svn commit: r324560 - in head: lib/libc/sys sys/kern

Ed Maste emaste at FreeBSD.org
Thu Oct 12 15:45:54 UTC 2017 

Author: emaste
Date: Thu Oct 12 15:45:53 2017
New Revision: 324560
URL: https://svnweb.freebsd.org/changeset/base/324560

Log:
  allow posix_fallocate in capability mode
  
  posix_fallocate is logically equivalent to writing zero blocks to the
  desired file size and there is no reason to prevent calling it in
  capability mode. posix_fallocate already checked for the CAP_WRITE
  right, so we merely need to list it in capabilities.conf.
  
  Reviewed by:	allanjude
  MFC after:	2 weeks
  Sponsored by:	The FreeBSD Foundation
  Differential Revision:	https://reviews.freebsd.org/D12640

Modified:
  head/lib/libc/sys/posix_fallocate.2
  head/sys/kern/capabilities.conf
  head/sys/kern/vfs_syscalls.c

Modified: head/lib/libc/sys/posix_fallocate.2
==============================================================================
--- head/lib/libc/sys/posix_fallocate.2	Thu Oct 12 15:16:27 2017	(r324559)
+++ head/lib/libc/sys/posix_fallocate.2	Thu Oct 12 15:45:53 2017	(r324560)
@@ -28,7 +28,7 @@
 .\"     @(#)open.2	8.2 (Berkeley) 11/16/93
 .\" $FreeBSD$
 .\"
-.Dd January 23, 2014
+.Dd October 12, 2017
 .Dt POSIX_FALLOCATE 2
 .Os
 .Sh NAME
@@ -118,6 +118,10 @@ argument does not refer to a regular file.
 .It Bq Er ENOSPC
 There is insufficient free space remaining on the file system storage
 media.
+.It Bq Er ENOTCAPABLE
+The file descriptor
+.Fa fd
+has insufficient rights.
 .It Bq Er ESPIPE
 The
 .Fa fd

Modified: head/sys/kern/capabilities.conf
==============================================================================
--- head/sys/kern/capabilities.conf	Thu Oct 12 15:16:27 2017	(r324559)
+++ head/sys/kern/capabilities.conf	Thu Oct 12 15:45:53 2017	(r324560)
@@ -488,6 +488,7 @@ poll
 ##
 ## Allow I/O-related file descriptors, subject to capability rights.
 ##
+posix_fallocate
 pread
 preadv
 

Modified: head/sys/kern/vfs_syscalls.c
==============================================================================
--- head/sys/kern/vfs_syscalls.c	Thu Oct 12 15:16:27 2017	(r324559)
+++ head/sys/kern/vfs_syscalls.c	Thu Oct 12 15:45:53 2017	(r324560)
@@ -4400,7 +4400,7 @@ kern_posix_fallocate(struct thread *td, int fd, off_t 
 	if (offset > OFF_MAX - len)
 		return (EFBIG);
 	AUDIT_ARG_FD(fd);
-	error = fget(td, fd, cap_rights_init(&rights, CAP_WRITE), &fp);
+	error = fget(td, fd, cap_rights_init(&rights, CAP_PWRITE), &fp);
 	if (error != 0)
 		return (error);
 	AUDIT_ARG_FILE(td->td_proc, fp);

More information about the svn-src-all mailing list