D7965.id20523.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D7965.id20523.diff
View Options

	Index: sys/kern/subr_syscall.c
	===================================================================
	--- sys/kern/subr_syscall.c
	+++ sys/kern/subr_syscall.c
	@@ -165,12 +165,22 @@
	syscallret(struct thread td, int error, struct syscall_args sa)
	{
	struct proc p, p2;
	+ ksiginfo_t ksi;
	int traced;

	KASSERT((td->td_pflags & TDP_FORKING) == 0,
	("fork() did not clear TDP_FORKING upon completion"));

	p = td->td_proc;
	+ if (trap_enotcap && IN_CAPABILITY_MODE(td) &&
	+ ((td->td_pflags & TDP_NERRNO) == 0 ? error : td->td_errno) ==
	+ ENOTCAPABLE) {
	+ ksiginfo_init_trap(&ksi);
	+ ksi.ksi_signo = SIGTRAP;
	+ ksi.ksi_errno = ENOTCAPABLE;
	+ ksi.ksi_code = TRAP_CAP;
	+ trapsignal(td, &ksi);
	+ }

	/*
	* Handle reschedule and other end-of-syscall issues
	Index: sys/kern/sys_capability.c
	===================================================================
	--- sys/kern/sys_capability.c
	+++ sys/kern/sys_capability.c
	@@ -83,6 +83,10 @@
	#include <vm/uma.h>
	#include <vm/vm.h>

	+int trap_enotcap;
	+SYSCTL_INT(_kern, OID_AUTO, trap_enotcap, CTLFLAG_RW, &trap_enotcap, 0,
	+ "Deliver SIGTRAP on ENOTCAPABLE");
	+
	#ifdef CAPABILITY_MODE

	FEATURE(security_capability_mode, "Capsicum Capability Mode");
	Index: sys/sys/capsicum.h
	===================================================================
	--- sys/sys/capsicum.h
	+++ sys/sys/capsicum.h
	@@ -368,6 +368,8 @@
	int cap_fcntl_check_fde(struct filedescent *fde, int cmd);
	int cap_fcntl_check(struct filedesc *fdp, int fd, int cmd);

	+extern int trap_enotcap;
	+
	#else /* !_KERNEL */

	__BEGIN_DECLS
	Index: sys/sys/signal.h
	===================================================================
	--- sys/sys/signal.h
	+++ sys/sys/signal.h
	@@ -291,6 +291,7 @@
	#define TRAP_BRKPT 1 /* Process breakpoint. */
	#define TRAP_TRACE 2 /* Process trace trap. */
	#define TRAP_DTRACE 3 /* DTrace induced trap. */
	+#define TRAP_CAP 4 /* Capabilities protective trap. */

	/* codes for SIGCHLD */
	#define CLD_EXITED 1 /* Child has exited */

File Metadata

Mime Type: text/plain
Expires: Thu, Jun 11, 12:09 AM (1 h, 4 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 33862023
Default Alt Text: D7965.id20523.diff (1 KB)

D7965.id20523.diffNo OneTemporaryActions

D7965.id20523.diffView Options

File Metadata

Event Timeline

D7965.id20523.diff
No OneTemporary
Actions

D7965.id20523.diff
View Options