git: fe388671ac85 - stable/13 - makesyscalls.lua: add a CAPENABLED flag
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 19 Oct 2021 23:20:34 UTC
The branch stable/13 has been updated by brooks: URL: https://cgit.FreeBSD.org/src/commit/?id=fe388671ac851292f59926e96f2c86e6e46ea218 commit fe388671ac851292f59926e96f2c86e6e46ea218 Author: Brooks Davis <brooks@FreeBSD.org> AuthorDate: 2021-10-19 23:19:56 +0000 Commit: Brooks Davis <brooks@FreeBSD.org> CommitDate: 2021-10-19 23:19:56 +0000 makesyscalls.lua: add a CAPENABLED flag The CAPENABLED flag indicates that the syscall can be used in capsicum capability mode. It is intended to replace capabilities.conf. Reviewed by: kevans, emaste Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D31349 (cherry picked from commit 6945df3fff57a9606f8c8a4e3865def3a0e915e7) --- sys/kern/syscalls.master | 2 ++ sys/tools/makesyscalls.lua | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/sys/kern/syscalls.master b/sys/kern/syscalls.master index 81f016a0c073..51ff07f8deed 100644 --- a/sys/kern/syscalls.master +++ b/sys/kern/syscalls.master @@ -15,6 +15,7 @@ ; COMPAT7, COMPAT11, COMPAT12, NODEF, NOARGS, NOPROTO, NOSTD ; The COMPAT* options may be combined with one or more NO* ; options separated by '|' with no spaces (e.g. COMPAT|NOARGS) +; The CAPENABLED option may be ORed into a type. ; name pseudo-prototype of syscall routine ; If one of the following alts is different, then all appear: ; altname name of system call if different @@ -45,6 +46,7 @@ ; function prototype in sys/sysproto.h. Does add a ; definition to syscall.h besides adding a sysent. ; NOTSTATIC syscall is loadable +; CAPENABLED syscall is allowed in capability mode ; annotations: ; SAL 2.0 annotations are used to specify how system calls treat diff --git a/sys/tools/makesyscalls.lua b/sys/tools/makesyscalls.lua index 49a9e283e646..dba9488b11a8 100644 --- a/sys/tools/makesyscalls.lua +++ b/sys/tools/makesyscalls.lua @@ -155,6 +155,7 @@ local known_flags = { NOPROTO = 0x00000040, NOSTD = 0x00000080, NOTSTATIC = 0x00000100, + CAPENABLED = 0x00000200, -- Compat flags start from here. We have plenty of space. } @@ -1060,7 +1061,8 @@ process_syscall_def = function(line) -- If applicable; strip the ABI prefix from the name local stripped_name = strip_abi_prefix(funcname) - if config["capenabled"][funcname] ~= nil or + if flags & known_flags['CAPENABLED'] ~= 0 or + config["capenabled"][funcname] ~= nil or config["capenabled"][stripped_name] ~= nil then sysflags = "SYF_CAPENABLED" end