Page MenuHomeFreeBSD

rename(2): document capability mode errors
ClosedPublic

Authored by emaste on Sep 12 2017, 1:10 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Jan 17, 1:42 AM
Unknown Object (File)
Thu, Jan 16, 10:05 AM
Unknown Object (File)
Wed, Jan 15, 9:08 AM
Unknown Object (File)
Dec 9 2024, 6:25 AM
Unknown Object (File)
Nov 16 2024, 8:11 PM
Unknown Object (File)
Oct 4 2024, 3:43 PM
Unknown Object (File)
Oct 3 2024, 7:56 AM
Unknown Object (File)
Oct 2 2024, 9:44 PM

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

Hrm, although the ENOTCAPABLE errors should really be augmented with "... and the process is in capability mode."

Er, why is rename / renameat with AT_FDCWD not allowed in capability mode?

In D12339#255993, @cem wrote:

Er, why is rename / renameat with AT_FDCWD not allowed in capability mode?

AT_FDCWD is never allowed in capability mode. You have to be explicitly granted rights to any FD

This revision is now accepted and ready to land.Sep 15 2017, 2:18 PM
In D12339#255993, @cem wrote:

Er, why is rename / renameat with AT_FDCWD not allowed in capability mode?

If AT_FDCWD were permitted in capability mode, that would provide an implicit capability for the current working directory. It is desirable to be able to create sandboxes that don't have access to any directories (even the current working directory), and it's also not clear what rights should be associated with AT_FDCWD, so the clearest thing is to disallow AT_FDCWD. If a process in capability mode requires access to the current working directory, it can be passed in as an explicit capability.

This revision was automatically updated to reflect the committed changes.