Page MenuHomeFreeBSD

Introduce daemonfd.
ClosedPublic

Authored by oshogbo on Dec 10 2017, 9:27 PM.
Tags
None
Referenced Files
F106650425: D13433.diff
Fri, Jan 3, 9:23 AM
Unknown Object (File)
Dec 2 2024, 6:00 AM
Unknown Object (File)
Dec 2 2024, 6:00 AM
Unknown Object (File)
Dec 2 2024, 6:00 AM
Unknown Object (File)
Dec 2 2024, 6:00 AM
Unknown Object (File)
Dec 2 2024, 12:49 AM
Unknown Object (File)
Nov 28 2024, 9:11 PM
Unknown Object (File)
Nov 15 2024, 8:04 PM
Subscribers

Details

Summary

Introduce alternative interface for daemon(3).
This interface allows us to provide an descriptors instead of secretly opening some.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

Typo fix.

lib/libc/gen/daemon.3
69

s/expect/except/

It looks like daemon()'s chdir and close actions are performed just before returning successfully; therefore, capability mode code could also call daemon(1, 1) and perform the chdir and/or close actions after it, either open-coded or calling new function(s).

Also, I don't really like the daemon() API since it makes it hard to report startup failures (note, for example, that a kqueue must be created in the process that will use it; it will not work properly in a child process), but we have various applications using it. Anyway...

lib/libc/gen/daemon.3
75

is equal to

77

the current working directory is not changed

lib/libc/gen/daemon.c
86

Hmm, does the current directory mean anything in a capability mode process? Perhaps this chdir should be moved somewhere else?

107

Unlike before, this will not work if there are no permissions to read /. POSIX defines an O_SEARCH for this; although we do not define this constant, O_EXEC will serve in its place to open a directory while checking x and not r permissions.

oshogbo added inline comments.
lib/libc/gen/daemon.c
86

Yea it doesn't, my goal was to introduce API that can be used outside Capsicum as well.

OK from manpages. Make sure to bump the .Dd when you commit.

This revision is now accepted and ready to land.Dec 20 2017, 6:44 PM

This looks good to me.

BTW, I like the explicit fds. With CheriBSD I've got a part of a prototype of a new API where we have unforgeable capabilities in place of file descriptors so there can be mutual distrust within parts of a process (this is quite disruptive as you'd expect). Avoiding APIs which use fds implicitly will help with migration to such a system if I ever try to take it further.

This revision was automatically updated to reflect the committed changes.