Diffusion FreeBSD src repository bf7c4fcbbb05

bhyveload: hold /boot and do relative lookups for the loader
bf7c4fcbbb05
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

bhyveload: hold /boot and do relative lookups for the loader

The next change will push bhyveload into capability mode right after we
allocate vcpu state, before we've setup or entered the loader, to limit
the surface area that a rogue loader script can touch.

With an explicit -l loader, we don't need to preopen /boot because
changing interpreters isn't allowed. We'll just dlopen() entirely in
advance in that case to eliminate some complexity.

Reviewed by: allanjude (earlier version), markj
Differential Revision: https://reviews.freebsd.org/D43285

Details

Provenance

Authored on Jan 3 2024, 10:17 PM

Reviewer

Differential Revision

D43285: bhyveload: hold /boot and do relative lookups for the loader

Parents

rG6779d44bd878: bhyveload: use a dirfd to support -h

Branches

Unknown

Tags

Unknown

Event Timeline

kevans committed rGbf7c4fcbbb05: bhyveload: hold /boot and do relative lookups for the loader (authored by kevans).Jan 3 2024, 10:19 PM

kevans added an edge: D43285: bhyveload: hold /boot and do relative lookups for the loader.

kevans mentioned this in rG67082f077f39: bhyveload: fix non -l use.Jan 4 2024, 1:37 AM

kevans mentioned this in rG3299277af825: bhyveload: hold /boot and do relative lookups for the loader.Jan 22 2024, 5:30 PM

kevans mentioned this in rGb7390f6f8412: bhyveload: hold /boot and do relative lookups for the loader.Jan 22 2024, 5:32 PM

Changes (1)

Path

Size

usr.sbin/

bhyveload/

rGbf7c4fcbbb05

usr.sbin/bhyveload/bhyveload.c

Loading...