D10170.id26871.diff
No OneTemporary
Actions

Size

3 KB

Referenced Files

None

Subscribers

None

D10170.id26871.diff
View Options

	Index: sys/kern/capabilities.conf
	===================================================================
	--- sys/kern/capabilities.conf
	+++ sys/kern/capabilities.conf
	@@ -137,9 +137,9 @@
	## eventually be allowed, at least in the current process case.
	##
	#cpuset
	-#cpuset_getaffinity
	+cpuset_getaffinity
	#cpuset_getid
	-#cpuset_setaffinity
	+cpuset_setaffinity
	#cpuset_setid

	##
	Index: sys/kern/init_sysent.c
	===================================================================
	--- sys/kern/init_sysent.c
	+++ sys/kern/init_sysent.c
	@@ -529,11 +529,11 @@
	{ AS(thr_kill2_args), (sy_call_t )sys_thr_kill2, AUE_KILL, NULL, 0, 0, 0, SY_THR_STATIC }, / 481 = thr_kill2 */
	{ AS(shm_open_args), (sy_call_t )sys_shm_open, AUE_SHMOPEN, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, / 482 = shm_open */
	{ AS(shm_unlink_args), (sy_call_t )sys_shm_unlink, AUE_SHMUNLINK, NULL, 0, 0, 0, SY_THR_STATIC }, / 483 = shm_unlink */
	- { AS(cpuset_args), (sy_call_t )sys_cpuset, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, / 484 = cpuset */
	- { AS(cpuset_setid_args), (sy_call_t )sys_cpuset_setid, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, / 485 = cpuset_setid */
	- { AS(cpuset_getid_args), (sy_call_t )sys_cpuset_getid, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, / 486 = cpuset_getid */
	- { AS(cpuset_getaffinity_args), (sy_call_t )sys_cpuset_getaffinity, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, / 487 = cpuset_getaffinity */
	- { AS(cpuset_setaffinity_args), (sy_call_t )sys_cpuset_setaffinity, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, / 488 = cpuset_setaffinity */
	+ { AS(cpuset_args), (sy_call_t )sys_cpuset, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, / 484 = cpuset */
	+ { AS(cpuset_setid_args), (sy_call_t )sys_cpuset_setid, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, / 485 = cpuset_setid */
	+ { AS(cpuset_getid_args), (sy_call_t )sys_cpuset_getid, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, / 486 = cpuset_getid */
	+ { AS(cpuset_getaffinity_args), (sy_call_t )sys_cpuset_getaffinity, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, / 487 = cpuset_getaffinity */
	+ { AS(cpuset_setaffinity_args), (sy_call_t )sys_cpuset_setaffinity, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, / 488 = cpuset_setaffinity */
	{ AS(faccessat_args), (sy_call_t )sys_faccessat, AUE_FACCESSAT, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, / 489 = faccessat */
	{ AS(fchmodat_args), (sy_call_t )sys_fchmodat, AUE_FCHMODAT, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, / 490 = fchmodat */
	{ AS(fchownat_args), (sy_call_t )sys_fchownat, AUE_FCHOWNAT, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, / 491 = fchownat */
	Index: sys/kern/kern_cpuset.c
	===================================================================
	--- sys/kern/kern_cpuset.c
	+++ sys/kern/kern_cpuset.c
	@@ -47,6 +47,7 @@
	#include <sys/sched.h>
	#include <sys/smp.h>
	#include <sys/syscallsubr.h>
	+#include <sys/capsicum.h>
	#include <sys/cpuset.h>
	#include <sys/sx.h>
	#include <sys/queue.h>
	@@ -523,6 +524,7 @@
	int threads;
	int nfree;
	int error;
	+
	/*
	* The algorithm requires two passes due to locking considerations.
	*
	@@ -1097,6 +1099,11 @@

	if (cpusetsize < sizeof(cpuset_t) \|\| cpusetsize > CPU_MAXSIZE / NBBY)
	return (ERANGE);
	+ /* In Capability mode, you can only get your own CPU set. */
	+ if (IN_CAPABILITY_MODE(td) && !(level == CPU_LEVEL_WHICH &&
	+ (which == CPU_WHICH_TID \|\| which == CPU_WHICH_PID) &&
	+ id == -1))
	+ return (ECAPMODE);
	size = cpusetsize;
	mask = malloc(size, M_TEMP, M_WAITOK \| M_ZERO);
	error = cpuset_which(which, id, &p, &ttd, &set);
	@@ -1201,6 +1208,11 @@

	if (cpusetsize < sizeof(cpuset_t) \|\| cpusetsize > CPU_MAXSIZE / NBBY)
	return (ERANGE);
	+ /* In Capability mode, you can only set your own CPU set. */
	+ if (IN_CAPABILITY_MODE(td) && !(level == CPU_LEVEL_WHICH &&
	+ (which == CPU_WHICH_TID \|\| which == CPU_WHICH_PID) &&
	+ id == -1))
	+ return (ECAPMODE);
	mask = malloc(cpusetsize, M_TEMP, M_WAITOK \| M_ZERO);
	error = copyin(maskp, mask, cpusetsize);
	if (error)

File Metadata

Mime Type: text/plain
Expires: Tue, May 19, 2:29 PM (21 h, 19 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 33315957
Default Alt Text: D10170.id26871.diff (3 KB)

D10170.id26871.diffNo OneTemporaryActions

D10170.id26871.diffView Options

File Metadata

Event Timeline

D10170.id26871.diff
No OneTemporary
Actions

D10170.id26871.diff
View Options