Changeset View
Changeset View
Standalone View
Standalone View
usr.sbin/bhyve/block_if.c
Context not available. | |||||
__FBSDID("$FreeBSD$"); | __FBSDID("$FreeBSD$"); | ||||
#include <sys/param.h> | #include <sys/param.h> | ||||
#include <sys/capsicum.h> | |||||
#include <sys/queue.h> | #include <sys/queue.h> | ||||
#include <sys/errno.h> | #include <sys/errno.h> | ||||
#include <sys/stat.h> | #include <sys/stat.h> | ||||
Context not available. | |||||
#include <pthread.h> | #include <pthread.h> | ||||
#include <pthread_np.h> | #include <pthread_np.h> | ||||
#include <signal.h> | #include <signal.h> | ||||
#include <sysexits.h> | |||||
#include <unistd.h> | #include <unistd.h> | ||||
#include <machine/atomic.h> | #include <machine/atomic.h> | ||||
Context not available. | |||||
off_t size, psectsz, psectoff; | off_t size, psectsz, psectoff; | ||||
int extra, fd, i, sectsz; | int extra, fd, i, sectsz; | ||||
int nocache, sync, ro, candelete, geom, ssopt, pssopt; | int nocache, sync, ro, candelete, geom, ssopt, pssopt; | ||||
cap_rights_t rights; | |||||
u_long cmds[] = {DIOCGFLUSH, DIOCGDELETE, DIOCGMEDIASIZE, DIOCGSECTORSIZE, | |||||
DIOCGSTRIPESIZE, DIOCGSTRIPEOFFSET, DIOCGATTR, DIOCGPROVIDERNAME}; | |||||
pthread_once(&blockif_once, blockif_init); | pthread_once(&blockif_once, blockif_init); | ||||
Context not available. | |||||
ro = 1; | ro = 1; | ||||
} | } | ||||
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_SEEK, CAP_FSTAT, CAP_IOCTL); | |||||
if (ro) | |||||
cap_rights_clear(&rights, CAP_WRITE); | |||||
if (cap_rights_limit(fd, &rights) == -1 && errno != ENOSYS) | |||||
errx(EX_OSERR, "Unable to apply rights for sandbox"); | |||||
if (cap_ioctls_limit(fd, cmds, nitems(cmds)) == -1 && errno != ENOSYS) | |||||
errx(EX_OSERR, "Unable to apply rights for sandbox"); | |||||
if (fd < 0) { | if (fd < 0) { | ||||
warn("Could not open backing file: %s", nopt); | warn("Could not open backing file: %s", nopt); | ||||
goto err; | goto err; | ||||
Context not available. | |||||
grehan: fsync needs to be added here, or an ahci-hd file-backed disk image will fail on FreeBSD guest… | |||||
Not Done Inline ActionsI'm not sure if here the reverse logic would be more secure. oshogbo: I'm not sure if here the reverse logic would be more secure. | |||||
Not Done Inline ActionsThat is: cap_rights_init(&rights, CAP_IOCTL, CAP_READ, CAP_SEEK); if (!ro) cap_rights_set(&rights, CAP_FSYNC, CAP_WRITE); I agree that looks preferable. emaste: That is:
```
cap_rights_init(&rights, CAP_IOCTL, CAP_READ, CAP_SEEK);
if (!ro)… |
fsync needs to be added here, or an ahci-hd file-backed disk image will fail on FreeBSD guest shutdown with
(ada0:ahcich0:0:0:0): FLUSHCACHE48. ACB: ea 00 00 00 00 40 00 00 00 00 00 00
(ada0:ahcich0:0:0:0): CAM status: ATA Status Error
(ada0:ahcich0:0:0:0): ATA status: 41 (DRDY ERR), error: 04 (ABRT )
(ada0:ahcich0:0:0:0): RES: 41 04 00 00 00 40 00 00 00 00 00
(ada0:ahcich0:0:0:0): Retrying command
(ada0:ahcich0:0:0:0): FLUSHCACHE48. ACB: ea 00 00 00 00 40 00 00 00 00 00 00
(ada0:ahcich0:0:0:0): CAM status: ATA Status Error
(ada0:ahcich0:0:0:0): ATA status: 41 (DRDY ERR), error: 04 (ABRT )
(ada0:ahcich0:0:0:0): RES: 41 04 00 00 00 40 00 00 00 00 00
(ada0:ahcich0:0:0:0): Error 5, Retries exhausted
(ada0:ahcich0:0:0:0): Synchronize cache failed
#ifndef WITHOUT_CAPSICUM
+ cap_rights_init(&rights, CAP_IOCTL, CAP_READ, CAP_SEEK, CAP_WRITE,
+ CAP_FSYNC);
+ if (ro) {
+ cap_rights_clear(&rights, CAP_FSYNC);
+ }