svn commit: r333330 - head/lib/libcapsicum

Mariusz Zaborski oshogbo at FreeBSD.org
Mon May 7 20:38:11 UTC 2018 

Author: oshogbo
Date: Mon May  7 20:38:09 2018
New Revision: 333330
URL: https://svnweb.freebsd.org/changeset/base/333330

Log:
  Introduce caph_enter and caph_enter_casper.
  
  The caph_enter function should made it easier to sandbox application
  and not force us to remember that we need to check errno on failure.
  Another function is also checking if casper is present.
  
  Reviewed by:	emaste, cem (partially)
  Differential Revision:	https://reviews.freebsd.org/D14557

Modified:
  head/lib/libcapsicum/capsicum_helpers.3
  head/lib/libcapsicum/capsicum_helpers.h

Modified: head/lib/libcapsicum/capsicum_helpers.3
==============================================================================
--- head/lib/libcapsicum/capsicum_helpers.3	Mon May  7 18:11:22 2018	(r333329)
+++ head/lib/libcapsicum/capsicum_helpers.3	Mon May  7 20:38:09 2018	(r333330)
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd October 21, 2016
+.Dd May 7, 2018
 .Dt CAPSICUM_HELPERS 3
 .Os
 .Sh NAME
@@ -41,6 +41,10 @@
 .Sh SYNOPSIS
 .In capsicum_helpers.h
 .Ft int
+.Fn caph_enter "void"
+.Ft int
+.Fn caph_enter_casper "void"
+.Ft int
 .Fn caph_limit_stream "int fd, int flags"
 .Ft int
 .Fn caph_limit_stdin "void"
@@ -55,6 +59,19 @@
 .Ft void
 .Fn caph_cache_catpages "void"
 .Sh DESCRIPTION
+The
+.Nm caph_enter
+is equivalent to the
+.Xr cap_enter 2
+it returns success when the kernel is built without support of the capability
+mode.
+.Pp
+The
+.Nm caph_enter_casper
+is equivalent to the
+.Nm caph_enter
+it returns success when the system is built without Casper support.
+.Pp
 The
 .Nm capsicum helpers
 are a set of a inline functions which simplify modifying programs to use

Modified: head/lib/libcapsicum/capsicum_helpers.h
==============================================================================
--- head/lib/libcapsicum/capsicum_helpers.h	Mon May  7 18:11:22 2018	(r333329)
+++ head/lib/libcapsicum/capsicum_helpers.h	Mon May  7 20:38:09 2018	(r333330)
@@ -39,6 +39,8 @@
 #include <time.h>
 #include <unistd.h>
 
+#include <libcasper.h>
+
 #define	CAPH_IGNORE_EBADF	0x0001
 #define	CAPH_READ		0x0002
 #define	CAPH_WRITE		0x0004
@@ -120,6 +122,24 @@ caph_cache_catpages(void)
 {
 
 	(void)catopen("libc", NL_CAT_LOCALE);
+}
+
+static __inline int
+caph_enter(void)
+{
+
+	if (cap_enter() < 0 && errno != ENOSYS)
+		return (-1);
+
+	return (0);
+}
+
+
+static __inline int
+caph_enter_casper(void)
+{
+
+	return (CASPER_SUPPORT == 0 ? 0 : caph_enter());
 }
 
 #endif /* _CAPSICUM_HELPERS_H_ */

More information about the svn-src-all mailing list