socsvn commit: r254450 - soc2013/dpl

[dpl at FreeBSD.org]

Author: dpl
Date: Tue Jul  9 07:10:45 2013
New Revision: 254450
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=254450

Log:
  This file will hold my own functions and notes when porting applications to Capsicum.
  

Added:
  soc2013/dpl/functions.c

Added: soc2013/dpl/functions.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ soc2013/dpl/functions.c	Tue Jul  9 07:10:45 2013	(r254450)
@@ -0,0 +1,46 @@
+void
+limitfd(int fd)
+{
+   cap_rights_t rights;
+
+   if (fd == OUT_FILENO)
+      rights = CAP_READ|CAP_FSTAT|CAP_WRITE|CAP_FCHMOD|CAP_FCHOWN|CAP_FUTIMES;
+   else if (fd == IN_FILENO)
+      rights = CAP_WRITE|CAP_READ|CAP_FSTAT;
+   else if (fd == STDERR_FILENO)
+      rights = CAP_WRITE;
+   else if ( fd == cwd )
+      rights = CAP_UNLINKAT|CAP_LOOKUP;
+
+   if (cap_rights_limit(fd, rights) < 0 && errno != ENOSYS){
+      fprintf ( stderr, "%s: Couldn't limit rights for descriptor %d: %s.\n", 
+         progName, fd, strerror(errno));
+      setExit(1);
+      exit(exitValue);
+   }
+}
+
+extern void
+cap_init()
+{
+	if (cap_rights_limit(STDIN_FILENO, CAP_READ) < 0 && errno != ENOSYS){
+		message_error("%d: %s", STDIN_FILENO, strerror(errno));
+		exit(E_ERROR);
+	}
+
+	if (cap_rights_limit(STDOUT_FILENO, CAP_WRITE) < 0 && errno != ENOSYS){
+		message_error("%d: %s", STDOUT_FILENO, strerror(errno));
+		exit(E_ERROR);
+	}
+
+	if (cap_rights_limit(STDERR_FILENO, CAP_WRITE) < 0 && errno != ENOSYS){
+		message_error("%d: %s", STDERR_FILENO, strerror(errno));
+		exit(E_ERROR);
+	}
+
+	if (cap_enter() < 0 && errno != ENOSYS){
+		message_error("cap_enter: %s", strerror(errno));
+		exit(E_ERROR);
+	}
+	return;
+}
\ No newline at end of file