2216c6933c
Previously it was possible to connect a socket (which had the CAP_CONNECT right) by calling "connectat(AT_FDCWD, ...)" even in capabilties mode. This combination should be treated the same as a call to connect (i.e. forbidden in capabilities mode). Similarly for bindat. Disable connectat/bindat with AT_FDCWD in capabilities mode, fix up the documentation and add tests. PR: 222632 Submitted by: Jan Kokemüller <jan.kokemueller@gmail.com> Reviewed by: Domagoj Stolfa MFC after: 1 week Relnotes: Yes Differential Revision: https://reviews.freebsd.org/D15221
13 lines
189 B
Makefile
13 lines
189 B
Makefile
# $FreeBSD$
|
|
|
|
TESTSDIR= ${TESTSBASE}/sys/capsicum
|
|
|
|
ATF_TESTS_C+= bindat_connectat
|
|
ATF_TESTS_C+= ioctls_test
|
|
|
|
CFLAGS.bindat_connectat.c+= -I${SRCTOP}/tests
|
|
|
|
WARNS?= 6
|
|
|
|
.include <bsd.test.mk>
|