Diffusion FreeBSD src repository - subversion rS287209

Decompose linkat()/renameat() rights to source and target.
rS287209
Actions

Description

Decompose linkat()/renameat() rights to source and target.

To make it easier to understand how Capsicum interacts with linkat() and
renameat(), rename the rights to CAP_{LINK,RENAME}AT_{SOURCE,TARGET}.

This also addresses a shortcoming in Capsicum, where it isn't possible
to disable linking to files stored in a directory. Creating hardlinks
essentially makes it possible to access files with additional rights.

Reviewed by: rwatson, wblock
Differential Revision: https://reviews.freebsd.org/D3411

Details

Provenance

ed	Authored on

Reviewer

rwatson

Differential Revision

D3411: Decompose linkat()/renameat() rights to source and target.

Parents

rS287208: Make it buildable with WITH_OPENLDAP, again.

Branches

Unknown

Tags

Unknown

Event Timeline

ed committed rS287209: Decompose linkat()/renameat() rights to source and target..Aug 27 2015, 3:16 PM

Changes (5)

Path

Size

head/

share/

man/

man4/

rights.4

sys/

compat/

cloudabi/

cloudabi_fd.c

kern/

vfs_syscalls.c

sys/

capsicum.h

usr.bin/

procstat/

procstat_files.c

rS287209

View Options

head/share/man/man4/rights.4

View Options

head/sys/compat/cloudabi/cloudabi_fd.c

View Options

head/sys/kern/vfs_syscalls.c

View Options

head/sys/sys/capsicum.h

View Options

head/usr.bin/procstat/procstat_files.c

Decompose linkat()/renameat() rights to source and target.rS287209Actions

Description

Details

Event Timeline

Changes (5)

rS287209

head/share/man/man4/rights.4

head/sys/compat/cloudabi/cloudabi_fd.c

head/sys/kern/vfs_syscalls.c

head/sys/sys/capsicum.h

head/usr.bin/procstat/procstat_files.c

Decompose linkat()/renameat() rights to source and target.
rS287209
Actions