PERFORCE change 148019 for review

Robert Watson rwatson at FreeBSD.org
Thu Aug 21 18:02:22 UTC 2008 

http://perforce.freebsd.org/chv.cgi?CH=148019

Change 148019 by rwatson at rwatson_freebsd_capabilities on 2008/08/21 18:01:42

	Allow building a kernel without options CAPABILITIES by providing
	some no-op stubs.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/sys/conf/files#8 edit
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#17 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/sys/conf/files#8 (text+ko) ====

@@ -1650,7 +1650,7 @@
 kern/subr_turnstile.c		standard
 kern/subr_unit.c		standard
 kern/subr_witness.c		optional witness
-kern/sys_capability.c		optional capabilities
+kern/sys_capability.c		standard
 kern/sys_generic.c		standard
 kern/sys_pipe.c			standard
 kern/sys_process.c		standard

==== //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#17 (text+ko) ====

@@ -40,8 +40,10 @@
  * XXXRW: See the global TODO for things that need to be done.
  */
 
+#include "opt_capabilities.h"
+
 #include <sys/cdefs.h>
-__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#16 $");
+__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#17 $");
 
 #include <sys/param.h>
 #include <sys/capability.h>
@@ -52,11 +54,14 @@
 #include <sys/mutex.h>
 #include <sys/proc.h>
 #include <sys/sysproto.h>
+#include <sys/sysctl.h>
 #include <sys/systm.h>
 #include <sys/ucred.h>
 
 #include <vm/uma.h>
 
+#ifdef CAPABILITIES
+
 /*
  * struct capability describes a capability, and is hung off of its struct
  * file f_data field.  cap_file and cap_rightss are static once hooked up, as
@@ -111,6 +116,14 @@
 
 static uma_zone_t capability_zone;
 
+/*
+ * We don't currently have any MIB entries for sysctls, but we do expose
+ * security.capabilities so that it's easy to tell if options CAPABILITIES is
+ * compiled into the kernel.
+ */
+SYSCTL_NODE(_security, OID_AUTO, capabilities, CTLFLAG_RW, 0,
+    "TrustedBSD Capabilities controls");
+
 static void
 capability_init(void *dummy __unused)
 {
@@ -383,3 +396,50 @@
 
 	panic("capability_stat");
 }
+
+#else /* !CAPABILITIES */
+
+/*
+ * Stub Capability functions for when options CAPABILITIES isn't compiled
+ * into the kernel.
+ */
+int
+cap_fextract(struct file *fp_cap, cap_rights_t rights, struct file **fpp)
+{
+
+	KASSERT(fp_cap->f_type != DTYPE_CAPABILITY,
+	    ("cap_fextract: saw capability"));
+
+	*fpp = fp_cap;
+	return (0);
+}
+
+int
+cap_enter(struct thread *td, struct cap_enter_args *uap)
+{
+
+	return (ENOSYS);
+}
+
+int
+cap_getmode(struct thread *td, struct cap_getmode_args *uap)
+{
+
+	return (ENOSYS);
+}
+
+int
+cap_new(struct thread *td, struct cap_new_args *uap)
+{
+
+	return (ENOSYS);
+}
+
+int
+cap_getrights(struct thread *td, struct cap_getrights_args *uap)
+{
+
+	return (ENOSYS);
+}
+
+#endif /* CAPABILITIES */

More information about the p4-projects mailing list