svn commit: r203238 - in projects/capabilities8/sys: kern sys
Robert Watson
rwatson at FreeBSD.org
Sat Jan 30 19:48:02 UTC 2010
Author: rwatson
Date: Sat Jan 30 19:48:02 2010
New Revision: 203238
URL: http://svn.freebsd.org/changeset/base/203238
Log:
Merge c173679 from the p4 TrustedBSD Capabilities branch to capabilities8:
Enable more *at(2) system calls
Submitted by: Jonathan Anderson <jonathan.anderson at cl.cam.ac.uk>
Modified:
projects/capabilities8/sys/kern/capabilities.conf
projects/capabilities8/sys/kern/init_sysent.c
projects/capabilities8/sys/kern/vfs_syscalls.c
projects/capabilities8/sys/sys/capability.h
Modified: projects/capabilities8/sys/kern/capabilities.conf
==============================================================================
--- projects/capabilities8/sys/kern/capabilities.conf Sat Jan 30 19:45:34 2010 (r203237)
+++ projects/capabilities8/sys/kern/capabilities.conf Sat Jan 30 19:48:02 2010 (r203238)
@@ -38,7 +38,7 @@
## - sys_exit(2), abort2(2) and close(2) are very important.
## - Sorted alphabetically, please keep it that way.
##
-## $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#24 $
+## $P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/capabilities.conf#25 $
##
##
@@ -458,7 +458,13 @@ olio_listio
##
faccessat
fchmodat
+futimesat
+mkdirat
+rmdirat
+mkfifoat
+mknodat
openat
+renameat
##
## Allow poll(2), which will be scoped by capability rights.
Modified: projects/capabilities8/sys/kern/init_sysent.c
==============================================================================
--- projects/capabilities8/sys/kern/init_sysent.c Sat Jan 30 19:45:34 2010 (r203237)
+++ projects/capabilities8/sys/kern/init_sysent.c Sat Jan 30 19:48:02 2010 (r203238)
@@ -528,14 +528,14 @@ struct sysent sysent[] = {
{ AS(fchownat_args), (sy_call_t *)fchownat, AUE_FCHOWNAT, NULL, 0, 0, 0 }, /* 491 = fchownat */
{ AS(fexecve_args), (sy_call_t *)fexecve, AUE_FEXECVE, NULL, 0, 0, SYF_CAPENABLED }, /* 492 = fexecve */
{ AS(fstatat_args), (sy_call_t *)fstatat, AUE_FSTATAT, NULL, 0, 0, 0 }, /* 493 = fstatat */
- { AS(futimesat_args), (sy_call_t *)futimesat, AUE_FUTIMESAT, NULL, 0, 0, 0 }, /* 494 = futimesat */
+ { AS(futimesat_args), (sy_call_t *)futimesat, AUE_FUTIMESAT, NULL, 0, 0, SYF_CAPENABLED }, /* 494 = futimesat */
{ AS(linkat_args), (sy_call_t *)linkat, AUE_LINKAT, NULL, 0, 0, 0 }, /* 495 = linkat */
- { AS(mkdirat_args), (sy_call_t *)mkdirat, AUE_MKDIRAT, NULL, 0, 0, 0 }, /* 496 = mkdirat */
- { AS(mkfifoat_args), (sy_call_t *)mkfifoat, AUE_MKFIFOAT, NULL, 0, 0, 0 }, /* 497 = mkfifoat */
- { AS(mknodat_args), (sy_call_t *)mknodat, AUE_MKNODAT, NULL, 0, 0, 0 }, /* 498 = mknodat */
+ { AS(mkdirat_args), (sy_call_t *)mkdirat, AUE_MKDIRAT, NULL, 0, 0, SYF_CAPENABLED }, /* 496 = mkdirat */
+ { AS(mkfifoat_args), (sy_call_t *)mkfifoat, AUE_MKFIFOAT, NULL, 0, 0, SYF_CAPENABLED }, /* 497 = mkfifoat */
+ { AS(mknodat_args), (sy_call_t *)mknodat, AUE_MKNODAT, NULL, 0, 0, SYF_CAPENABLED }, /* 498 = mknodat */
{ AS(openat_args), (sy_call_t *)openat, AUE_OPENAT_RWTC, NULL, 0, 0, SYF_CAPENABLED }, /* 499 = openat */
{ AS(readlinkat_args), (sy_call_t *)readlinkat, AUE_READLINKAT, NULL, 0, 0, 0 }, /* 500 = readlinkat */
- { AS(renameat_args), (sy_call_t *)renameat, AUE_RENAMEAT, NULL, 0, 0, 0 }, /* 501 = renameat */
+ { AS(renameat_args), (sy_call_t *)renameat, AUE_RENAMEAT, NULL, 0, 0, SYF_CAPENABLED }, /* 501 = renameat */
{ AS(symlinkat_args), (sy_call_t *)symlinkat, AUE_SYMLINKAT, NULL, 0, 0, 0 }, /* 502 = symlinkat */
{ AS(unlinkat_args), (sy_call_t *)unlinkat, AUE_UNLINKAT, NULL, 0, 0, 0 }, /* 503 = unlinkat */
{ AS(posix_openpt_args), (sy_call_t *)posix_openpt, AUE_POSIX_OPENPT, NULL, 0, 0, 0 }, /* 504 = posix_openpt */
Modified: projects/capabilities8/sys/kern/vfs_syscalls.c
==============================================================================
--- projects/capabilities8/sys/kern/vfs_syscalls.c Sat Jan 30 19:45:34 2010 (r203237)
+++ projects/capabilities8/sys/kern/vfs_syscalls.c Sat Jan 30 19:48:02 2010 (r203238)
@@ -1372,7 +1372,12 @@ kern_mknodat(struct thread *td, int fd,
if (error)
return (error);
restart:
+ if (IN_CAPABILITY_MODE(td))
+ /* only mkfifoat(2) allowed in capability mode */
+ return (EOPNOTSUPP);
+
bwillwrite();
+
NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
pathseg, path, fd, td);
if ((error = namei(&nd)) != 0)
@@ -1498,8 +1503,8 @@ kern_mkfifoat(struct thread *td, int fd,
AUDIT_ARG_MODE(mode);
restart:
bwillwrite();
- NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
- pathseg, path, fd, td);
+ NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
+ pathseg, path, fd, CAP_MKFIFO, td);
if ((error = namei(&nd)) != 0)
return (error);
vfslocked = NDHASGIANT(&nd);
@@ -3125,8 +3130,8 @@ kern_fchownat(struct thread *td, int fd,
AUDIT_ARG_OWNER(uid, gid);
follow = (flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : FOLLOW;
- NDINIT_AT(&nd, LOOKUP, follow | MPSAFE | AUDITVNODE1, pathseg, path,
- fd, td);
+ NDINIT_ATRIGHTS(&nd, LOOKUP, follow | MPSAFE | AUDITVNODE1, pathseg, path,
+ fd, CAP_FCHOWN, td);
if ((error = namei(&nd)) != 0)
return (error);
@@ -3341,8 +3346,8 @@ kern_utimesat(struct thread *td, int fd,
if ((error = getutimes(tptr, tptrseg, ts)) != 0)
return (error);
- NDINIT_AT(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path,
- fd, td);
+ NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | MPSAFE | AUDITVNODE1, pathseg, path,
+ fd, CAP_FUTIMES, td);
if ((error = namei(&nd)) != 0)
return (error);
@@ -3672,11 +3677,11 @@ kern_renameat(struct thread *td, int old
bwillwrite();
#ifdef MAC
- NDINIT_AT(&fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART | MPSAFE |
- AUDITVNODE1, pathseg, old, oldfd, td);
+ NDINIT_ATRIGHTS(&fromnd, DELETE, LOCKPARENT | LOCKLEAF | SAVESTART |
+ MPSAFE | AUDITVNODE1, pathseg, old, oldfd, CAP_DELETE, td);
#else
- NDINIT_AT(&fromnd, DELETE, WANTPARENT | SAVESTART | MPSAFE |
- AUDITVNODE1, pathseg, old, oldfd, td);
+ NDINIT_ATRIGHTS(&fromnd, DELETE, WANTPARENT | SAVESTART | MPSAFE |
+ AUDITVNODE1, pathseg, old, oldfd, CAP_DELETE, td);
#endif
if ((error = namei(&fromnd)) != 0)
@@ -3699,8 +3704,8 @@ kern_renameat(struct thread *td, int old
vrele(fvp);
goto out1;
}
- NDINIT_AT(&tond, RENAME, LOCKPARENT | LOCKLEAF | NOCACHE | SAVESTART |
- MPSAFE | AUDITVNODE2, pathseg, new, newfd, td);
+ NDINIT_ATRIGHTS(&tond, RENAME, LOCKPARENT | LOCKLEAF | NOCACHE |
+ SAVESTART | MPSAFE | AUDITVNODE2, pathseg, new, newfd, CAP_CREATE, td);
if (fromnd.ni_vp->v_type == VDIR)
tond.ni_cnd.cn_flags |= WILLBEDIR;
if ((error = namei(&tond)) != 0) {
@@ -3826,8 +3831,8 @@ kern_mkdirat(struct thread *td, int fd,
AUDIT_ARG_MODE(mode);
restart:
bwillwrite();
- NDINIT_AT(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
- segflg, path, fd, td);
+ NDINIT_ATRIGHTS(&nd, CREATE, LOCKPARENT | SAVENAME | MPSAFE | AUDITVNODE1,
+ segflg, path, fd, CAP_MKDIR, td);
nd.ni_cnd.cn_flags |= WILLBEDIR;
if ((error = namei(&nd)) != 0)
return (error);
@@ -3915,8 +3920,8 @@ kern_rmdirat(struct thread *td, int fd,
restart:
bwillwrite();
- NDINIT_AT(&nd, DELETE, LOCKPARENT | LOCKLEAF | MPSAFE | AUDITVNODE1,
- pathseg, path, fd, td);
+ NDINIT_ATRIGHTS(&nd, DELETE, LOCKPARENT | LOCKLEAF | MPSAFE | AUDITVNODE1,
+ pathseg, path, fd, CAP_RMDIR, td);
if ((error = namei(&nd)) != 0)
return (error);
vfslocked = NDHASGIANT(&nd);
Modified: projects/capabilities8/sys/sys/capability.h
==============================================================================
--- projects/capabilities8/sys/sys/capability.h Sat Jan 30 19:45:34 2010 (r203237)
+++ projects/capabilities8/sys/sys/capability.h Sat Jan 30 19:48:02 2010 (r203238)
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#28 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#29 $
*/
/*
@@ -98,7 +98,12 @@
#define CAP_FSCK 0x0004000000000000ULL /* sysctl_ffs_fsck */
#define CAP_ATBASE 0x0008000000000000ULL /* openat(2), etc. */
#define CAP_ABSOLUTEPATH 0x0010000000000000ULL /* abs. lookup from '/' */
-#define CAP_MASK_VALID 0x001fffffffffffffULL
+#define CAP_CREATE 0x0020000000000000ULL /* open, rename, etc. */
+#define CAP_DELETE 0x0040000000000000ULL /* rename, remove, etc. */
+#define CAP_MKDIR 0x0080000000000000ULL /* mkdirat(2), mknodat(2) */
+#define CAP_RMDIR 0x0100000000000000ULL /* rmdirat(2) */
+#define CAP_MKFIFO 0x0200000000000000ULL /* mkfifoat(2) */
+#define CAP_MASK_VALID 0x03ffffffffffffffULL
/*
* Notes:
More information about the svn-src-projects
mailing list