bindat(2) and connectat(2) syscalls for review.
Konstantin Belousov
kostikbel at gmail.com
Wed Feb 13 23:20:12 UTC 2013
On Thu, Feb 14, 2013 at 12:03:54AM +0100, Pawel Jakub Dawidek wrote:
> Hi.
>
> I'd like to commit the following patch:
>
> http://people.freebsd.org/~pjd/patches/bindconnectat.patch
>
> It implements bindat(2) and connectat(2) syscalls that will allow to
> manage UNIX domain sockets from within capability mode sandbox.
>
> They work just like any other *at(2) syscall and their prototypes look
> like this:
>
> int bindat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen);
> int connectat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen);
>
> Where 'fd' is directory descriptor. The only supported socket domain is
> PF_LOCAL.
>
> The audit subsystem was updated to audit the new syscalls properly.
>
> Comments and reviews are welcome.
Looking only at prototypes, I think it is useful to add at last the flags
argument. The first application of it is for O_CLOEXEC-like flag.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20130214/c9577f88/attachment.sig>
More information about the freebsd-arch
mailing list