bindat(2) and connectat(2) syscalls for review.
Pawel Jakub Dawidek
pjd at FreeBSD.org
Wed Feb 13 23:39:32 UTC 2013
On Thu, Feb 14, 2013 at 01:20:04AM +0200, Konstantin Belousov wrote:
> On Thu, Feb 14, 2013 at 12:03:54AM +0100, Pawel Jakub Dawidek wrote:
> > Hi.
> >
> > I'd like to commit the following patch:
> >
> > http://people.freebsd.org/~pjd/patches/bindconnectat.patch
> >
> > It implements bindat(2) and connectat(2) syscalls that will allow to
> > manage UNIX domain sockets from within capability mode sandbox.
> >
> > They work just like any other *at(2) syscall and their prototypes look
> > like this:
> >
> > int bindat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen);
> > int connectat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen);
> >
> > Where 'fd' is directory descriptor. The only supported socket domain is
> > PF_LOCAL.
> >
> > The audit subsystem was updated to audit the new syscalls properly.
> >
> > Comments and reviews are welcome.
>
> Looking only at prototypes, I think it is useful to add at last the flags
> argument. The first application of it is for O_CLOEXEC-like flag.
And this flag should be applied to?
Note that those syscalls don't create new descriptors, they operate on
existing descriptors (directory descriptor and socket descriptor) that
should eventually have close-on-exec flag set if required.
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://tupytaj.pl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20130214/2e2f9be8/attachment.sig>
More information about the freebsd-arch
mailing list