Index: sbin/fsck_msdosfs/Makefile =================================================================== --- sbin/fsck_msdosfs/Makefile +++ sbin/fsck_msdosfs/Makefile @@ -1,6 +1,8 @@ # $NetBSD: Makefile,v 1.6 1997/05/08 21:11:11 gwr Exp $ # $FreeBSD$ +.include + FSCK= ${.CURDIR:H}/fsck .PATH: ${FSCK} @@ -9,7 +11,13 @@ MAN= fsck_msdosfs.8 SRCS= main.c check.c boot.c fat.c dir.c fsutil.c -CFLAGS+= -I${FSCK} -DHAVE_LIBUTIL_H +CFLAGS+= -I${FSCK} -DHAVE_LIBUTIL_H -DHAVE_CAPSICUM LIBADD= util +.if ${MK_CASPER} != "no" +LIBADD+= casper +LIBADD+= cap_fileargs +CFLAGS+= -DWITH_CASPER +.endif + .include Index: sbin/fsck_msdosfs/check.c =================================================================== --- sbin/fsck_msdosfs/check.c +++ sbin/fsck_msdosfs/check.c @@ -46,9 +46,8 @@ #include "fsutil.h" int -checkfilesys(const char *fname) +checkfilesys(const char *fname, int dosfs) { - int dosfs; struct bootblock boot; struct fat_descriptor *fat = NULL; int finish_dosdirsection=0; @@ -57,21 +56,6 @@ int64_t freebytes; int64_t badbytes; - rdonly = alwaysno; - if (!preen) - printf("** %s", fname); - - dosfs = open(fname, rdonly ? O_RDONLY : O_RDWR, 0); - if (dosfs < 0 && !rdonly) { - dosfs = open(fname, O_RDONLY, 0); - if (dosfs >= 0) - pwarn(" (NO WRITE)\n"); - else if (!preen) - printf("\n"); - rdonly = 1; - } else if (!preen) - printf("\n"); - if (dosfs < 0) { perr("Can't open `%s'", fname); printf("\n"); Index: sbin/fsck_msdosfs/ext.h =================================================================== --- sbin/fsck_msdosfs/ext.h +++ sbin/fsck_msdosfs/ext.h @@ -38,9 +38,6 @@ #define LOSTDIR "LOST.DIR" -/* - * Options: - */ extern int alwaysno; /* assume "no" for all questions */ extern int alwaysyes; /* assume "yes" for all questions */ extern int preen; /* we are preening */ @@ -63,7 +60,7 @@ /* * Check file system given as arg */ -int checkfilesys(const char *); +int checkfilesys(const char *, int); /* * Return values of various functions Index: sbin/fsck_msdosfs/main.c =================================================================== --- sbin/fsck_msdosfs/main.c +++ sbin/fsck_msdosfs/main.c @@ -39,6 +39,13 @@ #include #include #include +#include + +#ifdef HAVE_CAPSICUM +#include +#include +#include +#endif #include "fsutil.h" #include "ext.h" @@ -65,8 +72,15 @@ int main(int argc, char **argv) { + int dosfs; int ret = 0, erg; int ch; + char *fname; +#ifdef HAVE_CAPSICUM + cap_rights_t rights, *rights_init; + fileargs_t *fa_alwaysno; + fileargs_t *fa_rdonly; +#endif skipclean = 1; allow_mmap = 1; @@ -115,13 +129,62 @@ if (!argc) usage(); +#ifdef HAVE_CAPSICUM + rights_init = cap_rights_init(&rights, CAP_MMAP_RW); + fa_alwaysno = fileargs_init(argc, argv, alwaysno ? O_RDONLY : O_RDWR , 0, + rights_init, FA_OPEN); + if (fa_alwaysno == NULL) + err(1, "unable to open first system.fileargs service"); + + fa_rdonly = fileargs_init(argc, argv, O_RDONLY , 0, + rights_init, FA_OPEN); + if (fa_rdonly == NULL) + err(1, "unable to second open system.fileargs service"); + + /* + * Here we enter capability mode. Further down access to global + * namespaces (e.g filesystem) is restricted (see capsicum(4)). + * We must connect(2) our socket before this point. + */ + + if (caph_enter_casper()) { + err(1, "unable to enter capability mode"); + } +#endif + while (--argc >= 0) { setcdevname(*argv, preen); - erg = checkfilesys(*argv++); + fname = *argv++; + rdonly = alwaysno; + if (!preen) + printf("** %s", fname); + +#ifdef HAVE_CAPSICUM + dosfs = fileargs_open(fa_alwaysno, fname); + if (dosfs < 0 && !rdonly) { + dosfs = fileargs_open(fa_rdonly, fname); +#else + dosfs = open(fname, rdonly ? O_RDONLY : O_RDWR, 0); + if (dosfs < 0 && !rdonly) { + dosfs = open(fname, O_RDONLY, 0); +#endif + if (dosfs >= 0) + pwarn(" (NO WRITE)\n"); + else if (!preen) + printf("\n"); + rdonly = 1; + } else if (!preen) + printf("\n"); + erg = checkfilesys(fname, dosfs); if (erg > ret) ret = erg; } +#ifdef HAVE_CAPSICUM + fileargs_free(fa_alwaysno); + fileargs_free(fa_rdonly); +#endif + return ret; }