bindat(2) and connectat(2) syscalls for review.
Pawel Jakub Dawidek
pjd at FreeBSD.org
Wed Feb 13 23:02:54 UTC 2013
Hi.
I'd like to commit the following patch:
http://people.freebsd.org/~pjd/patches/bindconnectat.patch
It implements bindat(2) and connectat(2) syscalls that will allow to
manage UNIX domain sockets from within capability mode sandbox.
They work just like any other *at(2) syscall and their prototypes look
like this:
int bindat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen);
int connectat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen);
Where 'fd' is directory descriptor. The only supported socket domain is
PF_LOCAL.
The audit subsystem was updated to audit the new syscalls properly.
Comments and reviews are welcome.
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://tupytaj.pl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20130214/e2e1e12f/attachment.sig>
More information about the freebsd-arch
mailing list