git: 8e8f1cc9bb94 - main - Re-enable network ioctls in capability mode

Mark Johnston markj at FreeBSD.org
Fri Apr 23 13:29:41 UTC 2021 

The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=8e8f1cc9bb945ffaa4b49231e1ebcead1baa62ce

commit 8e8f1cc9bb945ffaa4b49231e1ebcead1baa62ce
Author:     Mark Johnston <markj at FreeBSD.org>
AuthorDate: 2021-04-23 13:14:42 +0000
Commit:     Mark Johnston <markj at FreeBSD.org>
CommitDate: 2021-04-23 13:22:49 +0000

    Re-enable network ioctls in capability mode
    
    This reverts a portion of 274579831b61 ("capsicum: Limit socket
    operations in capability mode") as at least rtsol and dhcpcd rely on
    being able to configure network interfaces while in capability mode.
    
    Reported by:    bapt, Greg V
    Sponsored by:   The FreeBSD Foundation
---
 contrib/capsicum-test/capmode.cc | 5 +++++
 sys/kern/sys_socket.c            | 2 +-
 sys/net/if.c                     | 9 ---------
 sys/net/route.c                  | 5 +----
 sys/net/route.h                  | 4 +---
 sys/netinet/in.c                 | 4 ----
 sys/netinet6/in6.c               | 4 ----
 7 files changed, 8 insertions(+), 25 deletions(-)

diff --git a/contrib/capsicum-test/capmode.cc b/contrib/capsicum-test/capmode.cc
index ba2de19879a0..f32d9e038744 100644
--- a/contrib/capsicum-test/capmode.cc
+++ b/contrib/capsicum-test/capmode.cc
@@ -227,6 +227,10 @@ FORK_TEST_F(WithFiles, AllowedSocketSyscallsIfRoot) {
 
   // Interface configuration ioctls are not permitted in capability
   // mode.
+  //
+  // This test is disabled for now as the corresponding kernel change was
+  // disabled.
+#if 0
 #ifdef __FreeBSD__
   struct if_clonereq req;
 
@@ -238,6 +242,7 @@ FORK_TEST_F(WithFiles, AllowedSocketSyscallsIfRoot) {
 
   free(req.ifcr_buffer);
 #endif
+#endif
 }
 
 #ifdef HAVE_SEND_RECV_MMSG
diff --git a/sys/kern/sys_socket.c b/sys/kern/sys_socket.c
index 52f4b6cdf7f9..e53b0367960b 100644
--- a/sys/kern/sys_socket.c
+++ b/sys/kern/sys_socket.c
@@ -271,7 +271,7 @@ soo_ioctl(struct file *fp, u_long cmd, void *data, struct ucred *active_cred,
 			error = ifioctl(so, cmd, data, td);
 		else if (IOCGROUP(cmd) == 'r') {
 			CURVNET_SET(so->so_vnet);
-			error = rtioctl_fib(cmd, data, so->so_fibnum, td);
+			error = rtioctl_fib(cmd, data, so->so_fibnum);
 			CURVNET_RESTORE();
 		} else {
 			CURVNET_SET(so->so_vnet);
diff --git a/sys/net/if.c b/sys/net/if.c
index 5bf44d014db3..1e410142747f 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -2968,15 +2968,6 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct thread *td)
 	bool shutdown;
 #endif
 
-	/*
-	 * Interface ioctls access a global namespace.  There is currently no
-	 * capability-based representation for interfaces, so the configuration
-	 * interface is simply unaccessible from capability mode.  If necessary,
-	 * select ioctls may be permitted here.
-	 */
-	if (IN_CAPABILITY_MODE(td))
-		return (ECAPMODE);
-
 	CURVNET_SET(so->so_vnet);
 #ifdef VIMAGE
 	/* Make sure the VNET is stable. */
diff --git a/sys/net/route.c b/sys/net/route.c
index f093a71b7585..2416aa9a983f 100644
--- a/sys/net/route.c
+++ b/sys/net/route.c
@@ -43,7 +43,6 @@
 
 #include <sys/param.h>
 #include <sys/systm.h>
-#include <sys/capsicum.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/socket.h>
@@ -246,10 +245,8 @@ rib_add_redirect(u_int fibnum, struct sockaddr *dst, struct sockaddr *gateway,
  * Routing table ioctl interface.
  */
 int
-rtioctl_fib(u_long req, caddr_t data, u_int fibnum, struct thread *td)
+rtioctl_fib(u_long req, caddr_t data, u_int fibnum)
 {
-	if (IN_CAPABILITY_MODE(td))
-		return (ECAPMODE);
 
 	/*
 	 * If more ioctl commands are added here, make sure the proper
diff --git a/sys/net/route.h b/sys/net/route.h
index 64e89965f9cd..67217f237e0b 100644
--- a/sys/net/route.h
+++ b/sys/net/route.h
@@ -431,13 +431,11 @@ void	rt_updatemtu(struct ifnet *);
 
 void	rt_flushifroutes(struct ifnet *ifp);
 
-struct thread;
-
 /* XXX MRT NEW VERSIONS THAT USE FIBs
  * For now the protocol indepedent versions are the same as the AF_INET ones
  * but this will change.. 
  */
-int	rtioctl_fib(u_long, caddr_t, u_int, struct thread *);
+int	rtioctl_fib(u_long, caddr_t, u_int);
 int	rib_lookup_info(uint32_t, const struct sockaddr *, uint32_t, uint32_t,
 	    struct rt_addrinfo *);
 void	rib_free_info(struct rt_addrinfo *info);
diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index 5f70dd1ec824..bcf071a81e0e 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -36,7 +36,6 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
-#include <sys/capsicum.h>
 #include <sys/eventhandler.h>
 #include <sys/systm.h>
 #include <sys/sockio.h>
@@ -238,9 +237,6 @@ in_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp,
 	if (ifp == NULL)
 		return (EADDRNOTAVAIL);
 
-	if (td != NULL && IN_CAPABILITY_MODE(td))
-		return (ECAPMODE);
-
 	/*
 	 * Filter out 4 ioctls we implement directly.  Forward the rest
 	 * to specific functions and ifp->if_ioctl().
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index de3db6dc7d33..02cb9df7da3a 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -69,7 +69,6 @@ __FBSDID("$FreeBSD$");
 #include "opt_inet6.h"
 
 #include <sys/param.h>
-#include <sys/capsicum.h>
 #include <sys/eventhandler.h>
 #include <sys/errno.h>
 #include <sys/jail.h>
@@ -255,9 +254,6 @@ in6_control(struct socket *so, u_long cmd, caddr_t data,
 	int error;
 	u_long ocmd = cmd;
 
-	if (td != NULL && IN_CAPABILITY_MODE(td))
-		return (ECAPMODE);
-
 	/*
 	 * Compat to make pre-10.x ifconfig(8) operable.
 	 */

More information about the dev-commits-src-all mailing list