libc: allow posix_fallocate in capability mode
ClosedPublic

Authored by emaste on Wed, Oct 11, 7:46 PM.

Details

Summary

posix_fallocate is logically equivalent to writing zero blocks to the desired file size and there is no reason to prevent calling it in capability mode. posix_fallocate already checked for the CAP_WRITE right, so we merely need to list it in capabilities.conf.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.
emaste created this revision.Wed, Oct 11, 7:46 PM

Per discussion on the recent capsicum call, posix_fallocate could require CAP_PWRITE (aka CAP_WRITE | CAP_SEEK) instead of just CAP_WRITE.

emaste updated this revision to Diff 33902.Thu, Oct 12, 1:39 AM

Require CAP_PWRITE (CAP_WRITE | CAP_SEEK) for posix_fallocate.

allanjude accepted this revision.Thu, Oct 12, 2:04 AM
This revision is now accepted and ready to land.Thu, Oct 12, 2:04 AM
This revision was automatically updated to reflect the committed changes.