Page MenuHomeFreeBSD
Differential D22993

capsicum_helpers: split stream cap bits out of caph_limit_stream()
ClosedPublic
Actions

Authored by kevans on Jan 1 2020, 8:53 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Oct 14, 1:12 PM
Unknown Object (File)
Tue, Oct 14, 9:15 AM
Unknown Object (File)
Sun, Oct 5, 11:07 PM
Unknown Object (File)
Sun, Sep 21, 3:21 AM
Unknown Object (File)
Wed, Sep 17, 5:56 AM
Unknown Object (File)
Wed, Sep 17, 2:27 AM
Unknown Object (File)
Aug 20 2025, 5:48 AM
Unknown Object (File)
Aug 20 2025, 2:04 AM
View All Files
Subscribers
imp
jonathan

Details

Reviewers
markj
oshogbo
Group Reviewers
manpages
Commits
rS356305: capsicum_helpers: split stream cap bits out of caph_limit_stream()
Summary

The goal here is to make it so applications can take the rights one would normally get by calling caph_limit_stream() on a descriptor and build on them as needed.

My current use-case is inetd, where the control socket's rights will be caph_stream_rights() + ACCEPT/BIND/LISTEN/SETSOCKOPT, and once a client connects we limit those sockets further to caph_stream_rights() + SETSOCKOPT. inetd must at least use a superset of caph_stream_rights in case invoked program leads to caph_limit_stdio(), which is quite common. I *think* this is a feasible approach, at least.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kevans created this revision.Jan 1 2020, 8:53 PM
Herald added a subscriber: imp. · View Herald TranscriptJan 1 2020, 8:53 PM
Harbormaster completed remote builds in B28419: Diff 66218.Jan 1 2020, 8:53 PM
markj accepted this revision.Jan 2 2020, 2:41 PM

This seems ok to me. Shouldn't caph_stream_rights() be documented?

It might also be nice to have a caph_limit_stream_rights() or whatever which uses a caller-supplied rights set and limits ioctls like caph_limit_stream() does. I'm not sure if that's really useful though.

lib/libcapsicum/capsicum_helpers.h
51 ↗(On Diff #66218)

I think the backslash is not needed.

This revision is now accepted and ready to land.Jan 2 2020, 2:41 PM
oshogbo accepted this revision.Jan 2 2020, 7:20 PM

LGTM.
Like @markj mentioned please add it to man page.

kevans updated this revision to Diff 66267.Jan 2 2020, 9:30 PM
kevans marked an inline comment as done.

Amend capsicum_helpers(3) and remove useless escape.

This revision now requires review to proceed.Jan 2 2020, 9:30 PM
Herald added a reviewer: manpages. · View Herald TranscriptJan 2 2020, 9:30 PM
Herald added a subscriber: jonathan. · View Herald Transcript
Harbormaster completed remote builds in B28444: Diff 66267.Jan 2 2020, 9:30 PM
markj accepted this revision.Jan 2 2020, 10:36 PM
This revision is now accepted and ready to land.Jan 2 2020, 10:36 PM
Closed by commit rS356305: capsicum_helpers: split stream cap bits out of caph_limit_stream() (authored by kevans). · Explain WhyJan 2 2020, 11:08 PM
This revision was automatically updated to reflect the committed changes.
kevans added a commit: rS356305: capsicum_helpers: split stream cap bits out of caph_limit_stream().

Revision Contents
Changeset List

PathSize
head/
lib/
libcapsicum/
1 line
30 lines
15 lines

Diff 66277

View Options

head/lib/libcapsicum/Makefile

Loading...
View Options

head/lib/libcapsicum/capsicum_helpers.h

Loading...
View Options

head/lib/libcapsicum/capsicum_helpers.3

Loading...