PERFORCE change 164660 for review
Robert Watson
rwatson at FreeBSD.org
Thu Jun 18 11:24:50 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=164660
Change 164660 by rwatson at rwatson_freebsd_capabilities on 2009/06/18 11:24:33
Collapse lch_start_flags/lch_startfd_flags into lch_start/
lch_startfd, since we seem to almost always use them that way.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/Makefile#15 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#21 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.3#8 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#18 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/fdrpc/fdrpc.c#4 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/fdsendrecv/fdsendrecv.c#3 edit
.. //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_echo/sandbox_echo.c#8 edit
.. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzsandbox.c#4 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/Makefile#15 (text+ko) ====
@@ -23,9 +23,7 @@
MLINKS= libcapability.3 lc_limitfd.3 \
libcapability_host.3 lch_autosandbox_isenabled.3 \
libcapability_host.3 lch_start.3 \
- libcapability_host.3 lch_start_flags.3 \
libcapability_host.3 lch_startfd.3 \
- libcapability_host.3 lch_startfd_flags.3 \
libcapability_host.3 lch_stop.3 \
libcapability_host.3 lch_getsock.3 \
libcapability_host.3 lch_getpid.3 \
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#21 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#20 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#21 $
*/
#ifndef _LIBCAPABILITY_H_
@@ -53,14 +53,10 @@
/*
* Interfaces to start and stop capability mode sandboxs.
*/
-int lch_start(const char *sandbox, char *const argv[],
- struct lc_sandbox **lcspp);
-int lch_start_flags(const char *sandbox, char *const argv[], u_int flags,
+int lch_start(const char *sandbox, char *const argv[], u_int flags,
struct lc_sandbox **lcspp);
int lch_startfd(int fd_sandbox, const char *binname, char *const argv[],
- struct lc_sandbox **lcspp);
-int lch_startfd_flags(int fd_sandbox, const char *binname,
- char *const argv[], u_int flags, struct lc_sandbox **lcspp);
+ u_int flags, struct lc_sandbox **lcspp);
void lch_stop(struct lc_sandbox *lcsp);
/*
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.3#8 (text+ko) ====
@@ -45,13 +45,9 @@
.In sys/capability.h
.In libcapability.h
.Ft int
-.Fn lch_start "const char *sandbox" "char *const argv[]" "struct lc_sandbox **lcsp"
+.Fn lch_start "const char *sandbox" "char *const argv[]" "u_int flags" "struct lc_sandbox **lcsp"
.Ft int
-.Fn lch_start_flags "const char *sandbox" "char *const argv[]" "u_int flags" "struct lc_sandbox **lcsp"
-.Ft int
-.Fn lch_startfd "int fd_sandbox" "char *const argv[]" "struct lc_sandbox **lcsp"
-.Ft int
-.Fn lch_startfd_flags "int fd_sandbox" "char *const argv[]" "u_int flags" "struct lc_sandbox **lcsp"
+.Fn lch_startfd "int fd_sandbox" "char *const argv[]" "u_int flags" "struct lc_sandbox **lcsp"
.Ft void
.Fn lch_stop "struct lc_sandbox *lcsp"
.Ft int
@@ -104,34 +100,28 @@
.Dv lch_ .
.Pp
Each executing sandbox instance is described by an opaque
-.Dt "struct lc_sandbox" ,
+.Dt "struct lc_sandbox *" ,
which is returned by
.Fn lch_start
-and
-.Fn lch_start_flags
for successfully started sandboxes, and passed into other APIs to indicate
which sandbox should be acted on.
-Both calls create new executing sandboxes, given the name of the sandbox
-binary via
+.Fn lch_start
+creates a new executing sandboxes, given the name of the sandbox binary via
.Va sandbox ,
and command line arguments
-.Va argv .
-.Pp
-.Fn lch_start_flags
-accepts an optional flags field to fine-tune aspects of sandbox operation;
-the only currently defined flag is
+.Va argv ,
+and optional flags
+.Va flags
+to fine-tune aspects of sandbox operation; the only currently defined flag is
.Dv LCH_PERMIT_STDERR ,
which allows the sandbox to write to the current process's
.Dv stderr .
By default, this is not permitted.
.Pp
-Two further variations to start sandboxes are also defined,
.Fn lch_startfd
-and
-.Fn lch_startfd_flags ,
-which accept a file descriptor argument,
+accept a file descriptor argument,
.Va fd_sandbox ,
-rather than a path.
+rather than a path, so is appropriate for use within a sandbox.
.Pp
Executing sandboxes may be stopped (and all state freed) using
.Fn lch_stop .
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#18 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#17 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#18 $
*/
#include <sys/param.h>
@@ -223,7 +223,7 @@
}
int
-lch_startfd_flags(int fd_sandbox, const char *binname, char *const argv[],
+lch_startfd(int fd_sandbox, const char *binname, char *const argv[],
u_int flags, struct lc_sandbox **lcspp)
{
struct lc_sandbox *lcsp;
@@ -338,17 +338,9 @@
}
int
-lch_startfd(int fd_sandbox, const char *binname, char *const argv[],
+lch_start(const char *sandbox, char *const argv[], u_int flags,
struct lc_sandbox **lcspp)
{
-
- return (lch_startfd_flags(fd_sandbox, binname, argv, 0, lcspp));
-}
-
-int
-lch_start_flags(const char *sandbox, char *const argv[], u_int flags,
- struct lc_sandbox **lcspp)
-{
char binname[MAXPATHLEN];
int error, fd_sandbox, ret;
@@ -359,20 +351,13 @@
if (fd_sandbox < 0)
return (-1);
- ret = lch_startfd_flags(fd_sandbox, binname, argv, flags, lcspp);
+ ret = lch_startfd(fd_sandbox, binname, argv, flags, lcspp);
error = errno;
close(fd_sandbox);
errno = error;
return (ret);
}
-int
-lch_start(const char *sandbox, char *const argv[], struct lc_sandbox **lcspp)
-{
-
- return (lch_start_flags(sandbox, argv, 0, lcspp));
-}
-
void
lch_stop(struct lc_sandbox *lcsp)
{
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/fdrpc/fdrpc.c#4 (text+ko) ====
@@ -65,8 +65,8 @@
if (argc != 1)
errx(-1, "usage: fdrpc_host");
- if (lch_start_flags(FDRPC_SANDBOX, fdrpc_argv, LCH_PERMIT_STDERR,
- &lcsp) < 0)
+ if (lch_start(FDRPC_SANDBOX, fdrpc_argv, LCH_PERMIT_STDERR, &lcsp)
+ < 0)
err(-1, "lch_start %s", FDRPC_SANDBOX);
ch = 'X'; /* RPC data. */
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/fdsendrecv/fdsendrecv.c#3 (text+ko) ====
@@ -59,8 +59,8 @@
if (argc != 1)
errx(-1, "usage: fdsendrecv_host");
- if (lch_start_flags(FDSENDRECV_SANDBOX, fdsendrecv_argv,
- LCH_PERMIT_STDERR, &lcsp) < 0)
+ if (lch_start(FDSENDRECV_SANDBOX, fdsendrecv_argv, LCH_PERMIT_STDERR,
+ &lcsp) < 0)
err(-1, "lch_start %s", FDSENDRECV_SANDBOX);
/*
==== //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_echo/sandbox_echo.c#8 (text+ko) ====
@@ -60,8 +60,7 @@
if (argc != 1)
errx(-1, "usage: sandbox_echo");
- if (lch_start_flags(MYNAME, sandbox_argv, LCH_PERMIT_STDERR, &lcsp)
- < 0)
+ if (lch_start(MYNAME, sandbox_argv, LCH_PERMIT_STDERR, &lcsp) < 0)
err(-1, "lch_start %s", argv[1]);
for (i = 0; i < 10; i++) {
@@ -103,13 +102,12 @@
* requests to it. Otherwise, service the requests in this sandbox.
*/
if (argc > 1 && strcmp(argv[1], "nested") == 0) {
-
if (ld_caplibindex_lookup(MYNAME, &fd) < 0)
err(-10, "ld_caplibindex_lookup(%s)", MYNAME);
- if (lch_startfd_flags(fd, MYNAME, sandbox_argv,
- LCH_PERMIT_STDERR, &lcsp) < 0)
- err(-1, "lch_start %s", argv[1]);
+ if (lch_startfd(fd, MYNAME, sandbox_argv, LCH_PERMIT_STDERR,
+ &lcsp) < 0)
+ err(-1, "lch_startfd %s", argv[1]);
while (1) {
if (lcs_recvrpc(lchp, &opno, &seqno, &buffer, &len)
< 0) {
==== //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzsandbox.c#4 (text+ko) ====
@@ -89,7 +89,7 @@
size_t len;
if (lcsp == NULL) {
- if (lch_start_flags(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv,
+ if (lch_start(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv,
LCH_PERMIT_STDERR, &lcsp) < 0)
err(-1, "lch_start %s", LC_USR_BIN_GZIP_SANDBOX);
}
@@ -175,7 +175,7 @@
size_t len;
if (lcsp == NULL) {
- if (lch_start_flags(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv,
+ if (lch_start(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv,
LCH_PERMIT_STDERR, &lcsp) < 0)
err(-1, "lch_start %s", LC_USR_BIN_GZIP_SANDBOX);
}
@@ -264,7 +264,7 @@
size_t len;
if (lcsp == NULL) {
- if (lch_start_flags(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv,
+ if (lch_start(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv,
LCH_PERMIT_STDERR, &lcsp) < 0)
err(-1, "lch_start %s", LC_USR_BIN_GZIP_SANDBOX);
}
More information about the p4-projects
mailing list