_call_t *)futimesat, AUE_FUTIMESAT, NULL, 0, 0, 0 }, /* 494 = futimesat */
+ { AS(futimesat_args), (sy_call_t *)futimesat, AUE_FUTIMESAT, NULL, 0, 0, SYF_CAPENABLED }, /* 494 = futimesat */
{ AS(linkat_args), (sy_call_t *)linkat, AUE_LINKAT, NULL, 0, 0, 0 }, /* 495 = linkat */
- { AS(mkdirat_args), (sy_call_t *)mkdirat, AUE_MKDIRAT, NULL, 0, 0, 0 }, /* 496 = mkdirat */
- { AS(mkfifoat_args), (sy_call_t *)mkfifoat, AUE_MKFIFOAT, NULL, 0, 0, 0 }, /* 497 = mkfifoat */
- { AS(mknodat_args), (sy_call_t *)mknodat, AUE_MKNODAT, NULL, 0, 0, 0 }, /* 498 = mknodat */
+ { AS(mkdirat_args), (sy_call_t *)mkdirat, AUE_MKDIRAT, NULL, 0, 0, SYF_CAPENABLED }, /* 496 = mkdirat */
+ { AS(mkfifoat_args), (sy_call_t *)mkfifoat, AUE_MKFIFOAT, NULL, 0, 0, SYF_CAPENABLED }, /* 497 = mkfifoat */
+ { AS(mknodat_args), (sy_call_t *)mknodat, AUE_MKNODAT, NULL, 0, 0, SYF_CAPENABLED }, /* 498 = mknodat */
{ AS(openat_args), (sy_call_t *)openat, AUE_OPENAT_RWTC, NULL, 0, 0, SYF_CAPENABLED }, /* 499 = openat */
{ AS(readlinkat_args), (sy_call_t *)readlinkat, AUE_READLINKAT, NULL, 0, 0, 0 }, /* 500 = readlinkat */
- { AS(renameat_args), (sy_call_t *)renameat, AUE_RENAMEAT, NULL, 0, 0, 0 }, /* 501 = renameat */
+ { AS(renameat_args), (sy_call_t *)renameat, AUE_RENAMEAT, NULL, 0, 0, SYF_CAPENABLED }, /* 501 = renameat */
{ AS(symlinkat_args), (sy_call_t *)symlinkat, AUE_SYMLINKAT, NULL, 0, 0, 0 }, /* 502 = symlinkat */
{ AS(unlinkat_args), (sy_call_t *)unlinkat, AUE_UNLINKAT, NULL, 0, 0, 0 }, /* 503 = unlinkat */
{ AS(posix_openpt_args), (sy_call_t *)posix_openpt, AUE_POSIX_OPENPT, NULL, 0, 0, 0 }, /* 504 = posix_openpt */
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/vfs_syscalls.c#28 (text+ko) ====
@@ -1372,7 +1372,12 @@
if (error)
return (error);
restart:
+ if (IN_CAPABILITY_MODE(td))
+ /* only mkfifoat(2) allowed in capability mode */
+ return (EOPNOTSUPP);
+
bwillwrite();
+
NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
pathseg, path, fd, td);
if ((error = namei(&nd)) != 0)
@@ -1498,8 +1503,8 @@
AUDIT_ARG_MODE(mode);
restart:
bwillwrite();
- NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
- pathseg, path, fd, td);
+ NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
+ pathseg, path, fd, CAP_MKFIFO, td);
if ((error = namei(&nd)) != 0)
return (error);
vfslocked = NDHASGIANT(&nd);
@@ -3125,8 +3130,8 @@
AUDIT_ARG_OWNER(uid, gid);
follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
- NDINIT_AT(&nd, LOOKUP, follow | MPSAFE | AUDITVNODE1, pathseg, path,
- fd, td);
+ NDINIT_ATRIGHTS(&nd, LOOKUP, follow | MPSAFE | AUDITVNODE1, pathseg, path,
+ fd, CAP_FCHOWN, td);
if ((error = namei(&nd)) != 0)
return (error);
@@ -3341,8 +3346,8 @@
if ((error = getutimes(tptr, tptrseg, ts)) != 0)
return (error);
- NDINIT_AT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path,
- fd, td);
+ NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path,
+ fd, CAP_FUTIMES, td);
if ((error = namei(&nd)) != 0)
return (error);
@@ -3672,11 +3677,11 @@
bwillwrite();
#ifdef MAC
- NDINIT_AT(&fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART | MPSAFE |
- AUDITVNODE1, pathseg, old, oldfd, td);
+ NDINIT_ATRIGHTS(&fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART |
+ MPSAFE | AUDITVNODE1, pathseg, old, oldfd, CAP_DELETE, td);
#else
- NDINIT_AT(&fromnd, DELETE, WANTPARENT | SAVESTART | MPSAFE |
- AUDITVNODE1, pathseg, old, oldfd, td);
+ NDINIT_ATRIGHTS(&fromnd, DELETE, WANTPARENT | SAVESTART | MPSAFE |
+ AUDITVNODE1, pathseg, old, oldfd, CAP_DELETE, td);
#endif
if ((error = namei(&fromnd)) != 0)
@@ -3699,8 +3704,8 @@
vrele(fvp);
goto out1;
}
- NDINIT_AT(&tond, RENAME, LOCKPARENT | LOCKLEAF | NOCACHE | SAVESTART |
- MPSAFE | AUDITVNODE2, pathseg, new, newfd, td);
+ NDINIT_ATRIGHTS(&tond, RENAME, LOCKPARENT | LOCKLEAF | NOCACHE |
+ SAVESTART | MPSAFE | AUDITVNODE2, pathseg, new, newfd, CAP_CREATE, td);
if (fromnd.ni_vp->v_type == VDIR)
tond.ni_cnd.cn_flags |= WILLBEDIR;
if ((error = namei(&tond)) != 0) {
@@ -3826,8 +3831,8 @@
AUDIT_ARG_MODE(mode);
restart:
bwillwrite();
- NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
- segflg, path, fd, td);
+ NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
+ segflg, path, fd, CAP_MKDIR, td);
nd.ni_cnd.cn_flags |= WILLBEDIR;
if ((error = namei(&nd)) != 0)
return (error);
@@ -3915,8 +3920,8 @@
restart:
bwillwrite();
- NDINIT_AT(&nd, DELETE, LOCKPARENT | LOCKLEAF | MPSAFE | AUDITVNODE1,
- pathseg, path, fd, td);
+ NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | MPSAFE | AUDITVNODE1,
+ pathseg, path, fd, CAP_RMDIR, td);
if ((error = namei(&nd)) != 0)
return (error);
vfslocked = NDHASGIANT(&nd);
==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#29 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#28 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#29 $
*/
/*
@@ -98,7 +98,12 @@
#define CAP_FSCK 0x0004000000000000ULL /* sysctl_ffs_fsck */
#define CAP_ATBASE 0x0008000000000000ULL /* openat(2), etc. */
#define CAP_ABSOLUTEPATH 0x0010000000000000ULL /* abs. lookup from '/' */
-#define CAP_MASK_VALID 0x001fffffffffffffULL
+#define CAP_CREATE 0x0020000000000000ULL /* open, rename, etc. */
+#define CAP_DELETE 0x0040000000000000ULL /* rename, remove, etc. */
+#define CAP_MKDIR 0x0080000000000000ULL /* mkdirat(2), mknodat(2) */
+#define CAP_RMDIR 0x0100000000000000ULL /* rmdirat(2) */
+#define CAP_MKFIFO 0x0200000000000000ULL /* mkfifoat(2) */
+#define CAP_MASK_VALID 0x03ffffffffffffffULL
/*
* Notes:
More information about the p4-projects
mailing list