HomeFreeBSD
Diffusion FreeBSD src repository 91d3f40d93e3

libsysdecode: Fix decoding of Capsicum rights
91d3f40d93e3
Actions

Description

libsysdecode: Fix decoding of Capsicum rights

Capsicum rights are a bit tricky since some of them are subsets of
others, and one can have rights R1 and R2 such that R1 is a subset of
R2, but there is no collection of named rights whose union is R2. So,
they don't behave like most other flag sets. sysdecode_cap_rights(3)
does not handle this properly and so can emit misleading decodings.

Try to fix all of these problems:

  • Include composite rights in the caprights table.
  • Use a constructor to sort the caprights table such that "larger" rights appear first and thus are matched first.
  • Don't print rights that are a subset of rights already printed, so as to minimize the length of the output.
  • Print a trailing message if some of the specific rights are not matched by the table.

PR: 263165
Reviewed by: pauamma_gundo.com (doc), jhb, emaste
Sponsored by: The FreeBSD Foundation

(cherry picked from commit 869199d9922c7dee92c1c24f95b90f1d1319433e)

Details

Provenance
markjAuthored on Apr 13 2022, 2:47 PM
Parents
rGcac2d41f1fc1: callout: Remove the CS_EXECUTING flag
Branches
Unknown
Tags
Unknown

Changes (3)

PathSize
lib/
libsysdecode/

rG91d3f40d93e3

View Options

lib/libsysdecode/flags.c

Loading...
View Options

lib/libsysdecode/mktables

Loading...
View Options

lib/libsysdecode/sysdecode_cap_rights.3

Loading...