PERFORCE change 169596 for review
Robert Watson
rwatson at FreeBSD.org
Mon Oct 19 15:23:55 UTC 2009
http://p4web.freebsd.org/chv.cgi?CH=169596
Change 169596 by rwatson at rwatson_vimage_client on 2009/10/19 15:23:30
amd64 also requires capability mode checks.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/sys/amd64/amd64/trap.c#7 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/sys/amd64/amd64/trap.c#7 (text+ko) ====
@@ -44,6 +44,7 @@
* AMD64 Trap and System call handling
*/
+#include "opt_capabilities.h"
#include "opt_clock.h"
#include "opt_cpu.h"
#include "opt_hwpmc_hooks.h"
@@ -68,6 +69,7 @@
#include <sys/syscall.h>
#include <sys/sysctl.h>
#include <sys/sysent.h>
+#include <sys/ucred.h>
#include <sys/uio.h>
#include <sys/vmmeter.h>
#ifdef KTRACE
@@ -969,6 +971,18 @@
td->td_syscalls++;
+#ifdef CAPABILITIES
+ /*
+ * In capabilities mode, we only allow access to system calls flagged
+ * SYF_CAPENABLED.
+ */
+ if (error == 0) {
+ if (!(callp->sy_flags & SYF_CAPENABLED) &&
+ (td->td_ucred->cr_flags & CRED_FLAG_CAPMODE))
+ error = ENOSYS;
+ }
+#endif
+
if (error == 0) {
td->td_retval[0] = 0;
td->td_retval[1] = frame->tf_rdx;
More information about the p4-projects
mailing list