svn commit: r203402 - in projects/capabilities8/lib: libc/gen libcapsicum

Robert Watson rwatson at FreeBSD.org
Tue Feb 2 20:49:49 UTC 2010


Author: rwatson
Date: Tue Feb  2 20:49:48 2010
New Revision: 203402
URL: http://svn.freebsd.org/changeset/base/203402

Log:
  Merge c174156, c174157, c174160, c174162, c174163, c174164 from the p4
  TrustedBSD Capabilities branch to capabilities8:
  
          Style tweaks.
  
          Revert to using an anonymous POSIX shared memory segment to pass
          fdlist information from the sandbox host into the sandbox.
  
          Garbage collect historic library management for sandboxes: we now
          pass in directory descriptors for library path directories and the
          sandboxed rtld can just search the path itself.
  
          libc no longer requires stub libcache functions.
  
          No longer need special handling of /dev/null during sandbox
          creation, we simply now pass in the original stdin/stdout/stderr,
          but without any capability rights.
  
          When creating a sandbox from within a sandbox, look in the global
          fdlist inherited from the parent sandbox to find the runtime linker.
  
  Sponsored by:	Google, Inc.

Deleted:
  projects/capabilities8/lib/libc/gen/ld_libcache.c
Modified:
  projects/capabilities8/lib/libc/gen/Makefile.inc
  projects/capabilities8/lib/libc/gen/Symbol.map
  projects/capabilities8/lib/libcapsicum/libcapsicum.c
  projects/capabilities8/lib/libcapsicum/libcapsicum.h
  projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c
  projects/capabilities8/lib/libcapsicum/libcapsicum_host.c
  projects/capabilities8/lib/libcapsicum/libcapsicum_host_io.c
  projects/capabilities8/lib/libcapsicum/libcapsicum_internal.h
  projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.c
  projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_api.h
  projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_io.c

Modified: projects/capabilities8/lib/libc/gen/Makefile.inc
==============================================================================
--- projects/capabilities8/lib/libc/gen/Makefile.inc	Tue Feb  2 20:38:30 2010	(r203401)
+++ projects/capabilities8/lib/libc/gen/Makefile.inc	Tue Feb  2 20:49:48 2010	(r203402)
@@ -20,7 +20,7 @@ SRCS+=  __getosreldate.c __xuname.c \
 	getpeereid.c getprogname.c getpwent.c getttyent.c \
 	getusershell.c getvfsbyname.c glob.c \
 	initgroups.c isatty.c isinf.c isnan.c jrand48.c lcong48.c \
-	ld_libcache.c ld_libdirs.c ld_sandbox.c \
+	ld_libdirs.c ld_sandbox.c \
 	lockf.c lrand48.c mrand48.c nftw.c nice.c \
 	nlist.c nrand48.c opendir.c \
 	pause.c pmadvise.c popen.c posix_spawn.c \

Modified: projects/capabilities8/lib/libc/gen/Symbol.map
==============================================================================
--- projects/capabilities8/lib/libc/gen/Symbol.map	Tue Feb  2 20:38:30 2010	(r203401)
+++ projects/capabilities8/lib/libc/gen/Symbol.map	Tue Feb  2 20:49:48 2010	(r203402)
@@ -340,8 +340,6 @@ FBSD_1.1 {
 	fts_read;
 	fts_set;
 	fts_set_clientptr;
-	ld_libcache_add;
-	ld_libcache_lookup;
 	ld_insandbox;
 	ld_libdirs;
 	posix_spawn;

Modified: projects/capabilities8/lib/libcapsicum/libcapsicum.c
==============================================================================
--- projects/capabilities8/lib/libcapsicum/libcapsicum.c	Tue Feb  2 20:38:30 2010	(r203401)
+++ projects/capabilities8/lib/libcapsicum/libcapsicum.c	Tue Feb  2 20:49:48 2010	(r203402)
@@ -5,9 +5,9 @@
  * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
  * ON IN PRODUCTION SYSTEMS.  IT WILL BREAK YOUR SOFTWARE IN NEW AND
  * UNEXPECTED WAYS.
- * 
+ *
  * This software was developed at the University of Cambridge Computer
- * Laboratory with support from a grant from Google, Inc. 
+ * Laboratory with support from a grant from Google, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.c#3 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.c#4 $
  */
 
 #include <sys/types.h>

Modified: projects/capabilities8/lib/libcapsicum/libcapsicum.h
==============================================================================
--- projects/capabilities8/lib/libcapsicum/libcapsicum.h	Tue Feb  2 20:38:30 2010	(r203401)
+++ projects/capabilities8/lib/libcapsicum/libcapsicum.h	Tue Feb  2 20:49:48 2010	(r203402)
@@ -5,9 +5,9 @@
  * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
  * ON IN PRODUCTION SYSTEMS.  IT WILL BREAK YOUR SOFTWARE IN NEW AND
  * UNEXPECTED WAYS.
- * 
+ *
  * This software was developed at the University of Cambridge Computer
- * Laboratory with support from a grant from Google, Inc. 
+ * Laboratory with support from a grant from Google, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.h#11 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.h#12 $
  */
 
 #ifndef _LIBCAPSICUM_H_
@@ -45,15 +45,6 @@ struct lc_sandbox;
 struct lc_host;
 
 /*
- * Description of a library passed to lch_start_libs().
- */
-struct lc_library {
-	const char	*lcl_libpath;
-	const char	*lcl_libname;
-	int		 lcl_fd;
-};
-
-/*
  * A list of file descriptors, which can be passed around in shared memory.
  */
 struct lc_fdlist;

Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c
==============================================================================
--- projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c	Tue Feb  2 20:38:30 2010	(r203401)
+++ projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c	Tue Feb  2 20:49:48 2010	(r203402)
@@ -6,9 +6,9 @@
  * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
  * ON IN PRODUCTION SYSTEMS.  IT WILL BREAK YOUR SOFTWARE IN NEW AND
  * UNEXPECTED WAYS.
- * 
+ *
  * This software was developed at the University of Cambridge Computer
- * Laboratory with support from a grant from Google, Inc. 
+ * Laboratory with support from a grant from Google, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_fdlist.c#9 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_fdlist.c#10 $
  */
 
 #include <sys/mman.h>
@@ -99,7 +99,6 @@ lc_fdlist_global(void)
 		UNLOCK(&global_fdlist);
 		return (&global_fdlist);
 	}
-
 	env = getenv(LIBCAPSICUM_SANDBOX_FDLIST);
 	if ((env != NULL) && (strnlen(env, 8) < 7)) {
 		struct lc_fdlist_storage *lfsp;
@@ -430,8 +429,8 @@ lc_fdlist_getentry(struct lc_fdlist *lfp
 	LOCK(lfp);
 	lfsp = lfp->lf_storage;
 
-	if ((subsystem == NULL) || (classname == NULL) || (name == NULL)
-	    || (fdp == NULL) || ((pos != NULL) && (*pos >= (int) lfsp->count))) {
+	if ((subsystem == NULL) || (classname == NULL) || (name == NULL) ||
+	    (fdp == NULL) || ((pos != NULL) && (*pos >= (int) lfsp->count))) {
 		errno = EINVAL;
 		return (-1);
 	}
@@ -441,23 +440,22 @@ lc_fdlist_getentry(struct lc_fdlist *lfp
 	int size = entry->syslen + entry->classnamelen + entry->namelen;
 	char *head = malloc(size);
 
-	strncpy(head,	names + entry->sysoff,		entry->syslen + 1);
+	strncpy(head, names + entry->sysoff, entry->syslen + 1);
 	*subsystem = head;
 	head += size;
 
-	strncpy(head,	names + entry->classoff,	entry->classnamelen + 1);
+	strncpy(head, names + entry->classoff, entry->classnamelen + 1);
 	*classname = head;
 	head += size;
 
-	strncpy(head,	names + entry->nameoff,		entry->namelen + 1);
+	strncpy(head, names + entry->nameoff, entry->namelen + 1);
 	*name = head;
 	head += size;
 
 	*fdp = entry->fd;
 	UNLOCK(lfp);
-
-	if (pos) (*pos)++;
-
+	if (pos)
+		(*pos)++;
 	return (0);
 }
 
@@ -547,7 +545,8 @@ lc_fdlist_storage_names(struct lc_fdlist
 }
 
 void*
-_lc_fdlist_getstorage(struct lc_fdlist* lfp) {
-	return lfp->lf_storage;
-}
+_lc_fdlist_getstorage(struct lc_fdlist* lfp)
+{
 
+	return (lfp->lf_storage);
+}

Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_host.c
==============================================================================
--- projects/capabilities8/lib/libcapsicum/libcapsicum_host.c	Tue Feb  2 20:38:30 2010	(r203401)
+++ projects/capabilities8/lib/libcapsicum/libcapsicum_host.c	Tue Feb  2 20:49:48 2010	(r203402)
@@ -5,9 +5,9 @@
  * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
  * ON IN PRODUCTION SYSTEMS.  IT WILL BREAK YOUR SOFTWARE IN NEW AND
  * UNEXPECTED WAYS.
- * 
+ *
  * This software was developed at the University of Cambridge Computer
- * Laboratory with support from a grant from Google, Inc. 
+ * Laboratory with support from a grant from Google, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#10 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#15 $
  */
 
 #include <sys/param.h>
@@ -55,7 +55,6 @@
 #include "libcapsicum_internal.h"
 #include "libcapsicum_sandbox_api.h"
 
-#define	LIBCAPSICUM_CAPMASK_DEVNULL	(CAP_EVENT | CAP_READ | CAP_WRITE)
 #define	LIBCAPSICUM_CAPMASK_SOCK	(CAP_EVENT | CAP_READ | CAP_WRITE)
 #define	LIBCAPSICUM_CAPMASK_BIN	(CAP_READ | CAP_EVENT | CAP_FSTAT | \
 					    CAP_FSTATFS | \
@@ -63,18 +62,11 @@
 					    CAP_MAPEXEC)
 #define	LIBCAPSICUM_CAPMASK_SANDBOX	LIBCAPSICUM_CAPMASK_BIN
 #define	LIBCAPSICUM_CAPMASK_LDSO	LIBCAPSICUM_CAPMASK_BIN
-#define	LIBCAPSICUM_CAPMASK_LIB		LIBCAPSICUM_CAPMASK_BIN
-#define LIBCAPSICUM_CAPMASK_LIBDIR	LIBCAPSICUM_CAPMASK_LIB \
+#define LIBCAPSICUM_CAPMASK_LIBDIR	LIBCAPSICUM_CAPMASK_BIN \
 					 | CAP_LOOKUP | CAP_ATBASE
 #define LIBCAPSICUM_CAPMASK_FDLIST	CAP_READ | CAP_WRITE | CAP_FTRUNCATE \
 					 | CAP_FSTAT | CAP_MMAP
 
-#define	_PATH_LIB	"/lib"
-#define	_PATH_USR_LIB	"/usr/lib"
-#define	LIBC_SO		"libc.so.7"
-#define	LIBCAPSICUM_SO	"libcapsicum.so.1"
-#define	LIBSBUF_SO	"libsbuf.so.5"
-
 extern char **environ;
 
 #define LD_ELF_CAP_SO		"ld-elf-cap.so.1"
@@ -89,10 +81,15 @@ lch_autosandbox_isenabled(__unused const
 	return (1);
 }
 
-
+/*
+ * Once in the child process, create the new sandbox.
+ *
+ * XXX: A number of things happen here that are not safe after fork(),
+ * especially calls to err().
+ */
 static void
-lch_sandbox(int fd_sock, int fd_binary, int fd_rtld, int fd_devnull, u_int flags,
-    const char *binname, char *const argv[], __unused struct lc_fdlist *userfds)
+lch_sandbox(int fd_sock, int fd_binary, int fd_rtld, u_int flags,
+    const char *binname, char *const argv[], struct lc_fdlist *userfds)
 {
 	struct sbuf *sbufp;
 	int shmfd = -1;
@@ -109,7 +106,7 @@ lch_sandbox(int fd_sock, int fd_binary, 
 	/*
 	 * Create an anonymous shared memory segment for the FD list.
 	 */
-	shmfd = open("/tmp/jon-foo"/*SHM_ANON*/, O_RDWR | O_CREAT | O_TRUNC, 0600);
+	shmfd = shm_open(SHM_ANON, O_RDWR | O_CREAT | O_TRUNC, 0600);
 	if (shmfd < 0)
 		err(-1, "Error creating shared memory segment");
 
@@ -138,10 +135,6 @@ lch_sandbox(int fd_sock, int fd_binary, 
 	                     fd_sock, LIBCAPSICUM_CAPMASK_SOCK) < 0)
 		err(-1, "Error in lc_fdlist_addcap(fd_sock)");
 
-	if (lc_fdlist_addcap(fds, LIBCAPSICUM_FQNAME, "/dev/null", "",
-	                     fd_devnull, LIBCAPSICUM_CAPMASK_DEVNULL) < 0)
-		err(-1, "Error in lc_fdlist_addcap(fd_devnull)");
-
 	if (lc_fdlist_addcap(fds, LIBCAPSICUM_FQNAME, "fdlist", "",
 	                     shmfd, LIBCAPSICUM_CAPMASK_FDLIST) < 0)
 		err(-1, "Error in lc_fdlist_addcap(shmfd)");
@@ -160,41 +153,38 @@ lch_sandbox(int fd_sock, int fd_binary, 
 	/*
 	 * Ask RTLD for library path descriptors.
 	 *
-	 * NOTE: This is FreeBSD-specific; porting to other operating systems will
-	 *       require dynamic linkers capable of answering similar queries.
+	 * NOTE: This is FreeBSD-specific; porting to other operating systems
+	 * will require dynamic linkers capable of answering similar queries.
 	 */
 	int size = 16;
 	int *libdirs;
 
 	while (1) {
 		libdirs = malloc(size * sizeof(int));
-
 		if (ld_libdirs(libdirs, &size) < 0) {
 			free(libdirs);
-
-			if (size > 0) continue;
-			else err(-1, "Error in ld_libdirs()");
-		}
-		else break;
+			if (size > 0)
+				continue;
+			err(-1, "Error in ld_libdirs()");
+		} else
+			break;
 	}
 
-
 	for (int j = 0; j < size; j++)
 		if (lc_fdlist_addcap(fds, RTLD_CAP_FQNAME, "libdir", "",
-	        	libdirs[j], LIBCAPSICUM_CAPMASK_LIBDIR) < 0)
+		    libdirs[j], LIBCAPSICUM_CAPMASK_LIBDIR) < 0)
 			err(-1, "Error in lc_fdlist_addcap(libdirs[%d]: %d)",
 			    j, libdirs[j]);
 
 	if (lc_fdlist_reorder(fds) < 0)
 		err(-1, "Error in lc_fdlist_reorder()");
 
-
 	/*
 	 * Find the fdlist shared memory segment.
 	 */
 	int pos = 0;
-	if (lc_fdlist_lookup(fds, LIBCAPSICUM_FQNAME, "fdlist", NULL,
-	                     &shmfd, &pos) < 0)
+	if (lc_fdlist_lookup(fds, LIBCAPSICUM_FQNAME, "fdlist", NULL, &shmfd,
+	    &pos) < 0)
 		err(-1, "Error in lc_fdlist_lookup(fdlist)");
 
 	char tmp[8];
@@ -229,8 +219,8 @@ lch_sandbox(int fd_sock, int fd_binary, 
 	/*
 	 * Find the binary for RTLD.
 	 */
-	if (lc_fdlist_lookup(fds, RTLD_CAP_FQNAME, "binary", NULL, &fd_binary,
-	                     NULL) < 0)
+	if (lc_fdlist_lookup(fds, RTLD_CAP_FQNAME, "binary", NULL,
+	    &fd_binary, NULL) < 0)
 		err(-1, "Error in lc_fdlist_lookup(RTLD binary)");
 
 	sprintf(tmp, "%d", fd_binary);
@@ -240,8 +230,9 @@ lch_sandbox(int fd_sock, int fd_binary, 
 	/*
 	 * Build LD_LIBRARY_DIRS for RTLD.
 	 *
-	 * NOTE: This is FreeBSD-specific; porting to other operating systems will
-	 *       require dynamic linkers capable of operating on file descriptors.
+	 * NOTE: This is FreeBSD-specific; porting to other operating systems
+	 * will require dynamic linkers capable of operating on file
+	 * descriptors.
 	 */
 	sbufp = sbuf_new_auto();
 	if (sbufp == NULL)
@@ -249,8 +240,8 @@ lch_sandbox(int fd_sock, int fd_binary, 
 
 	{
 		int fd;
-		while (lc_fdlist_lookup(fds, RTLD_CAP_FQNAME, "libdir",
-		                        NULL, &fd, &pos) >= 0)
+		while (lc_fdlist_lookup(fds, RTLD_CAP_FQNAME, "libdir", NULL,
+		    &fd, &pos) >= 0)
 			sbuf_printf(sbufp, "%d:", fd);
 	}
 
@@ -261,7 +252,6 @@ lch_sandbox(int fd_sock, int fd_binary, 
 		err(-1, "Error in setenv(LD_LIBRARY_DIRS)");
 	sbuf_delete(sbufp);
 
-
 	if (cap_enter() < 0)
 		err(-1, "cap_enter() failed");
 
@@ -269,17 +259,16 @@ lch_sandbox(int fd_sock, int fd_binary, 
 }
 
 int
-lch_startfd_libs(int fd_binary, const char *binname, char *const argv[],
+lch_startfd(int fd_binary, const char *binname, char *const argv[],
     u_int flags, struct lc_fdlist *fds, struct lc_sandbox **lcspp)
 {
 	struct lc_sandbox *lcsp;
-	int fd_devnull, fd_rtld, fd_libc, fd_libcapsicum, fd_libsbuf;
+	int fd_rtld;
 	int fd_procdesc, fd_sockpair[2];
 	int error, val;
 	pid_t pid;
 
-	fd_devnull = fd_rtld = fd_libc = fd_libcapsicum = fd_libsbuf =
-	    fd_procdesc = fd_sockpair[0] = fd_sockpair[1] = -1;
+	fd_rtld = fd_procdesc = fd_sockpair[0] = fd_sockpair[1] = -1;
 
 	lcsp = malloc(sizeof(*lcsp));
 	if (lcsp == NULL)
@@ -287,35 +276,20 @@ lch_startfd_libs(int fd_binary, const ch
 	bzero(lcsp, sizeof(*lcsp));
 
 	if (ld_insandbox()) {
-		if (ld_libcache_lookup(LD_ELF_CAP_SO, &fd_rtld) < 0)
-			goto out_error;
-		if (ld_libcache_lookup(LIBC_SO, &fd_libc) < 0)
-			goto out_error;
-		if (ld_libcache_lookup(LIBCAPSICUM_SO,
-		    &fd_libcapsicum) < 0)
-			goto out_error;
-		if (ld_libcache_lookup(LIBSBUF_SO, &fd_libsbuf) < 0)
+		struct lc_fdlist *globals;
+		int pos = 0;
+
+		globals = lc_fdlist_global();
+		if (globals == NULL)
 			goto out_error;
-		if (ld_libcache_lookup(_PATH_DEVNULL, &fd_devnull) < 0)
+		if (lc_fdlist_lookup(globals, RTLD_CAP_FQNAME, "rtld", NULL,
+		    &fd_rtld, &pos) < 0)
 			goto out_error;
 	} else {
 		fd_rtld = open(PATH_LD_ELF_CAP_SO "/" LD_ELF_CAP_SO,
 		    O_RDONLY);
 		if (fd_rtld < 0)
 			goto out_error;
-		fd_libc = open(_PATH_LIB "/" LIBC_SO, O_RDONLY);
-		if (fd_libc < 0)
-			goto out_error;
-		fd_libsbuf = open(_PATH_LIB "/" LIBSBUF_SO, O_RDONLY);
-		if (fd_libsbuf < 0)
-			goto out_error;
-		fd_libcapsicum = open(_PATH_USR_LIB "/" LIBCAPSICUM_SO,
-		    O_RDONLY);
-		if (fd_libcapsicum < 0)
-			goto out_error;
-		fd_devnull = open(_PATH_DEVNULL, O_RDWR);
-		if (fd_devnull < 0)
-			goto out_error;
 	}
 
 	if (socketpair(PF_LOCAL, SOCK_STREAM, 0, fd_sockpair) < 0)
@@ -334,15 +308,11 @@ lch_startfd_libs(int fd_binary, const ch
 		goto out_error;
 	}
 	if (pid == 0) {
-		lch_sandbox(fd_sockpair[1], fd_binary, fd_rtld, fd_devnull, flags,
+		lch_sandbox(fd_sockpair[1], fd_binary, fd_rtld, flags,
 		    binname, argv, fds);
 		exit(-1);
 	}
 #ifndef IN_CAP_MODE
-	close(fd_devnull);
-	close(fd_libsbuf);
-	close(fd_libcapsicum);
-	close(fd_libc);
 	close(fd_rtld);
 #endif
 	close(fd_sockpair[1]);
@@ -361,14 +331,6 @@ out_error:
 	if (fd_sockpair[1] != -1)
 		close(fd_sockpair[1]);
 #ifndef IN_CAP_MODE
-	if (fd_devnull != -1)
-		close(fd_devnull);
-	if (fd_libsbuf != -1)
-		close(fd_libsbuf);
-	if (fd_libcapsicum != -1)
-		close(fd_libcapsicum);
-	if (fd_libc != -1)
-		close(fd_libc);
 	if (fd_rtld != -1)
 		close(fd_rtld);
 #endif
@@ -379,16 +341,7 @@ out_error:
 }
 
 int
-lch_startfd(int fd_binary, const char *binname, char *const argv[],
-    u_int flags, __unused struct lc_fdlist *fds, struct lc_sandbox **lcspp)
-{
-
-	return (lch_startfd_libs(fd_binary, binname, argv, flags,
-	    fds, lcspp));
-}
-
-int
-lch_start_libs(const char *sandbox, char *const argv[], u_int flags,
+lch_start(const char *sandbox, char *const argv[], u_int flags,
     struct lc_fdlist *fds, struct lc_sandbox **lcspp)
 {
 	char binname[MAXPATHLEN];
@@ -401,21 +354,13 @@ lch_start_libs(const char *sandbox, char
 	if (fd_binary < 0)
 		return (-1);
 
-	ret = lch_startfd_libs(fd_binary, binname, argv, flags, fds, lcspp);
+	ret = lch_startfd(fd_binary, binname, argv, flags, fds, lcspp);
 	error = errno;
 	close(fd_binary);
 	errno = error;
 	return (ret);
 }
 
-int
-lch_start(const char *sandbox, char *const argv[], u_int flags,
-    struct lc_fdlist *fds, struct lc_sandbox **lcspp)
-{
-
-	return (lch_start_libs(sandbox, argv, flags, fds, lcspp));
-}
-
 void
 lch_stop(struct lc_sandbox *lcsp)
 {

Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_host_io.c
==============================================================================
--- projects/capabilities8/lib/libcapsicum/libcapsicum_host_io.c	Tue Feb  2 20:38:30 2010	(r203401)
+++ projects/capabilities8/lib/libcapsicum/libcapsicum_host_io.c	Tue Feb  2 20:49:48 2010	(r203402)
@@ -5,9 +5,9 @@
  * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
  * ON IN PRODUCTION SYSTEMS.  IT WILL BREAK YOUR SOFTWARE IN NEW AND
  * UNEXPECTED WAYS.
- * 
+ *
  * This software was developed at the University of Cambridge Computer
- * Laboratory with support from a grant from Google, Inc. 
+ * Laboratory with support from a grant from Google, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host_io.c#2 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host_io.c#3 $
  */
 
 #include <sys/param.h>

Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_internal.h
==============================================================================
--- projects/capabilities8/lib/libcapsicum/libcapsicum_internal.h	Tue Feb  2 20:38:30 2010	(r203401)
+++ projects/capabilities8/lib/libcapsicum/libcapsicum_internal.h	Tue Feb  2 20:49:48 2010	(r203402)
@@ -5,9 +5,9 @@
  * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
  * ON IN PRODUCTION SYSTEMS.  IT WILL BREAK YOUR SOFTWARE IN NEW AND
  * UNEXPECTED WAYS.
- * 
+ *
  * This software was developed at the University of Cambridge Computer
- * Laboratory with support from a grant from Google, Inc. 
+ * Laboratory with support from a grant from Google, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -30,14 +30,14 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_internal.h#5 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_internal.h#6 $
  */
 
 #ifndef _LIBCAPSICUM_INTERNAL_H_
 #define	_LIBCAPSICUM_INTERNAL_H_
 
-#define LIBCAPSICUM_FQNAME	"org.freebsd.libcapsicum"
-#define RTLD_CAP_FQNAME		"org.freebsd.rtld-elf-cap"
+#define	LIBCAPSICUM_FQNAME	"org.freebsd.libcapsicum"
+#define	RTLD_CAP_FQNAME		"org.freebsd.rtld-elf-cap"
 
 struct lc_host {
 	int	lch_fd_sock;

Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.c
==============================================================================
--- projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.c	Tue Feb  2 20:38:30 2010	(r203401)
+++ projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.c	Tue Feb  2 20:49:48 2010	(r203402)
@@ -5,9 +5,9 @@
  * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
  * ON IN PRODUCTION SYSTEMS.  IT WILL BREAK YOUR SOFTWARE IN NEW AND
  * UNEXPECTED WAYS.
- * 
+ *
  * This software was developed at the University of Cambridge Computer
- * Laboratory with support from a grant from Google, Inc. 
+ * Laboratory with support from a grant from Google, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_api.h
==============================================================================
--- projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_api.h	Tue Feb  2 20:38:30 2010	(r203401)
+++ projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_api.h	Tue Feb  2 20:49:48 2010	(r203402)
@@ -5,9 +5,9 @@
  * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
  * ON IN PRODUCTION SYSTEMS.  IT WILL BREAK YOUR SOFTWARE IN NEW AND
  * UNEXPECTED WAYS.
- * 
+ *
  * This software was developed at the University of Cambridge Computer
- * Laboratory with support from a grant from Google, Inc. 
+ * Laboratory with support from a grant from Google, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_api.h#3 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_api.h#4 $
  */
 
 #ifndef _LIBCAPSICUM_SANDBOX_API_H_
@@ -41,7 +41,7 @@
  * make about the runtime environment set up by libcapsicum hosts.
  */
 #define	LIBCAPSICUM_SANDBOX_API_ENV	"LIBCAPSICUM_SANDBOX"
-#define LIBCAPSICUM_SANDBOX_FDLIST	"LIBCAPSICUM_FDLIST"
+#define	LIBCAPSICUM_SANDBOX_FDLIST	"LIBCAPSICUM_FDLIST"
 #define	LIBCAPSICUM_SANDBOX_API_SOCK	"sock"
 
 /*

Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_io.c
==============================================================================
--- projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_io.c	Tue Feb  2 20:38:30 2010	(r203401)
+++ projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_io.c	Tue Feb  2 20:49:48 2010	(r203402)
@@ -5,9 +5,9 @@
  * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
  * ON IN PRODUCTION SYSTEMS.  IT WILL BREAK YOUR SOFTWARE IN NEW AND
  * UNEXPECTED WAYS.
- * 
+ *
  * This software was developed at the University of Cambridge Computer
- * Laboratory with support from a grant from Google, Inc. 
+ * Laboratory with support from a grant from Google, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions


More information about the svn-src-projects mailing list