freebsd-nq/contrib/capsicum-test/capsicum-linux.h

#ifndef __CAPSICUM_LINUX_H__
#define __CAPSICUM_LINUX_H__

#ifdef __linux__
/************************************************************
 * Linux Capsicum Functionality.
 ************************************************************/
#include <errno.h>
#include <sys/procdesc.h>
#include <sys/capsicum.h>

#define HAVE_CAP_RIGHTS_LIMIT
#define HAVE_CAP_RIGHTS_GET
#define HAVE_CAP_FCNTLS_LIMIT
#define HAVE_CAP_IOCTLS_LIMIT
#define HAVE_PROC_FDINFO
#define HAVE_PDWAIT4
#define CAP_FROM_ACCEPT
// TODO(drysdale): uncomment if/when Linux propagates rights on sctp_peeloff.
// Linux does not generate a capability from sctp_peeloff(cap_fd,...).
// #define CAP_FROM_PEELOFF
// TODO(drysdale): uncomment if/when Linux allows intermediate .. path segments
// for openat()-like operations.
// #define HAVE_OPENAT_INTERMEDIATE_DOTDOT

// Failure to open file due to path traversal generates EPERM
#ifdef ENOTBENEATH
#define E_NO_TRAVERSE_CAPABILITY ENOTBENEATH
#define E_NO_TRAVERSE_O_BENEATH ENOTBENEATH
#else
#define E_NO_TRAVERSE_CAPABILITY EPERM
#define E_NO_TRAVERSE_O_BENEATH EPERM
#endif

// Too many links
#define E_TOO_MANY_LINKS ELOOP

#endif /* __linux__ */

#endif /*__CAPSICUM_LINUX_H__*/
Import capsicum-test into ^/vendor/google/capsicum-test/dist The following change imports google/capsicum-test@9333154 from GitHub, omitting the embedded version of googletest, as well as the incomplete libcasper. This test suite helps verify capsicum(3) support via functional tests written in the GoogleTest test framework. Kernel support for capsicum(4) is tested by side-effect of testing capsicum(3). NB: as discussed in a previous [closed] PR [1], the casper(3) tests are incomplete/buggy and will not pass on FreeBSD. Thus, I have no intention of integrating them into the build/test on FreeBSD as-is. The import command used was: ``` curl -L https://github.com/google/capsicum-test/tarball/9333154 \| tar --strip-components=1 -xvzf - -C dist/ rm -Rf dist/*/ ``` 1. https://github.com/google/capsicum-test/pull/26 Reviewed by: emaste (mentor) Differential Revision: https://reviews.freebsd.org/D19261 2019-03-12 01:43:01 +00:00			`#ifndef __CAPSICUM_LINUX_H__`
			`#define __CAPSICUM_LINUX_H__`

			`#ifdef __linux__`
			`/************************************************************`
			`* Linux Capsicum Functionality.`
			`************************************************************/`
			`#include <errno.h>`
			`#include <sys/procdesc.h>`
			`#include <sys/capsicum.h>`

			`#define HAVE_CAP_RIGHTS_LIMIT`
			`#define HAVE_CAP_RIGHTS_GET`
			`#define HAVE_CAP_FCNTLS_LIMIT`
			`#define HAVE_CAP_IOCTLS_LIMIT`
			`#define HAVE_PROC_FDINFO`
			`#define HAVE_PDWAIT4`
			`#define CAP_FROM_ACCEPT`
			`// TODO(drysdale): uncomment if/when Linux propagates rights on sctp_peeloff.`
			`// Linux does not generate a capability from sctp_peeloff(cap_fd,...).`
			`// #define CAP_FROM_PEELOFF`
			`// TODO(drysdale): uncomment if/when Linux allows intermediate .. path segments`
			`// for openat()-like operations.`
			`// #define HAVE_OPENAT_INTERMEDIATE_DOTDOT`

			`// Failure to open file due to path traversal generates EPERM`
			`#ifdef ENOTBENEATH`
			`#define E_NO_TRAVERSE_CAPABILITY ENOTBENEATH`
			`#define E_NO_TRAVERSE_O_BENEATH ENOTBENEATH`
			`#else`
			`#define E_NO_TRAVERSE_CAPABILITY EPERM`
			`#define E_NO_TRAVERSE_O_BENEATH EPERM`
			`#endif`

			`// Too many links`
			`#define E_TOO_MANY_LINKS ELOOP`

			`#endif /* __linux__ */`

			`#endif /__CAPSICUM_LINUX_H__/`