svn commit: r224778 - in head: sys/amd64/linux32
sys/cddl/compat/opensolaris/sys sys/compat/freebsd32 sys/compat/linux
sys/compat/svr4 sys/dev/aac sys/dev/amr sys/dev/hwpmc sys/dev/ipmi
sys/dev/isc...
Jaakko Heinonen
jh at FreeBSD.org
Tue Aug 16 12:45:02 UTC 2011
Hi,
On 2011-08-11, Robert Watson wrote:
> Second-to-last commit implementing Capsicum capabilities in the FreeBSD
> kernel for FreeBSD 9.0:
This commit seems to have broken nfsd for me.
> Modified: head/sys/fs/nfsserver/nfs_nfsdport.c
> ==============================================================================
> --- head/sys/fs/nfsserver/nfs_nfsdport.c Thu Aug 11 11:30:21 2011 (r224777)
> +++ head/sys/fs/nfsserver/nfs_nfsdport.c Thu Aug 11 12:30:23 2011 (r224778)
> @@ -3027,8 +3029,14 @@ nfssvc_nfsd(struct thread *td, struct nf
> error = copyin(uap->argp, (caddr_t)&sockarg, sizeof (sockarg));
> if (error)
> goto out;
> - if ((error = fget(td, sockarg.sock, &fp)) != 0)
> + /*
> + * Since we don't know what rights might be required,
> + * pretend that we need them all. It is better to be too
> + * careful than too reckless.
> + */
> + if ((error = fget(td, sockarg.sock, CAP_SOCK_ALL, &fp)) != 0)
> goto out;
> + return (error);
This for sure can't be correct. With the patch below nfsd seems to work
again for me.
%%%
Index: sys/fs/nfsserver/nfs_nfsdport.c
===================================================================
--- sys/fs/nfsserver/nfs_nfsdport.c (revision 224908)
+++ sys/fs/nfsserver/nfs_nfsdport.c (working copy)
@@ -3036,7 +3036,6 @@ nfssvc_nfsd(struct thread *td, struct nf
*/
if ((error = fget(td, sockarg.sock, CAP_SOCK_ALL, &fp)) != 0)
goto out;
- return (error);
if (fp->f_type != DTYPE_SOCKET) {
fdrop(fp, td);
error = EPERM;
%%%
--
Jaakko
More information about the svn-src-all
mailing list