PERFORCE change 173945 for review
Robert Watson
rwatson at FreeBSD.org
Sat Jan 30 11:39:40 UTC 2010
http://p4web.freebsd.org/chv.cgi?CH=173945
Change 173945 by rwatson at rwatson_vimage_client on 2010/01/30 11:38:39
Support optionally passing the pshm segment into the sandbox better;
don't try to install the fd if we don't have one.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#6 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#6 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#5 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#6 $
*/
#include <sys/param.h>
@@ -150,7 +150,7 @@
struct lc_library *lclp, u_int lcl_count, const char *binname,
char *const argv[], struct lc_fdlist *fds)
{
- int *fd_array, fdcount;
+ int *fd_array, fdcount, fdnum;
struct sbuf *sbufp;
int shmfd = -1;
size_t fdlistsize;
@@ -196,7 +196,11 @@
if (lc_limitfd(fd_libsbuf, LIBCAPABILITY_CAPMASK_LIB) < 0)
return;
- fdcount = 11 + lcl_count;
+ fdnum = 10;
+ if (shmfd != -1)
+ fdnum++;
+
+ fdcount = fdnum + lcl_count;
fd_array = malloc(fdcount * sizeof(int));
if (fd_array == NULL)
return;
@@ -221,11 +225,12 @@
fd_array[7] = fd_libcapsicum;
fd_array[8] = fd_libsbuf;
fd_array[9] = fd_devnull;
- fd_array[10] = shmfd;
+ if (shmfd != -1)
+ fd_array[10] = shmfd;
for (i = 0; i < lcl_count; i++) {
if (lc_limitfd(lclp->lcl_fd, LIBCAPABILITY_CAPMASK_LIB) < 0)
return;
- fd_array[i + 11] = lclp[i].lcl_fd;
+ fd_array[i + fdnum] = lclp[i].lcl_fd;
}
if (lch_installfds(fdcount, fd_array) < 0)
@@ -238,7 +243,7 @@
3, binname, 5, LD_ELF_CAP_SO, 6, LIBC_SO, 7, LIBCAPABILITY_SO,
8, LIBSBUF_SO, 9, _PATH_DEVNULL);
for (i = 0; i < lcl_count; i++)
- (void)sbuf_printf(sbufp, ",%d:%s", i + 11,
+ (void)sbuf_printf(sbufp, ",%d:%s", i + fdnum,
lclp[i].lcl_libname);
sbuf_finish(sbufp);
if (sbuf_overflowed(sbufp))
@@ -258,7 +263,7 @@
return;
sbuf_delete(sbufp);
- if (fds != NULL) {
+ if (shmfd != -1) {
sprintf(fdliststr, "%d", 10);
if (setenv(LIBCAPABILITY_SANDBOX_FDLIST, fdliststr, 1) == -1)
return;
More information about the p4-projects
mailing list