HomeFreeBSD
Diffusion FreeBSD src repository 869199d9922c

libsysdecode: Fix decoding of Capsicum rights
869199d9922c
Actions

Description

libsysdecode: Fix decoding of Capsicum rights

Capsicum rights are a bit tricky since some of them are subsets of
others, and one can have rights R1 and R2 such that R1 is a subset of
R2, but there is no collection of named rights whose union is R2. So,
they don't behave like most other flag sets. sysdecode_cap_rights(3)
does not handle this properly and so can emit misleading decodings.

Try to fix all of these problems:

  • Include composite rights in the caprights table.
  • Use a constructor to sort the caprights table such that "larger" rights appear first and thus are matched first.
  • Don't print rights that are a subset of rights already printed, so as to minimize the length of the output.
  • Print a trailing message if some of the specific rights are not matched by the table.

PR: 263165
Reviewed by: pauamma_gundo.com (doc), jhb, emaste
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34874

Details

Provenance
markjAuthored on Apr 13 2022, 2:47 PM
Reviewer
pauamma_gundo.com
Differential Revision
D34874: libsysdecode: Fix decoding of Capsicum rights
Parents
rG4ad3423bc285: nfscl: Clean up the code by removing unused arguments
Branches
Unknown
Tags
Unknown

Changes (3)

PathSize
lib/
libsysdecode/

rG869199d9922c

View Options

lib/libsysdecode/flags.c

Loading...
View Options

lib/libsysdecode/mktables

Loading...
View Options

lib/libsysdecode/sysdecode_cap_rights.3

Loading...