Re: git: bf7c4fcbbb05 - main - bhyveload: hold /boot and do relative lookups for the loader

In reply to: Kyle Evans : "git: bf7c4fcbbb05 - main - bhyveload: hold /boot and do relative lookups for the loader"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Kyle Evans <kevans_at_FreeBSD.org>
Date: Wed, 03 Jan 2024 22:21:42 UTC

On 1/3/24 16:19, Kyle Evans wrote:
> The branch main has been updated by kevans:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=bf7c4fcbbb05ff99afde0744d013feeb35d77191
> 
> commit bf7c4fcbbb05ff99afde0744d013feeb35d77191
> Author:     Kyle Evans <kevans@FreeBSD.org>
> AuthorDate: 2024-01-03 22:17:59 +0000
> Commit:     Kyle Evans <kevans@FreeBSD.org>
> CommitDate: 2024-01-03 22:19:15 +0000
> 
>      bhyveload: hold /boot and do relative lookups for the loader
>      
>      The next change will push bhyveload into capability mode right after we
>      allocate vcpu state, before we've setup or entered the loader, to limit
>      the surface area that a rogue loader script can touch.
>      
>      With an explicit -l loader, we don't need to preopen /boot because
>      changing interpreters isn't allowed.  We'll just dlopen() entirely in
>      advance in that case to eliminate some complexity.
>    

Sigh, sorry, just realized I forgot to update this part... the final 
version just opens the file in advance, it didn't dlopen() it in advance 
so that, e.g., ctors run in the sandbox.  The remark about not 
preopening /boot is still correct.


>      Reviewed by:    allanjude (earlier version), markj
>      Differential Revision:  https://reviews.freebsd.org/D43285

Thanks,

Kyle Evans