Use a single CMSG for all passed descriptors. This lets us pack more
descriptors in a single message, which is useful for cap_fileargs.
Add a regression test which passes an nvlist containing many descriptors
over a unix socket pair.
Details
Details
Diff Detail
Diff Detail
- Lint
Lint Passed - Unit
No Test Coverage - Build Status
Buildable 25326 Build 23986: arc lint + arc unit
Event Timeline
Comment Actions
It took me a while to try remind this issue:
https://github.com/google/capsicum-test/commit/b3104a4305a34ed2fc1b7cefbe7838f24b1ba4cd#diff-07efe4d15482f102e04663a89285a1dd
Comment Actions
Hmmm. Do we care about supporting Linux anymore given that it seems Capsicum is not going into mainline Linux? I am fine with dropping this patch, but it seems a bit of a shame since it is faster and more space-efficient to send multiple FDs in a single control message.
Comment Actions
libnv may be used in different places as well, not only Capsicum.
Right now it is cross build: https://github.com/fudosecurity/nvlist
I also wonder is there is no limit in FreeBSD to the count how many fd we can send in single message.
If so we could have both methods but we still would need to split how many of them we are sending.
Comment Actions
Thanks, I will leave this change for now then.
I also wonder is there is no limit in FreeBSD to the count how many fd we can send in single message.
It's limited by the number of fd pointers we can fit in an mbuf cluster.
If so we could have both methods but we still would need to split how many of them we are sending.
Comment Actions
I committed the bug fix already. It might still be useful to attempt optimization on FreeBSD, but I have no plans to work on it in the near future.