PERFORCE change 134202 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=134202

Change 134202 by rwatson at rwatson_freebsd_capabilities on 2008/01/27 15:50:53

	Add CAP_FEXECVE to authorize use of a capability for fexecve().
	
	Use fgetvp_read() rather than fgetvp_exec(), as there is no FEXEC
	in this branch (and probably won't be).  Require CAP_READ |
	CAP_FEXECVE but possibly this should just be CAP_FEXECVE.
	
	Update for VOP_UNLOCK() prototype change.
	
	len doesn't need to be initialized on declaration [anymore].

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_exec.c#4 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#9 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_exec.c#4 (text+ko) ====

@@ -305,7 +305,7 @@
 	struct ucred *newcred = NULL, *oldcred;
 	struct uidinfo *euip;
 	register_t *stack_base;
-	int error, len = 0, i;
+	int error, len, i;
 	struct image_params image_params, *imgp;
 	struct vattr attr;
 	int (*img_first)(struct image_params *);
@@ -392,7 +392,9 @@
 		binvp  = ndp->ni_vp;
 		imgp->vp = binvp;
 	} else {
-	   	error = fgetvp_exec(td, args->fd, &binvp);
+		/* XXXRW: Possibly should just be CAP_FEXECVE? */
+	   	error = fgetvp_read(td, args->fd, CAP_READ | CAP_FEXECVE,
+		    &binvp);
 		if (error)
 			goto exec_fail;
 		vfslocked = VFS_LOCK_GIANT(binvp->v_mount);
@@ -526,7 +528,7 @@
 	}
 
 	/* close files on exec */
-	VOP_UNLOCK(imgp->vp, 0, td);
+	VOP_UNLOCK(imgp->vp, 0);
 	fdcloseexec(td);
 	vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY);
 
@@ -644,7 +646,7 @@
 		 */
 		PROC_UNLOCK(p);
 		setugidsafety(td);
-		VOP_UNLOCK(imgp->vp, 0, td);
+		VOP_UNLOCK(imgp->vp, 0);
 		error = fdcheckstd(td);
 		vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY);
 		if (error != 0)
@@ -778,7 +780,7 @@
 		crfree(oldcred);
 	else
 		crfree(newcred);
-	VOP_UNLOCK(imgp->vp, 0, td);
+	VOP_UNLOCK(imgp->vp, 0);
 	/*
 	 * Handle deferred decrement of ref counts.
 	 */

==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#9 (text+ko) ====

@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#8 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#9 $
  */
 
 /*
@@ -62,7 +62,7 @@
 #define	CAP_GETDIRENTRIES	0x0000000000020000ULL	/* getdirentries */
 #define	CAP_FSTATFS		0x0000000000040000ULL	/* fstatfs */
 #define	CAP_REVOKE		0x0000000000080000ULL	/* revoke */
-#define	_CAP_UNUSED1		0x0000000000100000ULL
+#define	CAP_FEXECVE		0x0000000000100000ULL	/* fexecve */
 #define	CAP_FPATHCONF		0x0000000000200000ULL	/* fpathconf */
 #define	CAP_FUTIMES		0x0000000000400000ULL	/* futimes */
 #define	CAP_AIO			0x0000000000800000ULL	/* aio_* */
@@ -84,7 +84,7 @@
 #define	CAP_LISTEN		0x0000008000000000ULL	/* listen */
 #define	CAP_SHUTDOWN		0x0000010000000000ULL	/* shutdown */
 #define	CAP_PEELOFF		0x0000020000000000ULL	/* sctp_peeloff */
-#define	CAP_MASK_VALID		0x000003ffffe7ffffULL
+#define	CAP_MASK_VALID		0x000003ffffffffffULL
 
 /*
  * Notes: