Page MenuHomeFreeBSD
Differential D7719

Allow getdtablesize in capability mode
ClosedPublic
Actions

Authored by emaste on Aug 31 2016, 2:17 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Apr 2, 12:35 AM
Unknown Object (File)
Jan 9 2024, 8:30 PM
Unknown Object (File)
Jan 9 2024, 8:30 PM
Unknown Object (File)
Jan 9 2024, 8:30 PM
Unknown Object (File)
Jan 9 2024, 8:15 PM
Unknown Object (File)
Dec 27 2023, 5:32 AM
Unknown Object (File)
Dec 27 2023, 5:29 AM
Unknown Object (File)
Dec 20 2023, 2:08 AM
View All 36 Files
Subscribers
allanjude

Details

Reviewers
drysdale_google.com
jilles
rwatson
oshogbo
Commits
rS305140: Allow getdtablesize in capability mode
Summary

It is a legacy interface that is equivalent to (already permitted) getrlimit with the RLIMIT_NOFILE option.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste updated this revision to Diff 19872.Aug 31 2016, 2:17 PM
emaste retitled this revision from to Allow getdtablesize in capability mode.
emaste updated this object.
emaste edited the test plan for this revision. (Show Details)
emaste added reviewers: oshogbo, drysdale_google.com.
emaste added a subscriber: allanjude.
emaste added inline comments.Aug 31 2016, 2:23 PM
sys/kern/capabilities.conf
33 ↗(On Diff #19872)

As an aside this is mostly, but not entirely, true. The cases where it's not true (e.g. __cap_rights_get, the "Operations relative to directory capabilities") make sense to me, and I wonder if we shouldn't instead have a handful of alphabetically sorted groups?

emaste added a comment.Aug 31 2016, 5:15 PM

And will makesyscalls.sh afterwards, which results in

diff --git a/sys/kern/init_sysent.c b/sys/kern/init_sysent.c
index 6be4769..907d3ea 100644
--- a/sys/kern/init_sysent.c
+++ b/sys/kern/init_sysent.c
@@ -135,7 +135,7 @@ struct sysent sysent[] = {
        { AS(getitimer_args), (sy_call_t *)sys_getitimer, AUE_GETITIMER, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },   /* 86 = getitimer */
        { compat(AS(gethostname_args),gethostname), AUE_SYSCTL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },    /* 87 = old gethostname */
        { compat(AS(sethostname_args),sethostname), AUE_SYSCTL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 88 = old sethostname */
-       { 0, (sy_call_t *)sys_getdtablesize, AUE_GETDTABLESIZE, NULL, 0, 0, 0, SY_THR_STATIC }, /* 89 = getdtablesize */
+       { 0, (sy_call_t *)sys_getdtablesize, AUE_GETDTABLESIZE, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },    /* 89 = getdtablesize */
        { AS(dup2_args), (sy_call_t *)sys_dup2, AUE_DUP2, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },  /* 90 = dup2 */
        { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT },                      /* 91 = getdopt */
        { AS(fcntl_args), (sy_call_t *)sys_fcntl, AUE_FCNTL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC },       /* 92 = fcntl */
emaste added a reviewer: rwatson.Aug 31 2016, 5:16 PM
emaste added a reviewer: jilles.Aug 31 2016, 6:07 PM
emaste added a comment.Aug 31 2016, 6:10 PM

@jilles has informed me (via D7720) it's not exactly equivalent to getrlimit(RLIMIT_NOFILE), but it is still trivial global state that should be allowed in capability mode for the same reason as getrlimit.

oshogbo accepted this revision.Aug 31 2016, 6:21 PM
oshogbo edited edge metadata.
This revision is now accepted and ready to land.Aug 31 2016, 6:21 PM
Closed by commit rS305140: Allow getdtablesize in capability mode (authored by emaste). · Explain WhyAug 31 2016, 6:33 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sys/
kern/
1 line

Diff 19885

View Options

head/sys/kern/capabilities.conf

Loading...