Author: cem Date: Fri Dec 16 01:37:44 2016 New Revision: 310135 URL: https://svnweb.freebsd.org/changeset/base/310135
Log: capsicum_helpers: Add LOOKUP flag Add a helper routine for opening a directory that is restricted to being used for opening relative files as stdio streams. I think this will really help basic adaptation of multi-file programs to Capsicum. Rather than having each program initialize a rights object and ioctl/fcntl arrays for their root fd for relative opens, consolidate in the logical place. Reviewed by: oshogbo@ Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D8743 Modified: head/lib/libcapsicum/capsicum_helpers.h Modified: head/lib/libcapsicum/capsicum_helpers.h ============================================================================== --- head/lib/libcapsicum/capsicum_helpers.h Fri Dec 16 01:14:00 2016 (r310134) +++ head/lib/libcapsicum/capsicum_helpers.h Fri Dec 16 01:37:44 2016 (r310135) @@ -41,6 +41,7 @@ #define CAPH_IGNORE_EBADF 0x0001 #define CAPH_READ 0x0002 #define CAPH_WRITE 0x0004 +#define CAPH_LOOKUP 0x0008 static __inline int caph_limit_stream(int fd, int flags) @@ -54,6 +55,8 @@ caph_limit_stream(int fd, int flags) cap_rights_set(&rights, CAP_READ); if ((flags & CAPH_WRITE) != 0) cap_rights_set(&rights, CAP_WRITE); + if ((flags & CAPH_LOOKUP) != 0) + cap_rights_set(&rights, CAP_LOOKUP); if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS) { if (errno == EBADF && (flags & CAPH_IGNORE_EBADF) != 0) _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"