git: 52a1d90c8bfe - main - Allow posix_fadvise in capability mode

From: Ed Maste <emaste_at_FreeBSD.org>
Date: Thu, 14 Apr 2022 19:13:35 UTC
The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=52a1d90c8bfe80a15e71a1a2bd7b9407949741d6

commit 52a1d90c8bfe80a15e71a1a2bd7b9407949741d6
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2022-04-13 22:36:03 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-04-14 19:11:21 +0000

    Allow posix_fadvise in capability mode
    
    posix_fadvise operates only on a provided fd.  Noted by
    Mathieu <sigsys@gmail.com> in review D34761.
    
    No new CAP_ rights are added for posix_fadvise(), as 'advice' in
    general only influences when I/O happens; the fd must have existing
    CAP_ rights for actual data access.
    
    Reviewed by:    markj
    MFC after:      2 weeks
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D34903
---
 sys/kern/syscalls.master | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/kern/syscalls.master b/sys/kern/syscalls.master
index fda91e9c7d6f..c6dce5366219 100644
--- a/sys/kern/syscalls.master
+++ b/sys/kern/syscalls.master
@@ -2941,7 +2941,7 @@
 		    off_t len
 		);
 	}
-531	AUE_POSIX_FADVISE	STD {
+531	AUE_POSIX_FADVISE	STD|CAPENABLED {
 		int posix_fadvise(
 		    int fd,
 		    off_t offset,