From nobody Fri Jun 20 13:52:14 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bNzRy5rGyz5y448; Fri, 20 Jun 2025 13:52:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bNzRy3hfWz3XZw; Fri, 20 Jun 2025 13:52:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1750427534; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YBYhbeFwApHu/Mq3b3OIXTydbMopoe3XiIBj2RNykuQ=; b=QACbGsutDf+aTwdBnFZ4Wq9/2rz5L54mboTfw5978/nF4PxqarL74i+TI/s/TPOxUdqD45 cWrvVe+IXPTvZopwLVN1VPQovFTMwpUXqHldhc75/aqCyZ9zVXCu5nLvyPtXTQbaphTY5c gNbXeBwi3cNuLvMXa/p76mA7Rqc6knSsicqvJfWWuJUb6VQGZ0MJH+eH8p6kqiCjL5wpc4 6MFahjKuoANI6tVROx3su8rngKtbuFxDuiONtcqR89FpGnt06VfapebTGbgxOKXDyMG4jm udOYBj/VB6grDurjnS2cvuP8u6sf7/1q5OvYm4qjLwbdGaGFf/3qUxUjaUcn/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1750427534; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YBYhbeFwApHu/Mq3b3OIXTydbMopoe3XiIBj2RNykuQ=; b=fogEk8L+n9xSWHmFHxUhX97x+pqifKoe+AhU+hzAVxsks1Nr27k7YTrWk+WPZC+iKVd3wU 6oqRIl8qx4ZvqBAJPEd7H0Er0JTu3FdpGdE4Klwb9QnO7om3IUrvXK7T0JdJHpE2ui8/Za j89DTR6lZ7btadnzQTaguN+2TYraxAkKbpEGS4DVAk+wJAJnD1JCvAAjIoiWdYIgVm03qN c7Cf+tnWM3aYBMkmwbjiXezc5KO2zfbBk0wZm2HRFmI8W0J1SgkXOg4LeIUAP4VIa3GMr0 f625vOB80JKbcbbx/rJX7GUrZBc/M2+0rVNJiUsbTUka9K9oOjT07uPtSGj9YA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1750427534; a=rsa-sha256; cv=none; b=yV7G3k4Ojysik9sttCGYOIWRGODdOqfkKOOwyCUZafvtz4W/znV1d4XWpxJGOMZ5ANKsyI qxz+iz9yYTeAlHbWovldTZJQCyU3oyyEpX/I/RrDB2pLO5hWNmF20YBuYQGWDoNooKuRJK P+uXjD9hH8NY5zlgzIuRf+n+FkWr33LkUGzX1lNNq9AyTBLCWOEJfM99XRW1JVlIWQg8N2 YkbU3+jmyFfYxoq+gUMjLKEiQCiW0cfMWkFFDwr2p5LHD03ntR4kdXVeWtUPGj2IlQpWXB bTj6Em4v2WjCMw63vcsGJJxzZZ+JQB/fIEzlR05F4e9ch6e8rqW8iLVP8UsyPA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bNzRy3Gf6znhY; Fri, 20 Jun 2025 13:52:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 55KDqExX057776; Fri, 20 Jun 2025 13:52:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 55KDqEDX057773; Fri, 20 Jun 2025 13:52:14 GMT (envelope-from git) Date: Fri, 20 Jun 2025 13:52:14 GMT Message-Id: <202506201352.55KDqEDX057773@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 1225d1a7c948 - stable/14 - capsicum: Statically initialize commonly used capability rights List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 1225d1a7c948dd1f1ef6afce231d276a8269c36e Auto-Submitted: auto-generated The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=1225d1a7c948dd1f1ef6afce231d276a8269c36e commit 1225d1a7c948dd1f1ef6afce231d276a8269c36e Author: Mark Johnston AuthorDate: 2025-05-20 20:19:47 +0000 Commit: Mark Johnston CommitDate: 2025-06-20 12:46:09 +0000 capsicum: Statically initialize commonly used capability rights Rather than initializing all of these sets during boot, define a macro which can do so at compile-time. This lets us get rid of the silly sysinit and furthermore allows the sets to live in .rodata, where they ought to be anyway. The CAP_RIGHTS_INITIALIZER2 macro can create a set out of up to two capsicum rights. This could be made more general, but we currently don't have any use for a more abstract implementation, so just keep it simple for now. Also remove the unused cap_chflags_rights symbol. No functional change intended. Reviewed by: olce, oshogbo, kib MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D50420 (cherry picked from commit 1f922483cc993e282329ffed9096f437799b630e) --- sys/kern/subr_capability.c | 153 ++++++++++++++++----------------------------- sys/sys/caprights.h | 90 +++++++++++++------------- sys/sys/capsicum.h | 18 ++++++ 3 files changed, 117 insertions(+), 144 deletions(-) diff --git a/sys/kern/subr_capability.c b/sys/kern/subr_capability.c index 1f3a181a91cb..b4fedb402b43 100644 --- a/sys/kern/subr_capability.c +++ b/sys/kern/subr_capability.c @@ -50,105 +50,60 @@ #ifdef _KERNEL #define assert(exp) KASSERT((exp), ("%s:%u", __func__, __LINE__)) -__read_mostly cap_rights_t cap_accept_rights; -__read_mostly cap_rights_t cap_bind_rights; -__read_mostly cap_rights_t cap_chflags_rights; -__read_mostly cap_rights_t cap_connect_rights; -__read_mostly cap_rights_t cap_event_rights; -__read_mostly cap_rights_t cap_fchdir_rights; -__read_mostly cap_rights_t cap_fchflags_rights; -__read_mostly cap_rights_t cap_fchmod_rights; -__read_mostly cap_rights_t cap_fchown_rights; -__read_mostly cap_rights_t cap_fcntl_rights; -__read_mostly cap_rights_t cap_fexecve_rights; -__read_mostly cap_rights_t cap_flock_rights; -__read_mostly cap_rights_t cap_fpathconf_rights; -__read_mostly cap_rights_t cap_fstat_rights; -__read_mostly cap_rights_t cap_fstatfs_rights; -__read_mostly cap_rights_t cap_fsync_rights; -__read_mostly cap_rights_t cap_ftruncate_rights; -__read_mostly cap_rights_t cap_futimes_rights; -__read_mostly cap_rights_t cap_getpeername_rights; -__read_mostly cap_rights_t cap_getsockopt_rights; -__read_mostly cap_rights_t cap_getsockname_rights; -__read_mostly cap_rights_t cap_ioctl_rights; -__read_mostly cap_rights_t cap_listen_rights; -__read_mostly cap_rights_t cap_linkat_source_rights; -__read_mostly cap_rights_t cap_linkat_target_rights; -__read_mostly cap_rights_t cap_mmap_rights; -__read_mostly cap_rights_t cap_mkdirat_rights; -__read_mostly cap_rights_t cap_mkfifoat_rights; -__read_mostly cap_rights_t cap_mknodat_rights; -__read_mostly cap_rights_t cap_pdgetpid_rights; -__read_mostly cap_rights_t cap_pdkill_rights; -__read_mostly cap_rights_t cap_pread_rights; -__read_mostly cap_rights_t cap_pwrite_rights; -__read_mostly cap_rights_t cap_read_rights; -__read_mostly cap_rights_t cap_recv_rights; -__read_mostly cap_rights_t cap_renameat_source_rights; -__read_mostly cap_rights_t cap_renameat_target_rights; -__read_mostly cap_rights_t cap_seek_rights; -__read_mostly cap_rights_t cap_send_rights; -__read_mostly cap_rights_t cap_send_connect_rights; -__read_mostly cap_rights_t cap_setsockopt_rights; -__read_mostly cap_rights_t cap_shutdown_rights; -__read_mostly cap_rights_t cap_symlinkat_rights; -__read_mostly cap_rights_t cap_unlinkat_rights; -__read_mostly cap_rights_t cap_write_rights; -__read_mostly cap_rights_t cap_no_rights; - -static void -cap_rights_sysinit(void *arg) -{ - cap_rights_init_one(&cap_accept_rights, CAP_ACCEPT); - cap_rights_init_one(&cap_bind_rights, CAP_BIND); - cap_rights_init_one(&cap_connect_rights, CAP_CONNECT); - cap_rights_init_one(&cap_event_rights, CAP_EVENT); - cap_rights_init_one(&cap_fchdir_rights, CAP_FCHDIR); - cap_rights_init_one(&cap_fchflags_rights, CAP_FCHFLAGS); - cap_rights_init_one(&cap_fchmod_rights, CAP_FCHMOD); - cap_rights_init_one(&cap_fchown_rights, CAP_FCHOWN); - cap_rights_init_one(&cap_fcntl_rights, CAP_FCNTL); - cap_rights_init_one(&cap_fexecve_rights, CAP_FEXECVE); - cap_rights_init_one(&cap_flock_rights, CAP_FLOCK); - cap_rights_init_one(&cap_fpathconf_rights, CAP_FPATHCONF); - cap_rights_init_one(&cap_fstat_rights, CAP_FSTAT); - cap_rights_init_one(&cap_fstatfs_rights, CAP_FSTATFS); - cap_rights_init_one(&cap_fsync_rights, CAP_FSYNC); - cap_rights_init_one(&cap_ftruncate_rights, CAP_FTRUNCATE); - cap_rights_init_one(&cap_futimes_rights, CAP_FUTIMES); - cap_rights_init_one(&cap_getpeername_rights, CAP_GETPEERNAME); - cap_rights_init_one(&cap_getsockname_rights, CAP_GETSOCKNAME); - cap_rights_init_one(&cap_getsockopt_rights, CAP_GETSOCKOPT); - cap_rights_init_one(&cap_ioctl_rights, CAP_IOCTL); - cap_rights_init_one(&cap_linkat_source_rights, CAP_LINKAT_SOURCE); - cap_rights_init_one(&cap_linkat_target_rights, CAP_LINKAT_TARGET); - cap_rights_init_one(&cap_listen_rights, CAP_LISTEN); - cap_rights_init_one(&cap_mkdirat_rights, CAP_MKDIRAT); - cap_rights_init_one(&cap_mkfifoat_rights, CAP_MKFIFOAT); - cap_rights_init_one(&cap_mknodat_rights, CAP_MKNODAT); - cap_rights_init_one(&cap_mmap_rights, CAP_MMAP); - cap_rights_init_one(&cap_pdgetpid_rights, CAP_PDGETPID); - cap_rights_init_one(&cap_pdkill_rights, CAP_PDKILL); - cap_rights_init_one(&cap_pread_rights, CAP_PREAD); - cap_rights_init_one(&cap_pwrite_rights, CAP_PWRITE); - cap_rights_init_one(&cap_read_rights, CAP_READ); - cap_rights_init_one(&cap_recv_rights, CAP_RECV); - cap_rights_init_one(&cap_renameat_source_rights, CAP_RENAMEAT_SOURCE); - cap_rights_init_one(&cap_renameat_target_rights, CAP_RENAMEAT_TARGET); - cap_rights_init_one(&cap_seek_rights, CAP_SEEK); - cap_rights_init_one(&cap_send_rights, CAP_SEND); - cap_rights_init(&cap_send_connect_rights, CAP_SEND, CAP_CONNECT); - cap_rights_init_one(&cap_setsockopt_rights, CAP_SETSOCKOPT); - cap_rights_init_one(&cap_shutdown_rights, CAP_SHUTDOWN); - cap_rights_init_one(&cap_symlinkat_rights, CAP_SYMLINKAT); - cap_rights_init_one(&cap_unlinkat_rights, CAP_UNLINKAT); - cap_rights_init_one(&cap_write_rights, CAP_WRITE); - cap_rights_init(&cap_no_rights); -} -SYSINIT(cap_rights_sysinit, SI_SUB_COPYRIGHT, SI_ORDER_ANY, cap_rights_sysinit, - NULL); - +const cap_rights_t cap_accept_rights = CAP_RIGHTS_INITIALIZER(CAP_ACCEPT); +const cap_rights_t cap_bind_rights = CAP_RIGHTS_INITIALIZER(CAP_BIND); +const cap_rights_t cap_connect_rights = CAP_RIGHTS_INITIALIZER(CAP_CONNECT); +const cap_rights_t cap_event_rights = CAP_RIGHTS_INITIALIZER(CAP_EVENT); +const cap_rights_t cap_fchdir_rights = CAP_RIGHTS_INITIALIZER(CAP_FCHDIR); +const cap_rights_t cap_fchflags_rights = CAP_RIGHTS_INITIALIZER(CAP_FCHFLAGS); +const cap_rights_t cap_fchmod_rights = CAP_RIGHTS_INITIALIZER(CAP_FCHMOD); +const cap_rights_t cap_fchown_rights = CAP_RIGHTS_INITIALIZER(CAP_FCHOWN); +const cap_rights_t cap_fcntl_rights = CAP_RIGHTS_INITIALIZER(CAP_FCNTL); +const cap_rights_t cap_fexecve_rights = CAP_RIGHTS_INITIALIZER(CAP_FEXECVE); +const cap_rights_t cap_flock_rights = CAP_RIGHTS_INITIALIZER(CAP_FLOCK); +const cap_rights_t cap_fpathconf_rights = CAP_RIGHTS_INITIALIZER(CAP_FPATHCONF); +const cap_rights_t cap_fstat_rights = CAP_RIGHTS_INITIALIZER(CAP_FSTAT); +const cap_rights_t cap_fstatfs_rights = CAP_RIGHTS_INITIALIZER(CAP_FSTATFS); +const cap_rights_t cap_fsync_rights = CAP_RIGHTS_INITIALIZER(CAP_FSYNC); +const cap_rights_t cap_ftruncate_rights = CAP_RIGHTS_INITIALIZER(CAP_FTRUNCATE); +const cap_rights_t cap_futimes_rights = CAP_RIGHTS_INITIALIZER(CAP_FUTIMES); +const cap_rights_t cap_getpeername_rights = + CAP_RIGHTS_INITIALIZER(CAP_GETPEERNAME); +const cap_rights_t cap_getsockopt_rights = + CAP_RIGHTS_INITIALIZER(CAP_GETSOCKOPT); +const cap_rights_t cap_getsockname_rights = + CAP_RIGHTS_INITIALIZER(CAP_GETSOCKNAME); +const cap_rights_t cap_ioctl_rights = CAP_RIGHTS_INITIALIZER(CAP_IOCTL); +const cap_rights_t cap_listen_rights = CAP_RIGHTS_INITIALIZER(CAP_LISTEN); +const cap_rights_t cap_linkat_source_rights = + CAP_RIGHTS_INITIALIZER(CAP_LINKAT_SOURCE); +const cap_rights_t cap_linkat_target_rights = + CAP_RIGHTS_INITIALIZER(CAP_LINKAT_TARGET); +const cap_rights_t cap_mmap_rights = CAP_RIGHTS_INITIALIZER(CAP_MMAP); +const cap_rights_t cap_mkdirat_rights = CAP_RIGHTS_INITIALIZER(CAP_MKDIRAT); +const cap_rights_t cap_mkfifoat_rights = CAP_RIGHTS_INITIALIZER(CAP_MKFIFOAT); +const cap_rights_t cap_mknodat_rights = CAP_RIGHTS_INITIALIZER(CAP_MKNODAT); +const cap_rights_t cap_pdgetpid_rights = CAP_RIGHTS_INITIALIZER(CAP_PDGETPID); +const cap_rights_t cap_pdkill_rights = CAP_RIGHTS_INITIALIZER(CAP_PDKILL); +const cap_rights_t cap_pread_rights = CAP_RIGHTS_INITIALIZER(CAP_PREAD); +const cap_rights_t cap_pwrite_rights = CAP_RIGHTS_INITIALIZER(CAP_PWRITE); +const cap_rights_t cap_read_rights = CAP_RIGHTS_INITIALIZER(CAP_READ); +const cap_rights_t cap_recv_rights = CAP_RIGHTS_INITIALIZER(CAP_RECV); +const cap_rights_t cap_renameat_source_rights = + CAP_RIGHTS_INITIALIZER(CAP_RENAMEAT_SOURCE); +const cap_rights_t cap_renameat_target_rights = + CAP_RIGHTS_INITIALIZER(CAP_RENAMEAT_TARGET); +const cap_rights_t cap_seek_rights = CAP_RIGHTS_INITIALIZER(CAP_SEEK); +const cap_rights_t cap_send_rights = CAP_RIGHTS_INITIALIZER(CAP_SEND); +const cap_rights_t cap_send_connect_rights = + CAP_RIGHTS_INITIALIZER2(CAP_SEND, CAP_CONNECT); +const cap_rights_t cap_setsockopt_rights = + CAP_RIGHTS_INITIALIZER(CAP_SETSOCKOPT); +const cap_rights_t cap_shutdown_rights = CAP_RIGHTS_INITIALIZER(CAP_SHUTDOWN); +const cap_rights_t cap_symlinkat_rights = CAP_RIGHTS_INITIALIZER(CAP_SYMLINKAT); +const cap_rights_t cap_unlinkat_rights = CAP_RIGHTS_INITIALIZER(CAP_UNLINKAT); +const cap_rights_t cap_write_rights = CAP_RIGHTS_INITIALIZER(CAP_WRITE); +const cap_rights_t cap_no_rights = CAP_RIGHTS_INITIALIZER(0ULL); #endif #define CAPARSIZE_MIN (CAP_RIGHTS_VERSION_00 + 2) diff --git a/sys/sys/caprights.h b/sys/sys/caprights.h index 32ae05172e24..b2fb2898437a 100644 --- a/sys/sys/caprights.h +++ b/sys/sys/caprights.h @@ -58,51 +58,51 @@ typedef struct cap_rights cap_rights_t; #endif #ifdef _KERNEL -extern cap_rights_t cap_accept_rights; -extern cap_rights_t cap_bind_rights; -extern cap_rights_t cap_connect_rights; -extern cap_rights_t cap_event_rights; -extern cap_rights_t cap_fchdir_rights; -extern cap_rights_t cap_fchflags_rights; -extern cap_rights_t cap_fchmod_rights; -extern cap_rights_t cap_fchown_rights; -extern cap_rights_t cap_fcntl_rights; -extern cap_rights_t cap_fexecve_rights; -extern cap_rights_t cap_flock_rights; -extern cap_rights_t cap_fpathconf_rights; -extern cap_rights_t cap_fstat_rights; -extern cap_rights_t cap_fstatfs_rights; -extern cap_rights_t cap_fsync_rights; -extern cap_rights_t cap_ftruncate_rights; -extern cap_rights_t cap_futimes_rights; -extern cap_rights_t cap_getpeername_rights; -extern cap_rights_t cap_getsockopt_rights; -extern cap_rights_t cap_getsockname_rights; -extern cap_rights_t cap_ioctl_rights; -extern cap_rights_t cap_linkat_source_rights; -extern cap_rights_t cap_linkat_target_rights; -extern cap_rights_t cap_listen_rights; -extern cap_rights_t cap_mkdirat_rights; -extern cap_rights_t cap_mkfifoat_rights; -extern cap_rights_t cap_mknodat_rights; -extern cap_rights_t cap_mmap_rights; -extern cap_rights_t cap_no_rights; -extern cap_rights_t cap_pdgetpid_rights; -extern cap_rights_t cap_pdkill_rights; -extern cap_rights_t cap_pread_rights; -extern cap_rights_t cap_pwrite_rights; -extern cap_rights_t cap_read_rights; -extern cap_rights_t cap_recv_rights; -extern cap_rights_t cap_renameat_source_rights; -extern cap_rights_t cap_renameat_target_rights; -extern cap_rights_t cap_seek_rights; -extern cap_rights_t cap_send_rights; -extern cap_rights_t cap_send_connect_rights; -extern cap_rights_t cap_setsockopt_rights; -extern cap_rights_t cap_shutdown_rights; -extern cap_rights_t cap_symlinkat_rights; -extern cap_rights_t cap_unlinkat_rights; -extern cap_rights_t cap_write_rights; +extern const cap_rights_t cap_accept_rights; +extern const cap_rights_t cap_bind_rights; +extern const cap_rights_t cap_connect_rights; +extern const cap_rights_t cap_event_rights; +extern const cap_rights_t cap_fchdir_rights; +extern const cap_rights_t cap_fchflags_rights; +extern const cap_rights_t cap_fchmod_rights; +extern const cap_rights_t cap_fchown_rights; +extern const cap_rights_t cap_fcntl_rights; +extern const cap_rights_t cap_fexecve_rights; +extern const cap_rights_t cap_flock_rights; +extern const cap_rights_t cap_fpathconf_rights; +extern const cap_rights_t cap_fstat_rights; +extern const cap_rights_t cap_fstatfs_rights; +extern const cap_rights_t cap_fsync_rights; +extern const cap_rights_t cap_ftruncate_rights; +extern const cap_rights_t cap_futimes_rights; +extern const cap_rights_t cap_getpeername_rights; +extern const cap_rights_t cap_getsockopt_rights; +extern const cap_rights_t cap_getsockname_rights; +extern const cap_rights_t cap_ioctl_rights; +extern const cap_rights_t cap_linkat_source_rights; +extern const cap_rights_t cap_linkat_target_rights; +extern const cap_rights_t cap_listen_rights; +extern const cap_rights_t cap_mkdirat_rights; +extern const cap_rights_t cap_mkfifoat_rights; +extern const cap_rights_t cap_mknodat_rights; +extern const cap_rights_t cap_mmap_rights; +extern const cap_rights_t cap_no_rights; +extern const cap_rights_t cap_pdgetpid_rights; +extern const cap_rights_t cap_pdkill_rights; +extern const cap_rights_t cap_pread_rights; +extern const cap_rights_t cap_pwrite_rights; +extern const cap_rights_t cap_read_rights; +extern const cap_rights_t cap_recv_rights; +extern const cap_rights_t cap_renameat_source_rights; +extern const cap_rights_t cap_renameat_target_rights; +extern const cap_rights_t cap_seek_rights; +extern const cap_rights_t cap_send_rights; +extern const cap_rights_t cap_send_connect_rights; +extern const cap_rights_t cap_setsockopt_rights; +extern const cap_rights_t cap_shutdown_rights; +extern const cap_rights_t cap_symlinkat_rights; +extern const cap_rights_t cap_unlinkat_rights; +extern const cap_rights_t cap_write_rights; #endif #endif /* !_SYS_CAPRIGHTS_H_ */ diff --git a/sys/sys/capsicum.h b/sys/sys/capsicum.h index 405a7af419bf..9dd34cff943a 100644 --- a/sys/sys/capsicum.h +++ b/sys/sys/capsicum.h @@ -371,6 +371,24 @@ _Static_assert(CAP_RIGHTS_VERSION == CAP_RIGHTS_VERSION_00, _r; \ }) +#define _CAP_RIGHTS_WORD_INITIALIZER(i, r) \ + (CAPIDXBIT(r) == (i) + 1 ? (r) : 0ULL) + +/* + * Define a set of up to two rights at compile time. + */ +#define CAP_RIGHTS_INITIALIZER2(r1, r2) ((struct cap_rights){ \ + .cr_rights = { \ + [0] = ((uint64_t)CAP_RIGHTS_VERSION << 62) | \ + _CAP_RIGHTS_WORD_INITIALIZER(0, r1) | \ + _CAP_RIGHTS_WORD_INITIALIZER(0, r2), \ + [1] = _CAP_RIGHTS_WORD_INITIALIZER(1, r1) | \ + _CAP_RIGHTS_WORD_INITIALIZER(1, r2), \ + }, \ +}) +#define CAP_RIGHTS_INITIALIZER(r) \ + CAP_RIGHTS_INITIALIZER2(r, 0ULL) + /* * Allow checking caps which are possibly getting modified at the same time. * The caller is expected to determine whether the result is legitimate via