Page MenuHomeFreeBSD
Differential D14557

Introduce caph_enter
ClosedPublic
Actions

Authored by oshogbo on Mar 1 2018, 8:44 PM.
Tags
None
Referenced Files
Unknown Object (File)
Oct 1 2024, 11:16 AM
Unknown Object (File)
Sep 29 2024, 6:48 PM
Unknown Object (File)
Sep 22 2024, 2:43 PM
Unknown Object (File)
Sep 15 2024, 8:33 PM
Unknown Object (File)
Sep 7 2024, 9:31 PM
Unknown Object (File)
Sep 7 2024, 9:31 PM
Unknown Object (File)
Sep 7 2024, 9:31 PM
Unknown Object (File)
Sep 7 2024, 9:31 PM
View All 77 Files
Subscribers
araujo
imp
jilles

Details

Reviewers
emaste
cem
allanjude
bapt
jonathan
Group Reviewers
manpages
Commits
rS333330: Introduce caph_enter and caph_enter_casper.
Summary

The functions should made it easier to sandbox application and not force us to remember that we need to check errno on failure.
Another function is checking if casper is present. If it's not we can't enter capability mode and function is succession because sb don't want to be secure and use casper.

I wonder if we want a second function or just some flag for caph_enter?
Or maybe we don't care that we need to so often check errno on failure and caph_enter should always check if casper is present.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

oshogbo created this revision.Mar 1 2018, 8:44 PM
cem added a comment.Mar 1 2018, 11:36 PM

caph_enter looks fine to me.

I'm not sure about the other one.

emaste added inline comments.Mar 2 2018, 12:25 AM
lib/libcapsicum/capsicum_helpers.h
41 ↗(On Diff #39869)

Why is it separated?

oshogbo added a comment.Mar 2 2018, 6:57 PM

@emaste @cem Thanks for reviewing.

Other function is exactly the same with the exception that it also check if we are building with Casper.
If we are build without then we just return success without entering capability mode because we probably use some function that need Casper support.

lib/libcapsicum/capsicum_helpers.h
41 ↗(On Diff #39869)

We used that style earlier example usr.bin/kdump/kdump.c .
Its mostly because casper and libcasper sort kinda badly and libcasper must be before #include<casper/ >
I decided to use the same style we are using everywhere.

jilles added a subscriber: jilles.Mar 4 2018, 5:35 PM

This seems sensible, but I found some small mistakes in the man page.

lib/libcapsicum/capsicum_helpers.3
66 ↗(On Diff #39869)

it returns success when the kernel is built

70 ↗(On Diff #39869)

typo: capser

73 ↗(On Diff #39869)

it returns success when the system is built

oshogbo updated this revision to Diff 40033.Mar 7 2018, 2:43 PM

Thanks @jilles!

oshogbo marked 3 inline comments as done.Mar 7 2018, 2:44 PM
araujo added a subscriber: araujo.Apr 4 2018, 5:40 AM
oshogbo added a reviewer: jonathan.Apr 6 2018, 5:38 PM
emaste accepted this revision.Apr 21 2018, 4:00 AM

Fine with me

This revision is now accepted and ready to land.Apr 21 2018, 4:00 AM
Closed by commit rS333330: Introduce caph_enter and caph_enter_casper. (authored by oshogbo). · Explain WhyMay 7 2018, 8:38 PM
This revision was automatically updated to reflect the committed changes.
Herald added a reviewer: manpages. · View Herald TranscriptMay 7 2018, 8:38 PM
Herald added a subscriber: imp. · View Herald Transcript

Revision Contents
Changeset List

PathSize
head/
lib/
libcapsicum/
20 lines
19 lines

Diff 42246

View Options

head/lib/libcapsicum/capsicum_helpers.h

Loading...
View Options

head/lib/libcapsicum/capsicum_helpers.3

Loading...