posix_fallocate is logically equivalent to writing zero blocks to the desired file size and there is no reason to prevent calling it in capability mode. posix_fallocate already checked for the CAP_WRITE right, so we merely need to list it in capabilities.conf.
Details
Details
- Reviewers
allanjude - Group Reviewers
capsicum - Commits
- rS324560: allow posix_fallocate in capability mode
Diff Detail
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Comment Actions
Per discussion on the recent capsicum call, posix_fallocate could require CAP_PWRITE (aka CAP_WRITE | CAP_SEEK) instead of just CAP_WRITE.