PERFORCE change 148371 for review
Robert Watson
rwatson at FreeBSD.org
Mon Aug 25 10:47:36 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=148371
Change 148371 by rwatson at rwatson_freebsd_capabilities on 2008/08/25 10:46:43
Add a new right, CAP_KEVENT, which controls use of a kqueue, to be
disinguished from CAP_EVENT, which control use of a kqueue/select/
poll to monitor another descriptor.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_event.c#5 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#17 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_event.c#5 (text+ko) ====
@@ -702,7 +702,7 @@
struct file *fp;
int i, n, nerrors, error;
- if ((error = fget(td, fd, CAP_EVENT, &fp)) != 0)
+ if ((error = fget(td, fd, CAP_KEVENT, &fp)) != 0)
return (error);
if ((error = kqueue_acquire(fp, &kq)) != 0)
goto done_norel;
@@ -2016,7 +2016,7 @@
struct file *fp;
int error;
- if ((error = fget(td, fd, CAP_EVENT, &fp)) != 0)
+ if ((error = fget(td, fd, CAP_KEVENT, &fp)) != 0)
return (error);
if ((error = kqueue_acquire(fp, &kq)) != 0)
goto noacquire;
==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#17 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#16 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#17 $
*/
/*
@@ -87,7 +87,8 @@
#define CAP_SEM_POST 0x0000010000000000ULL /* ksem_post */
#define CAP_SEM_WAIT 0x0000020000000000ULL /* ksem_wait */
#define CAP_SEM_GETVALUE 0x0000040000000000ULL /* ksem_getvalue */
-#define CAP_MASK_VALID 0x000007ffffffffffULL
+#define CAP_KEVENT 0x0000080000000000ULL /* kevent(2) */
+#define CAP_MASK_VALID 0x00000fffffffffffULL
/*
* Notes:
@@ -100,7 +101,8 @@
*
* pread and pwrite will not use CAP_SEEK.
*
- * CAP_EVENT covers select, poll, and kqueue registration for a capability.
+ * CAP_EVENT covers select, poll, and kqueue registration for a capability;
+ * CAP_KEVENT controls the use of a kqueue(2) description.
*
* sendfile is authorized using CAP_READ on the file and CAP_WRITE on the
* socket.
More information about the p4-projects
mailing list