PERFORCE change 164217 for review
Robert Watson
rwatson at FreeBSD.org
Fri Jun 12 23:10:12 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=164217
Change 164217 by rwatson at rwatson_freebsd_capabilities on 2009/06/12 23:09:58
Allow closefrom(2) in capability mode.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#21 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/init_sysent.c#34 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/syscalls.c#34 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/systrace_args.c#34 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/syscall.h#34 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/syscall.mk#34 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/sysproto.h#34 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#21 (text+ko) ====
@@ -38,7 +38,7 @@
## - sys_exit(2), abort2(2) and close(2) are very important.
## - Sorted alphabetically, please keep it that way.
##
-## $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#20 $
+## $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#21 $
##
##
@@ -130,6 +130,7 @@
## Always allow file descriptor close(2).
##
close
+closefrom
##
## Disallow connect(2) for now, despite CAP_CONNECT.
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/init_sysent.c#34 (text+ko) ====
@@ -545,5 +545,5 @@
{ AS(pdkill_args), (sy_call_t *)pdkill, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED }, /* 514 = pdkill */
{ AS(pdgetpid_args), (sy_call_t *)pdgetpid, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED }, /* 515 = pdgetpid */
{ AS(pdwait_args), (sy_call_t *)pdwait, AUE_NULL, NULL, 0, 0, 0 }, /* 516 = pdwait */
- { AS(closefrom_args), (sy_call_t *)closefrom, AUE_CLOSEFROM, NULL, 0, 0, 0 }, /* 517 = closefrom */
+ { AS(closefrom_args), (sy_call_t *)closefrom, AUE_CLOSEFROM, NULL, 0, 0, SYF_CAPENABLED }, /* 517 = closefrom */
};
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/syscalls.c#34 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/systrace_args.c#34 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/sys/sys/syscall.h#34 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/sys/sys/syscall.mk#34 (text+ko) ====
==== //depot/projects/trustedbsd/capabilities/src/sys/sys/sysproto.h#34 (text+ko) ====
More information about the p4-projects
mailing list