Differential D57188

unix: Preserve FD_RESOLVE_BENEATH when passing an fd
Needs ReviewPublic
Actions

Authored by markj on Fri, May 22, 10:12 PM.

Tags

None

Referenced Files

None

Subscribers

This revision needs review, but there are no reviewers specified.

Details

Reviewers: None

Summary

The FD_RESOLVE_BENEATH flag is supposed to be sticky. It's set when you
receive an fd from a different jail and preserved by openat(<dfd>) etc..
However, if you send the fd to yourself, the flag is stripped since
SCM_RIGHTS message don't preserve file descriptor flags.

Fix this by preserving those flags and checking for UF_RESOLVE_BENEATH
in restrict_rights().

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 73358
Build 70241: arc lint + arc unit

Event Timeline

markj created this revision.Fri, May 22, 10:12 PM

Herald added subscribers: olce, glebius, imp. · View Herald TranscriptFri, May 22, 10:12 PM

markj requested review of this revision.Fri, May 22, 10:12 PM

Harbormaster completed remote builds in B73358: Diff 178437.Fri, May 22, 10:12 PM

markj added a child revision: D57189: vfs: Disallow renameat() with FD_RESOLVE_BENEATH descriptors.Fri, May 22, 10:12 PM

Revision Contents
Changeset List

Path

Size

sys/

kern/

9 lines

Diff 178437

sys/kern/uipc_usrreq.c

Loading...