Page MenuHomeFreeBSD
Differential D57505

rights(4): fix our representation of the unused bits
AcceptedPublic
Actions

Authored by kevans on Mon, Jun 8, 4:53 PM.
Tags
None
Referenced Files
F159104679: D57505.diff
Wed, Jun 10, 4:30 AM
Unknown Object (File)
Mon, Jun 8, 6:20 PM
Subscribers
imp
kib
olce
oshogbo

Details

Reviewers
markj
oshogbo
Group Reviewers
capsicum
Summary

The current format seems to be a little confusing, and the version of it
for index 0 was broken by the below-referenced commit. Turn our
UNUSED macros into a single mask for the entire unused range to prevent
future misinterpretation, since these are still useful to have around as
long as the top 7 bits are reserved for different uses / defined to be
zeroed out.

While we're here, add some static assertions to confirm that our
bookkeeping is in order for these, since it's not unexpected that one
might use CAP_UNUSED* to determine where they can slice off a new right.

Fixes: b165e9e3ea4e327fc ("Add fchroot(2)")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 73749
Build 70632: arc lint + arc unit

Event Timeline

kevans created this revision.Mon, Jun 8, 4:53 PM
Herald added subscribers: olce, imp. · View Herald TranscriptMon, Jun 8, 4:53 PM
kevans requested review of this revision.Mon, Jun 8, 4:53 PM
Harbormaster completed remote builds in B73749: Diff 179397.Mon, Jun 8, 4:53 PM
oshogbo accepted this revision.Mon, Jun 8, 6:26 PM
oshogbo added a subscriber: oshogbo.
oshogbo added inline comments.
sys/kern/subr_capability.c
55

This reads a little bit weird - but maybe its just me.
Maybe:

CAP_ALL0 and CAP_UNUSED0 must cover all non-reserved bits

This revision is now accepted and ready to land.Mon, Jun 8, 6:26 PM
kevans added inline comments.Mon, Jun 8, 6:45 PM
sys/kern/subr_capability.c
55

I like how that reads better, though I wonder if it'd be better to split into two and have one that separately asserts that the combination doesn't touch the reserved bits outside of the index.

kib added a subscriber: kib.Mon, Jun 8, 9:39 PM
kib added inline comments.
sys/sys/capsicum.h
297

I think this is similarly not obvious as the current state.

I suggest to go out and proivde CAP_UNUSEDXX for each unused bit in the word 1. It costs nothing to generate all of them, but much easier to pick one later.

Revision Contents
Changeset List

PathSize
sys/
kern/
9 lines
sys/
13 lines

Diff 179397

View Options

sys/kern/subr_capability.c

Loading...
View Options

sys/sys/capsicum.h

Loading...