PERFORCE change 148066 for review
Robert Watson
rwatson at FreeBSD.org
Thu Aug 21 23:33:12 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=148066
Change 148066 by rwatson at rwatson_freebsd_capabilities on 2008/08/21 23:32:57
Allow shm_open(2) in capability mode, but only with SHM_ANON
objects.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#9 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/uipc_shm.c#4 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#9 (text+ko) ====
@@ -5,7 +5,7 @@
# - sys_exit() and close() are very important.
# - Sorted alphabetically, please keep it that way.
#
-# $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#8 $
+# $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#9 $
#
__acl_aclcheck_fd
__acl_delete_fd
@@ -261,9 +261,9 @@
#
setuid
#
-# shm_open needs scoping (just anonymous memory).
+# We allow shm_open(2), but only when used with anonymous objects.
#
-#shm_open
+shm_open
shutdown
sigaction
sigaltstack
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/uipc_shm.c#4 (text+ko) ====
@@ -462,6 +462,14 @@
mode_t cmode;
int fd, error;
+ /*
+ * shm_open(2) of anonymous objects is allowed in capability mode,
+ * but naming of globally scoped objects is not.
+ */
+ if ((td->td_ucred->cr_flags & CRED_FLAG_CAPMODE) &&
+ (uap->path != SHM_ANON))
+ return (ENOSYS);
+
if ((uap->flags & O_ACCMODE) != O_RDONLY &&
(uap->flags & O_ACCMODE) != O_RDWR)
return (EINVAL);
More information about the p4-projects
mailing list