Re: Limiting Capsicum capabilities rights [RESOLVED]

From: Jonathan Adams <jfadams1963_at_proton.me>
Date: Tue, 20 Feb 2024 01:53:15 UTC
On Tuesday, February 13th, 2024 at 11:22 AM, Jonathan Adams <jfadams1963@proton.me> wrote:

> As I say, this all works fine. But if I add in the following declaration and calls to set and limit rights, it fails; clearly too restrictive:
> ----------
> 28 │ cap_rights_t rights;
> ...
> 86 │ // Set rights on directory fd
> 87 │ cap_rights_init(&rights, CAP_LOOKUP, CAP_CREATE, CAP_PREAD, \
> 88 │ CAP_PWRITE, CAP_FCHMOD);
> 89 │ cap_rights_limit(dirfd, &rights);
> ----------

For posterity's sake, the missing right in cap_rights_init() was CAP_FCNTL.

  I finally found the answer in Mariusz Zaborski's 2018 article "Capsicum: Just Apply Me!" The relevant text is from his example of Capsicumizing cmp(1):

cmp(1) is work-
ing on two descriptors fd1 and fd2 and both
have capability CAP_FSTAT and CAP_FCNTL,
which respectively allow us to get a file status
using the fstat(2) function and fcntl(2) for
file control. (The cmp(1) uses the fdopen(3)
function that requires fcntl(F_GETFL)).

- Jonathan
____________________________________________
"Before Turing, things were done to numbers.
After Turing, numbers began doing things"
- George Dyson