svn commit: r349959 - stable/11/usr.sbin/bhyve

Fri, 12 Jul 2019 17:13:34 -0700 

Author: jhb
Date: Sat Jul 13 00:12:35 2019
New Revision: 349959
URL: https://svnweb.freebsd.org/changeset/base/349959

Log:
  Add Capsicumification of the virtio_console device model.
  
  This is a direct commit to stable/11.  This change was missed when
  merging virtio_console to 11 because the capsicum change and
  virtio_console changes were merged in the opposite order of the
  changes in head.

Modified:
  stable/11/usr.sbin/bhyve/pci_virtio_console.c

Modified: stable/11/usr.sbin/bhyve/pci_virtio_console.c
==============================================================================
--- stable/11/usr.sbin/bhyve/pci_virtio_console.c       Fri Jul 12 22:31:12 
2019        (r349958)
+++ stable/11/usr.sbin/bhyve/pci_virtio_console.c       Sat Jul 13 00:12:35 
2019        (r349959)
@@ -34,12 +34,16 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
+#ifndef WITHOUT_CAPSICUM
+#include <sys/capsicum.h>
+#endif
 #include <sys/linker_set.h>
 #include <sys/uio.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/un.h>
 
+#include <err.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <stdio.h>
@@ -50,6 +54,7 @@ __FBSDID("$FreeBSD$");
 #include <assert.h>
 #include <pthread.h>
 #include <libgen.h>
+#include <sysexits.h>
 
 #include "bhyverun.h"
 #include "pci_emul.h"
@@ -270,6 +275,9 @@ pci_vtcon_sock_add(struct pci_vtcon_softc *sc, const c
        struct pci_vtcon_sock *sock;
        struct sockaddr_un sun;
        int s = -1, fd = -1, error = 0;
+#ifndef WITHOUT_CAPSICUM
+       cap_rights_t rights;
+#endif
 
        sock = calloc(1, sizeof(struct pci_vtcon_sock));
        if (sock == NULL) {
@@ -308,6 +316,11 @@ pci_vtcon_sock_add(struct pci_vtcon_softc *sc, const c
                goto out;
        }
 
+#ifndef WITHOUT_CAPSICUM
+       cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE);
+       if (cap_rights_limit(s, &rights) == -1 && errno != ENOSYS)
+               errx(EX_OSERR, "Unable to apply rights for sandbox");
+#endif
 
        sock->vss_port = pci_vtcon_port_add(sc, name, pci_vtcon_sock_tx, sock);
        if (sock->vss_port == NULL) {
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to