From nobody Wed Jan 03 22:21:42 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4T542K31rzz56q8l; Wed, 3 Jan 2024 22:21:45 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4T542K2Xj7z4dXv; Wed, 3 Jan 2024 22:21:45 +0000 (UTC) (envelope-from kevans@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1704320505; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RCxocExfnB53GEBRWwFsDKF7/MY645gA3JVWYBjH5UM=; b=Uguu/GI6OWFjrX+N7VLlui6bt9d93omNFJzzw0E97AoXrcZePCQWdqlKiPYipXu206cXWm UmTcIla2WdSnKXpMPx511Kfekk2P124CwdjejT2w/M01K8UZF9RO2pe8Qvrc2dgdRVQS8l bc0LMm3OWSKba2m8+YGWFGLUWd9rss0trVfgqFhuui27u2wGYtwmc5LhCt9KDhWozwbFLP JbkBPYjFt10gl0AcQaaoiRq0qigOdTuwbTXYtViuYXOEhuXorEW+83dDdq5C6klIivILLO ASc9hmRt9T/G+F3qZ7g2i8jXTORc9qShj42x3o3mIlqXRlBA/zu83MwCCYw7gQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1704320505; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RCxocExfnB53GEBRWwFsDKF7/MY645gA3JVWYBjH5UM=; b=CVRNtULpmoV6TCz1UK37I3WabMF1NyVBV5iRBKfJcIo90pmrQmt0OeNUqdpeYmtyZfttJZ cUKnV6I7TNzEtE+mGy46Ch8J6EB/XT++ir5Xx3eSzEvSGKO+qtEgStNrtPF8DEPPsvj94N CLFrIxMN1zLwYboL+XEzuxurxdBo2Y/fjgfWHEe7Mc8JUUc+LVaBvNicImBZHSD4r5Vx6m WppFmXdOoexRlaqV0CorY9AzG+UOlzThumCK/ndkumoAgvp29imtQxrBdNlEdxVzBSB2KF /PkzqKi+pRdEaTnW8SlHGJ/qdvoAwHUtxSDoVEclJ6937LCXVgE8hepf9BHw+Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1704320505; a=rsa-sha256; cv=none; b=GorsTVyyWDyTS3C9sjzgn9lDdp/1uE/UfDz4axP+QJ29GeL4bUIYsLrI2AtGWiGefRcng5 E78WKzaijFiq9IUCmJN0OkGp3JNIsQ27N/FwHiDOfWJLVn3tarf5Alj8ElE0P+h6TkJORz PDjnYzMcBEVu8IrjV0hOws0oRM+2voaOJJ0Uen8PryOa7S+KrVGwmRFclWitrVGkre/ycY HmT9pXeBmTEV9YxoKN91GTzafxg8Anmx1Y8ztVgOVIIBU5HLbxEClVDuJOhDC1Gbw37dhb /L91AVRM0Mtoj/dMh5fPmlYgdfHttibPUnZabDDnzx71d25vpqeBdNCFOQNsrg== Received: from [10.9.4.95] (unknown [209.182.120.176]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: kevans/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4T542J6Jhmz1Bhf; Wed, 3 Jan 2024 22:21:44 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Message-ID: <151ec650-488a-4ec5-998c-c7a95228205b@FreeBSD.org> Date: Wed, 3 Jan 2024 16:21:42 -0600 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: git: bf7c4fcbbb05 - main - bhyveload: hold /boot and do relative lookups for the loader Content-Language: en-US From: Kyle Evans To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org References: <202401032219.403MJR4h090902@gitrepo.freebsd.org> In-Reply-To: <202401032219.403MJR4h090902@gitrepo.freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 1/3/24 16:19, Kyle Evans wrote: > The branch main has been updated by kevans: > > URL: https://cgit.FreeBSD.org/src/commit/?id=bf7c4fcbbb05ff99afde0744d013feeb35d77191 > > commit bf7c4fcbbb05ff99afde0744d013feeb35d77191 > Author: Kyle Evans > AuthorDate: 2024-01-03 22:17:59 +0000 > Commit: Kyle Evans > CommitDate: 2024-01-03 22:19:15 +0000 > > bhyveload: hold /boot and do relative lookups for the loader > > The next change will push bhyveload into capability mode right after we > allocate vcpu state, before we've setup or entered the loader, to limit > the surface area that a rogue loader script can touch. > > With an explicit -l loader, we don't need to preopen /boot because > changing interpreters isn't allowed. We'll just dlopen() entirely in > advance in that case to eliminate some complexity. > Sigh, sorry, just realized I forgot to update this part... the final version just opens the file in advance, it didn't dlopen() it in advance so that, e.g., ctors run in the sandbox. The remark about not preopening /boot is still correct. > Reviewed by: allanjude (earlier version), markj > Differential Revision: https://reviews.freebsd.org/D43285 Thanks, Kyle Evans