Author: jhb Date: Sat Jul 13 00:12:35 2019 New Revision: 349959 URL: https://svnweb.freebsd.org/changeset/base/349959
Log: Add Capsicumification of the virtio_console device model. This is a direct commit to stable/11. This change was missed when merging virtio_console to 11 because the capsicum change and virtio_console changes were merged in the opposite order of the changes in head. Modified: stable/11/usr.sbin/bhyve/pci_virtio_console.c Modified: stable/11/usr.sbin/bhyve/pci_virtio_console.c ============================================================================== --- stable/11/usr.sbin/bhyve/pci_virtio_console.c Fri Jul 12 22:31:12 2019 (r349958) +++ stable/11/usr.sbin/bhyve/pci_virtio_console.c Sat Jul 13 00:12:35 2019 (r349959) @@ -34,12 +34,16 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> +#ifndef WITHOUT_CAPSICUM +#include <sys/capsicum.h> +#endif #include <sys/linker_set.h> #include <sys/uio.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/un.h> +#include <err.h> #include <errno.h> #include <fcntl.h> #include <stdio.h> @@ -50,6 +54,7 @@ __FBSDID("$FreeBSD$"); #include <assert.h> #include <pthread.h> #include <libgen.h> +#include <sysexits.h> #include "bhyverun.h" #include "pci_emul.h" @@ -270,6 +275,9 @@ pci_vtcon_sock_add(struct pci_vtcon_softc *sc, const c struct pci_vtcon_sock *sock; struct sockaddr_un sun; int s = -1, fd = -1, error = 0; +#ifndef WITHOUT_CAPSICUM + cap_rights_t rights; +#endif sock = calloc(1, sizeof(struct pci_vtcon_sock)); if (sock == NULL) { @@ -308,6 +316,11 @@ pci_vtcon_sock_add(struct pci_vtcon_softc *sc, const c goto out; } +#ifndef WITHOUT_CAPSICUM + cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE); + if (cap_rights_limit(s, &rights) == -1 && errno != ENOSYS) + errx(EX_OSERR, "Unable to apply rights for sandbox"); +#endif sock->vss_port = pci_vtcon_port_add(sc, name, pci_vtcon_sock_tx, sock); if (sock->vss_port == NULL) { _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"