PERFORCE change 133773 for review
Robert Watson
rwatson at FreeBSD.org
Mon Jan 21 03:33:59 PST 2008
http://perforce.freebsd.org/chv.cgi?CH=133773
Change 133773 by rwatson at rwatson_freebsd_capabilities on 2008/01/21 11:33:35
CAP_LSEEK -> CAP_SEEK, as it's a flag used alone for lseek() or
in combination with other operations, such as CAP_READ and
CAP_WRITE. It really represents permission to change the file
offset, not the underlying object. Comment along these lines.
Remove CAP_PREAD and CAP_PWRITE for similar reasons.
Note complexities associated with aio and mmap.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#4 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#4 (text+ko) ====
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#3 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#4 $
*/
/*
@@ -45,7 +45,7 @@
#define CAP_READ 0x0000000000000001 /* read/recv */
#define CAP_WRITE 0x0000000000000002 /* write/send */
#define CAP_FCHDIR 0x0000000000000004 /* fchdir */
-#define CAP_LSEEK 0x0000000000000008 /* lseek */
+#define CAP_SEEK 0x0000000000000008 /* lseek, various io */
#define CAP_GETPEERNAME 0x0000000000000010 /* getpeername */
#define CAP_GETSOCKNAME 0x0000000000000020 /* getsockname */
#define CAP_FCHFLAGS 0x0000000000000040 /* fchflags */
@@ -61,8 +61,8 @@
#define CAP_FLOCK 0x0000000000010000 /* flock */
#define CAP_GETDIRENTRIES 0x0000000000020000 /* getdirentries */
#define CAP_FSTATFS 0x0000000000040000 /* fstatfs */
-#define CAP_PREAD 0x0000000000080000 /* pread */
-#define CAP_PWRITE 0x0000000000100000 /* pwrite */
+#define _CAP_UNUSED0 0x0000000000080000
+#define _CAP_UNUSED1 0x0000000000100000
#define CAP_FPATHCONF 0x0000000000200000 /* fpathconf */
#define CAP_FUTIMES 0x0000000000400000 /* futimes */
#define CAP_AIO 0x0000000000800000 /* aio_* */
@@ -84,7 +84,7 @@
#define CAP_LISTEN 0x0000008000000000 /* listen */
#define CAP_SHUTDOWN 0x0000010000000000 /* shutdown */
#define CAP_PEELOFF 0x0000020000000000 /* sctp_peeloff */
-#define CAP_MASK_VALID 0x000003ffffffffff
+#define CAP_MASK_VALID 0x000003ffffe7ffff
/*
* Notes:
@@ -92,6 +92,11 @@
* Some system calls don't require a capability in order to perform an
* operation on an fd. These include: close, dup, dup2.
*
+ * CAP_SEEK is used alone for lseek, but along-side CAP_READ and CAP_WRITE
+ * for various I/O calls, such as read/write/send/receive.
+ *
+ * pread and pwrite will not use CAP_SEEK.
+ *
* CAP_EVENT covers select, poll, and kqueue registration for a capability.
*
* CAP_AIO is combined with other capabilities to authorize specific AIO
@@ -102,6 +107,9 @@
*
* sendto should check CAP_CONNECT as well as CAP_WRITE if an address is
* specified.
+ *
+ * mmap() and aio*() system calls will need special attention as they may
+ * involve reads or writes depending a great deal on context.
*/
#ifdef _KERNEL
More information about the p4-projects
mailing list