Page MenuHomeFreeBSD
Files F153983928

D8290.id21565.diff
No OneTemporary
Actions

D8290.id21565.diff
View Options

Index: lib/libvmmapi/vmmapi.h
===================================================================
--- lib/libvmmapi/vmmapi.h
+++ lib/libvmmapi/vmmapi.h
@@ -102,6 +102,7 @@
vm_ooffset_t segoff, size_t len, int prot);
int vm_create(const char *name);
+int vm_get_device_fd(struct vmctx *ctx);
struct vmctx *vm_open(const char *name);
void vm_destroy(struct vmctx *ctx);
int vm_parse_memsize(const char *optarg, size_t *memsize);
Index: lib/libvmmapi/vmmapi.c
===================================================================
--- lib/libvmmapi/vmmapi.c
+++ lib/libvmmapi/vmmapi.c
@@ -1411,3 +1411,10 @@
return (ioctl(ctx->fd, VM_RESTART_INSTRUCTION, &vcpu));
}
+
+int
+vm_get_device_fd(struct vmctx *ctx)
+{
+ return ctx->fd;
+}
+
Index: usr.sbin/bhyve/bhyverun.c
===================================================================
--- usr.sbin/bhyve/bhyverun.c
+++ usr.sbin/bhyve/bhyverun.c
@@ -30,6 +30,8 @@
__FBSDID("$FreeBSD$");
#include <sys/types.h>
+#include <sys/capsicum.h>
+#include <sys/cpuset.h>
#include <sys/mman.h>
#include <sys/time.h>
@@ -40,7 +42,9 @@
#include <stdlib.h>
#include <string.h>
#include <err.h>
+#include <errno.h>
#include <libgen.h>
+#include <nl_types.h>
#include <unistd.h>
#include <assert.h>
#include <errno.h>
@@ -48,8 +52,12 @@
#include <pthread_np.h>
#include <sysexits.h>
#include <stdbool.h>
+#include <termios.h>
#include <machine/vmm.h>
+#ifndef WITHOUT_CAPSICUM
+#include <machine/vmm_dev.h>
+#endif
#include <vmmapi.h>
#include "bhyverun.h"
@@ -706,6 +714,24 @@
struct vmctx *ctx;
int error;
bool reinit, romboot;
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_t rights;
+ u_long cmds[] = {VM_RUN, VM_SUSPEND, VM_REINIT, VM_ALLOC_MEMSEG,
+ VM_GET_MEMSEG, VM_MMAP_MEMSEG, VM_MMAP_MEMSEG, VM_MMAP_GETNEXT,
+ VM_SET_REGISTER, VM_GET_REGISTER, VM_SET_SEGMENT_DESCRIPTOR,
+ VM_GET_SEGMENT_DESCRIPTOR, VM_INJECT_EXCEPTION, VM_LAPIC_IRQ,
+ VM_LAPIC_LOCAL_IRQ, VM_LAPIC_MSI, VM_IOAPIC_ASSERT_IRQ,
+ VM_IOAPIC_DEASSERT_IRQ, VM_IOAPIC_PULSE_IRQ,
+ VM_IOAPIC_PINCOUNT, VM_ISA_ASSERT_IRQ, VM_ISA_DEASSERT_IRQ,
+ VM_ISA_PULSE_IRQ, VM_ISA_SET_IRQ_TRIGGER, VM_SET_CAPABILITY,
+ VM_GET_CAPABILITY, VM_BIND_PPTDEV, VM_UNBIND_PPTDEV,
+ VM_MAP_PPTDEV_MMIO, VM_PPTDEV_MSI, VM_PPTDEV_MSIX,
+ VM_INJECT_NMI, VM_STATS, VM_STAT_DESC, VM_SET_X2APIC_STATE,
+ VM_GET_X2APIC_STATE, VM_GET_HPET_CAPABILITIES, VM_GET_GPA_PMAP,
+ VM_GLA2GPA, VM_ACTIVATE_CPU, VM_GET_CPUS, VM_SET_INTINFO,
+ VM_GET_INTINFO, VM_RTC_WRITE, VM_RTC_READ, VM_RTC_SETTIME,
+ VM_RTC_GETTIME, VM_RESTART_INSTRUCTION};
+#endif
reinit = romboot = false;
@@ -744,6 +770,16 @@
exit(1);
}
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_init(&rights, CAP_IOCTL, CAP_MMAP_RWX);
+ if (cap_rights_limit(vm_get_device_fd(ctx), &rights) == -1 &&
+ errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+ if (cap_ioctls_limit(vm_get_device_fd(ctx), cmds, nitems(cmds)) == -1 &&
+ errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+#endif
+
if (reinit) {
error = vm_reinit(ctx);
if (error) {
@@ -764,6 +800,12 @@
uint64_t rip;
size_t memsize;
char *optstr;
+#ifdef notyet
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_t rights;
+ u_long cmds[] = {TIOCGETA, TIOCSETA, TIOCGWINSZ};
+#endif
+#endif
bvmcons = 0;
progname = basename(argv[0]);
@@ -952,6 +994,39 @@
if (lpc_bootrom())
fwctl_init();
+#ifndef WITHOUT_CAPSICUM
+ catopen("libc", NL_CAT_LOCALE);
+
+#ifdef notyet
+ cap_rights_init(&rights, CAP_READ, CAP_FCNTL, CAP_FSTAT, CAP_IOCTL, CAP_EVENT);
+
+ if (cap_rights_limit(STDIN_FILENO, &rights) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+ if (cap_ioctls_limit(STDIN_FILENO, cmds, nitems(cmds)) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox!");
+
+ cap_rights_clear(&rights, CAP_READ);
+ cap_rights_set(&rights, CAP_WRITE);
+
+ if (cap_rights_limit(STDOUT_FILENO, &rights) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+ if (cap_ioctls_limit(STDOUT_FILENO, cmds, nitems(cmds)) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+
+ if (cap_rights_limit(STDERR_FILENO, &rights) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+ if (cap_ioctls_limit(STDERR_FILENO, cmds, nitems(cmds)) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+#endif
+
+ if (cap_enter() == -1) {
+ if (errno == ENOSYS)
+ warn("Capsicum unavailable, running without a sandbox");
+ else
+ errx(EX_OSERR, "cap_enter() failed");
+ }
+#endif
+
/*
* Change the proc title to include the VM name.
*/
Index: usr.sbin/bhyve/block_if.c
===================================================================
--- usr.sbin/bhyve/block_if.c
+++ usr.sbin/bhyve/block_if.c
@@ -30,6 +30,9 @@
__FBSDID("$FreeBSD$");
#include <sys/param.h>
+#ifndef WITHOUT_CAPSICUM
+#include <sys/capsicum.h>
+#endif
#include <sys/queue.h>
#include <sys/errno.h>
#include <sys/stat.h>
@@ -45,6 +48,7 @@
#include <pthread.h>
#include <pthread_np.h>
#include <signal.h>
+#include <sysexits.h>
#include <unistd.h>
#include <machine/atomic.h>
@@ -400,6 +404,10 @@
off_t size, psectsz, psectoff;
int extra, fd, i, sectsz;
int nocache, sync, ro, candelete, geom, ssopt, pssopt;
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_t rights;
+ u_long cmds[] = {DIOCGFLUSH, DIOCGDELETE};
+#endif
pthread_once(&blockif_once, blockif_init);
@@ -457,6 +465,15 @@
goto err;
}
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_SEEK, CAP_IOCTL);
+ if (ro)
+ cap_rights_clear(&rights, CAP_WRITE);
+
+ if (cap_rights_limit(fd, &rights) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+#endif
+
/*
* Deal with raw devices
*/
@@ -483,6 +500,12 @@
} else
psectsz = sbuf.st_blksize;
+#ifndef WITHOUT_CAPSICUM
+ if (cap_ioctls_limit(fd, cmds, nitems(cmds)) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+#endif
+
+
if (ssopt != 0) {
if (!powerof2(ssopt) || !powerof2(pssopt) || ssopt < 512 ||
ssopt > pssopt) {
Index: usr.sbin/bhyve/mevent.c
===================================================================
--- usr.sbin/bhyve/mevent.c
+++ usr.sbin/bhyve/mevent.c
@@ -35,13 +35,18 @@
__FBSDID("$FreeBSD$");
#include <assert.h>
+#include <err.h>
#include <errno.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#include <sysexits.h>
#include <unistd.h>
#include <sys/types.h>
+#ifndef WITHOUT_CAPSICUM
+#include <sys/capsicum.h>
+#endif
#include <sys/event.h>
#include <sys/time.h>
@@ -401,6 +406,9 @@
int mfd;
int numev;
int ret;
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_t rights;
+#endif
mevent_tid = pthread_self();
mevent_set_name();
@@ -408,6 +416,12 @@
mfd = kqueue();
assert(mfd > 0);
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_init(&rights, CAP_KQUEUE);
+ if (cap_rights_limit(mfd, &rights) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+#endif
+
/*
* Open the pipe that will be used for other threads to force
* the blocking kqueue call to exit by writing to it. Set the
@@ -419,6 +433,15 @@
exit(0);
}
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_remove(&rights, &rights);
+ cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_EVENT);
+ if (cap_rights_limit(mevent_pipefd[0], &rights) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+ if (cap_rights_limit(mevent_pipefd[1], &rights) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+#endif
+
/*
* Add internal event handler for the pipe write fd
*/
Index: usr.sbin/bhyve/pci_ahci.c
===================================================================
--- usr.sbin/bhyve/pci_ahci.c
+++ usr.sbin/bhyve/pci_ahci.c
@@ -31,6 +31,9 @@
__FBSDID("$FreeBSD$");
#include <sys/param.h>
+#ifndef WITHOUT_CAPSICUM
+#include <sys/capsicum.h>
+#endif
#include <sys/linker_set.h>
#include <sys/stat.h>
#include <sys/uio.h>
@@ -2293,12 +2296,22 @@
MD5_CTX mdctx;
u_char digest[16];
char *next, *next2;
+#ifdef AHCI_DEBUG
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_t rights;
+#endif
+#endif
ret = 0;
#ifdef AHCI_DEBUG
dbg = fopen("/tmp/log", "w+");
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT, CAP_SEEK);
+ if (cap_rights_limit(fileno(dbg), &rights) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
#endif
+#endif
sc = calloc(1, sizeof(struct pci_ahci_softc));
pi->pi_arg = sc;
Index: usr.sbin/bhyve/pci_e82545.c
===================================================================
--- usr.sbin/bhyve/pci_e82545.c
+++ usr.sbin/bhyve/pci_e82545.c
@@ -31,6 +31,9 @@
__FBSDID("$FreeBSD$");
#include <sys/types.h>
+#ifndef WITHOUT_CAPSICUM
+#include <sys/capsicum.h>
+#endif
#include <sys/limits.h>
#include <sys/ioctl.h>
#include <sys/uio.h>
@@ -38,6 +41,7 @@
#include <netinet/in.h>
#include <netinet/tcp.h>
+#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <md5.h>
@@ -44,6 +48,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <sysexits.h>
#include <unistd.h>
#include <pthread.h>
#include <pthread_np.h>
@@ -2202,6 +2207,9 @@
e82545_open_tap(struct e82545_softc *sc, char *opts)
{
char tbuf[80];
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_t rights;
+#endif
if (opts == NULL) {
sc->esc_tapfd = -1;
@@ -2228,6 +2236,12 @@
sc->esc_tapfd = -1;
}
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_init(&rights, CAP_READ, CAP_WRITE);
+ if (cap_rights_limit(sc->esc_tapfd, &rights) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+#endif
+
sc->esc_mevp = mevent_add(sc->esc_tapfd,
EVF_READ,
e82545_tap_callback,
Index: usr.sbin/bhyve/pci_passthru.c
===================================================================
--- usr.sbin/bhyve/pci_passthru.c
+++ usr.sbin/bhyve/pci_passthru.c
@@ -30,6 +30,9 @@
__FBSDID("$FreeBSD$");
#include <sys/param.h>
+#ifndef WITHOUT_CAPSICUM
+#include <sys/capsicum.h>
+#endif
#include <sys/types.h>
#include <sys/mman.h>
#include <sys/pciio.h>
@@ -44,7 +47,9 @@
#include <stdlib.h>
#include <string.h>
#include <err.h>
+#include <errno.h>
#include <fcntl.h>
+#include <sysexits.h>
#include <unistd.h>
#include <machine/vmm.h>
@@ -639,10 +644,19 @@
{
int bus, slot, func, error, memflags;
struct passthru_softc *sc;
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_t rights;
+ u_long pci_ioctls[] = {PCIOCREAD, PCIOCWRITE, PCIOCGETBAR};
+ u_long io_ioctls[] = {IODEV_PIO};
+#endif
sc = NULL;
error = 1;
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_IOCTL);
+#endif
+
memflags = vm_get_memflags(ctx);
if (!(memflags & VM_MEM_F_WIRED)) {
warnx("passthru requires guest memory to be wired");
@@ -657,6 +671,13 @@
}
}
+#ifndef WITHOUT_CAPSICUM
+ if (cap_rights_limit(pcifd, &rights) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+ if (cap_ioctls_limit(pcifd, pci_ioctls, nitems(pci_ioctls)) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+#endif
+
if (iofd < 0) {
iofd = open(_PATH_DEVIO, O_RDWR, 0);
if (iofd < 0) {
@@ -665,6 +686,13 @@
}
}
+#ifndef WITHOUT_CAPSICUM
+ if (cap_rights_limit(iofd, &rights) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+ if (cap_ioctls_limit(iofd, io_ioctls, nitems(io_ioctls)) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+#endif
+
if (memfd < 0) {
memfd = open(_PATH_MEM, O_RDWR, 0);
if (memfd < 0) {
@@ -673,6 +701,12 @@
}
}
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_clear(&rights, CAP_IOCTL);
+ if (cap_rights_limit(memfd, &rights) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+#endif
+
if (opts == NULL ||
sscanf(opts, "%d/%d/%d", &bus, &slot, &func) != 3) {
warnx("invalid passthru options");
Index: usr.sbin/bhyve/pci_virtio_console.c
===================================================================
--- usr.sbin/bhyve/pci_virtio_console.c
+++ usr.sbin/bhyve/pci_virtio_console.c
@@ -32,6 +32,9 @@
__FBSDID("$FreeBSD$");
#include <sys/param.h>
+#ifndef WITHOUT_CAPSICUM
+#include <sys/capsicum.h>
+#endif
#include <sys/linker_set.h>
#include <sys/uio.h>
#include <sys/types.h>
@@ -38,6 +41,7 @@
#include <sys/socket.h>
#include <sys/un.h>
+#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
@@ -48,6 +52,7 @@
#include <assert.h>
#include <pthread.h>
#include <libgen.h>
+#include <sysexits.h>
#include "bhyverun.h"
#include "pci_emul.h"
@@ -266,6 +271,9 @@
struct sockaddr_un sun;
char *pathcopy;
int s = -1, fd = -1, error = 0;
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_t rights;
+#endif
sock = calloc(1, sizeof(struct pci_vtcon_sock));
if (sock == NULL) {
@@ -273,12 +281,18 @@
goto out;
}
- s = socket(AF_UNIX, SOCK_STREAM, 0);
+ s = socket(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK, 0);
if (s < 0) {
error = -1;
goto out;
}
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_LISTEN, CAP_READ, CAP_WRITE);
+ if (cap_rights_limit(s, &rights) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+#endif
+
pathcopy = strdup(path);
if (pathcopy == NULL) {
error = -1;
@@ -303,11 +317,6 @@
goto out;
}
- if (fcntl(s, F_SETFL, O_NONBLOCK) < 0) {
- error = -1;
- goto out;
- }
-
if (listen(s, 1) < 0) {
error = -1;
goto out;
Index: usr.sbin/bhyve/pci_virtio_net.c
===================================================================
--- usr.sbin/bhyve/pci_virtio_net.c
+++ usr.sbin/bhyve/pci_virtio_net.c
@@ -30,6 +30,9 @@
__FBSDID("$FreeBSD$");
#include <sys/param.h>
+#ifndef WITHOUT_CAPSICUM
+#include <sys/capsicum.h>
+#endif
#include <sys/linker_set.h>
#include <sys/select.h>
#include <sys/uio.h>
@@ -41,6 +44,7 @@
#endif
#include <net/netmap_user.h>
+#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
@@ -53,6 +57,7 @@
#include <md5.h>
#include <pthread.h>
#include <pthread_np.h>
+#include <sysexits.h>
#include "bhyverun.h"
#include "pci_emul.h"
@@ -743,6 +748,9 @@
pci_vtnet_tap_setup(struct pci_vtnet_softc *sc, char *devname)
{
char tbuf[80];
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_t rights;
+#endif
strcpy(tbuf, "/dev/");
strlcat(tbuf, devname, sizeof(tbuf));
@@ -767,6 +775,12 @@
sc->vsc_tapfd = -1;
}
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_EVENT);
+ if (cap_rights_limit(sc->vsc_tapfd, &rights) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+#endif
+
sc->vsc_mevp = mevent_add(sc->vsc_tapfd,
EVF_READ,
pci_vtnet_rx_callback,
Index: usr.sbin/bhyve/pci_virtio_rnd.c
===================================================================
--- usr.sbin/bhyve/pci_virtio_rnd.c
+++ usr.sbin/bhyve/pci_virtio_rnd.c
@@ -35,9 +35,13 @@
__FBSDID("$FreeBSD$");
#include <sys/param.h>
+#ifndef WITHOUT_CAPSICUM
+#include <sys/capsicum.h>
+#endif
#include <sys/linker_set.h>
#include <sys/uio.h>
+#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
@@ -46,6 +50,7 @@
#include <unistd.h>
#include <assert.h>
#include <pthread.h>
+#include <sysexits.h>
#include "bhyverun.h"
#include "pci_emul.h"
@@ -138,6 +143,9 @@
int fd;
int len;
uint8_t v;
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_t rights;
+#endif
/*
* Should always be able to open /dev/random.
@@ -146,6 +154,12 @@
assert(fd >= 0);
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_init(&rights, CAP_READ);
+ if (cap_rights_limit(fd, &rights) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+#endif
+
/*
* Check that device is seeded and non-blocking.
*/
Index: usr.sbin/bhyve/rfb.c
===================================================================
--- usr.sbin/bhyve/rfb.c
+++ usr.sbin/bhyve/rfb.c
@@ -29,6 +29,9 @@
__FBSDID("$FreeBSD$");
#include <sys/param.h>
+#ifndef WITHOUT_CAPSICUM
+#include <sys/capsicum.h>
+#endif
#include <sys/socket.h>
#include <sys/select.h>
#include <sys/time.h>
@@ -38,6 +41,8 @@
#include <netinet/in.h>
#include <assert.h>
+#include <err.h>
+#include <errno.h>
#include <pthread.h>
#include <pthread_np.h>
#include <signal.h>
@@ -45,6 +50,7 @@
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#include <sysexits.h>
#include <unistd.h>
#include <zlib.h>
@@ -868,6 +874,9 @@
struct rfb_softc *rc;
struct sockaddr_in sin;
int on = 1;
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_t rights;
+#endif
rc = calloc(1, sizeof(struct rfb_softc));
@@ -884,6 +893,12 @@
return (-1);
}
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_init(&rights, CAP_ACCEPT, CAP_BIND, CAP_EVENT, CAP_LISTEN, CAP_READ, CAP_SETSOCKOPT, CAP_WRITE);
+ if (cap_rights_limit(rc->sfd, &rights) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+#endif
+
setsockopt(rc->sfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
sin.sin_len = sizeof(sin);
Index: usr.sbin/bhyve/uart_emul.c
===================================================================
--- usr.sbin/bhyve/uart_emul.c
+++ usr.sbin/bhyve/uart_emul.c
@@ -31,11 +31,16 @@
__FBSDID("$FreeBSD$");
#include <sys/types.h>
+#ifndef WITHOUT_CAPSICUM
+#include <sys/capsicum.h>
+#endif
#include <dev/ic/ns16550.h>
#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
+#include <err.h>
+#include <errno.h>
#include <fcntl.h>
#include <termios.h>
#include <unistd.h>
@@ -42,6 +47,7 @@
#include <stdbool.h>
#include <string.h>
#include <pthread.h>
+#include <sysexits.h>
#include "mevent.h"
#include "uart_emul.h"
@@ -629,6 +635,10 @@
{
int fd;
int retval;
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_t rights;
+ u_long cmds[] = {TIOCGETA, TIOCSETA, TIOCGWINSZ};
+#endif
retval = -1;
@@ -638,6 +648,17 @@
sc->tty.opened = true;
retval = 0;
}
+
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FCNTL, CAP_FSTAT,
+ CAP_IOCTL, CAP_EVENT);
+ if (cap_rights_limit(fd, &rights) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+ if (cap_ioctls_limit(fd, cmds, nitems(cmds)) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+ if (cap_fcntls_limit(fd, F_SETFL) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+#endif
return (retval);
}
@@ -646,6 +667,9 @@
uart_set_backend(struct uart_softc *sc, const char *opts)
{
int retval;
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_t rights;
+#endif
retval = -1;
@@ -667,6 +691,13 @@
if (retval == 0)
retval = fcntl(sc->tty.fd, F_SETFL, O_NONBLOCK);
+#ifndef WITHOUT_CAPSICUM
+ cap_rights_get(sc->tty.fd, &rights);
+ cap_rights_clear(&rights, CAP_FCNTL);
+ if (cap_rights_limit(sc->tty.fd, &rights) == -1 && errno != ENOSYS)
+ errx(EX_OSERR, "Unable to apply rights for sandbox");
+#endif
+
if (retval == 0)
uart_opentty(sc);

File Metadata

Mime Type
text/plain
Expires
Sun, Apr 26, 6:27 AM (53 m, 39 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
32169093
Default Alt Text
D8290.id21565.diff (18 KB)

Event Timeline