Page MenuHomeFreeBSD
Differential D14557

Introduce caph_enter
ClosedPublic
Actions

Authored by oshogbo on Mar 1 2018, 8:44 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Oct 11, 2:18 AM
Unknown Object (File)
Aug 26 2025, 12:13 PM
Unknown Object (File)
Aug 15 2025, 8:25 AM
Unknown Object (File)
Aug 4 2025, 4:06 AM
Unknown Object (File)
Aug 2 2025, 5:16 AM
Unknown Object (File)
Jul 28 2025, 1:12 AM
Unknown Object (File)
Jul 22 2025, 3:10 AM
Unknown Object (File)
Jul 21 2025, 10:43 AM
View All Files
Subscribers
araujo
imp
jilles

Details

Reviewers
emaste
cem
allanjude
bapt
jonathan
Group Reviewers
manpages
Commits
rS333330: Introduce caph_enter and caph_enter_casper.
Summary

The functions should made it easier to sandbox application and not force us to remember that we need to check errno on failure.
Another function is checking if casper is present. If it's not we can't enter capability mode and function is succession because sb don't want to be secure and use casper.

I wonder if we want a second function or just some flag for caph_enter?
Or maybe we don't care that we need to so often check errno on failure and caph_enter should always check if casper is present.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

oshogbo created this revision.Mar 1 2018, 8:44 PM
cem added a comment.Mar 1 2018, 11:36 PM

caph_enter looks fine to me.

I'm not sure about the other one.

emaste added inline comments.Mar 2 2018, 12:25 AM
lib/libcapsicum/capsicum_helpers.h
41

Why is it separated?

oshogbo added a comment.Mar 2 2018, 6:57 PM

@emaste @cem Thanks for reviewing.

Other function is exactly the same with the exception that it also check if we are building with Casper.
If we are build without then we just return success without entering capability mode because we probably use some function that need Casper support.

lib/libcapsicum/capsicum_helpers.h
41

We used that style earlier example usr.bin/kdump/kdump.c .
Its mostly because casper and libcasper sort kinda badly and libcasper must be before #include<casper/ >
I decided to use the same style we are using everywhere.

jilles added a subscriber: jilles.Mar 4 2018, 5:35 PM

This seems sensible, but I found some small mistakes in the man page.

lib/libcapsicum/capsicum_helpers.3
66

it returns success when the kernel is built

70

typo: capser

73

it returns success when the system is built

oshogbo updated this revision to Diff 40033.Mar 7 2018, 2:43 PM

Thanks @jilles!

oshogbo marked 3 inline comments as done.Mar 7 2018, 2:44 PM
araujo added a subscriber: araujo.Apr 4 2018, 5:40 AM
oshogbo added a reviewer: jonathan.Apr 6 2018, 5:38 PM
emaste accepted this revision.Apr 21 2018, 4:00 AM

Fine with me

This revision is now accepted and ready to land.Apr 21 2018, 4:00 AM
Closed by commit rS333330: Introduce caph_enter and caph_enter_casper. (authored by oshogbo). · Explain WhyMay 7 2018, 8:38 PM
This revision was automatically updated to reflect the committed changes.
Herald added a reviewer: manpages. · View Herald TranscriptMay 7 2018, 8:38 PM
Herald added a subscriber: imp. · View Herald Transcript

Revision Contents
Changeset List

PathSize
lib/
libcapsicum/
20 lines
19 lines

Diff 39869

View Options

lib/libcapsicum/capsicum_helpers.h

Loading...
View Options

lib/libcapsicum/capsicum_helpers.3

Loading...