PERFORCE change 163729 for review
Robert Watson
rwatson at FreeBSD.org
Sun Jun 7 19:51:21 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=163729
Change 163729 by rwatson at rwatson_freebsd_capabilities on 2009/06/07 19:51:12
Define three new capability rights for file descriptors: CAP_TTYHOOK,
CAP_FCHDIR, and CAP_FSCK.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_new.2#8 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#23 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_new.2#8 (text+ko) ====
@@ -32,7 +32,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd February 3, 2008
+.Dd June 7, 2009
.Dt CAP_NEW 2
.Os
.Sh NAME
@@ -157,6 +157,9 @@
.It Dv CAP_EXTATTR_SET
Permit
.Xr extattr_set_fd 2 .
+.It Dv CAP_FCHDIR
+Permit
+.Xr fchdir 2 .
.It Dv CAP_FCHFLAGS
Permit
.Xr fchflags 2 .
@@ -178,6 +181,8 @@
.It Dv CAP_FPATHCONF
Permit
.Xr fpathconf 2 .
+.It Dv CAP_FSCK
+Permit UFS background-fsck operations on the descriptor.
.It Dv CAP_FSTAT
Permit
.Xr fstat 2 .
@@ -302,6 +307,10 @@
Permit explicit
.Xr shutdown 2 ;
closing the socket will also generally shut down any connections on it.
+.It Dv CAP_TTYHOOK
+Allow configuration of TTY hooks, such as
+.Xr snp 4 ,
+on the file descriptor.
.It Dv CAP_WRITE
Allow
.Xr aio_write 2 ,
@@ -443,7 +452,8 @@
.Xr sem_getvalue 3 ,
.Xr sem_post 3 ,
.Xr sem_trywait 3 ,
-.Xr sem_wait 3
+.Xr sem_wait 3 ,
+.Xr snp 4
.Sh HISTORY
Support for capabilities and capabilities mode was developed as part of the
.Tn TrustedBSD
==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#23 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#22 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#23 $
*/
/*
@@ -92,7 +92,10 @@
#define CAP_PDWAIT 0x0000200000000000ULL /* pdwait(2) */
#define CAP_PDKILL 0x0000400000000000ULL /* pdkill(2) */
#define CAP_MAPEXEC 0x0000800000000000ULL /* mmap(2) as exec */
-#define CAP_MASK_VALID 0x0000ffffffffffffULL
+#define CAP_TTYHOOK 0x0001000000000000ULL /* register tty hook */
+#define CAP_FCHDIR 0x0002000000000000ULL /* fchdir(2) */
+#define CAP_FSCK 0x0004000000000000ULL /* sysctl_ffs_fsck */
+#define CAP_MASK_VALID 0x0001ffffffffffffULL
/*
* Notes:
More information about the p4-projects
mailing list