Add compat32 support for capsicum.

Reviewed by: bapt, emaste Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D7942
2016-09-18 22:03:07 +00:00 · 2016-09-18 22:03:07 +00:00 · 4534a41f33
commit 4534a41f33
parent 9fa08f4484
4 changed files with 286 additions and 22 deletions
--- a/sys/compat/freebsd32/Makefile
+++ b/sys/compat/freebsd32/Makefile
@ -8,7 +8,7 @@ all:
 sysent:  freebsd32_sysent.c freebsd32_syscall.h freebsd32_proto.h freebsd32_systrace_args.c

 freebsd32_sysent.c freebsd32_syscalls.c freebsd32_syscall.h freebsd32_proto.h freebsd32_systrace_args.c : \
-	    ../../kern/makesyscalls.sh syscalls.master syscalls.conf
+	    ../../kern/makesyscalls.sh syscalls.master syscalls.conf capabilities.conf
 	sh ../../kern/makesyscalls.sh syscalls.master syscalls.conf

 clean:
--- a/sys/compat/freebsd32/capabilities.conf
+++ b/sys/compat/freebsd32/capabilities.conf
@ -0,0 +1,284 @@
+##
+## Copyright (c) 2008-2010 Robert N. M. Watson
+## Copyright (c) 2016 The FreeBSD Foundation
+## All rights reserved.
+##
+## This software was developed at the University of Cambridge Computer
+## Laboratory with support from a grant from Google, Inc.
+##
+## Portions of this software were developed by Konstantin Belousov
+## under sponsorship from the FreeBSD Foundation.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted provided that the following conditions
+## are met:
+## 1. Redistributions of source code must retain the above copyright
+##    notice, this list of conditions and the following disclaimer.
+## 2. Redistributions in binary form must reproduce the above copyright
+##    notice, this list of conditions and the following disclaimer in the
+##    documentation and/or other materials provided with the distribution.
+##
+## THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+## ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+## ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+## FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+## DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+## OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+## OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+## SUCH DAMAGE.
+##
+## List of system calls enabled in freebsd32 capability mode, one name
+## per line.  See the original list in the sys/kern/capabilities.conf.
+## Position of the compat syscall in this file must be identical to
+## the master, to facilitate comparision and diagnostic.
+##
+## $FreeBSD$
+##
+
+__acl_aclcheck_fd
+__acl_delete_fd
+__acl_get_fd
+__acl_set_fd
+__mac_get_fd
+#__mac_get_pid
+__mac_get_proc
+__mac_set_fd
+__mac_set_proc
+freebsd32_sysctl
+freebsd32_umtx_op
+abort2
+accept
+accept4
+aio_cancel
+freebsd32_aio_error
+aio_fsync
+freebsd32_aio_read
+freebsd32_aio_return
+freebsd32_aio_suspend
+freebsd32_aio_waitcomplete
+freebsd32_aio_write
+#audit
+bindat
+cap_enter
+cap_fcntls_get
+cap_fcntls_limit
+cap_getmode
+freebsd32_cap_ioctls_get
+freebsd32_cap_ioctls_limit
+__cap_rights_get
+cap_rights_limit
+freebsd32_clock_getres
+freebsd32_clock_gettime
+close
+closefrom
+connectat
+#cpuset
+#freebsd32_cpuset_getaffinity
+#freebsd32_cpuset_getid
+#freebsd32_cpuset_setaffinity
+#freebsd32_cpuset_setid
+dup
+dup2
+extattr_delete_fd
+extattr_get_fd
+extattr_list_fd
+extattr_set_fd
+fchflags
+fchmod
+fchown
+freebsd32_fcntl
+freebsd32_fexecve
+flock
+fork
+fpathconf
+freebsd6_freebsd32_ftruncate
+freebsd6_freebsd32_lseek
+freebsd6_freebsd32_mmap
+freebsd6_freebsd32_pread
+freebsd6_freebsd32_pwrite
+freebsd32_fstat
+fstatfs
+fsync
+ftruncate
+freebsd32_futimens
+freebsd32_futimes
+getaudit
+getaudit_addr
+getauid
+freebsd32_getcontext
+getdents
+freebsd32_getdirentries
+getdomainname
+getdtablesize
+getegid
+geteuid
+gethostid
+gethostname
+freebsd32_getitimer
+getgid
+getgroups
+getlogin
+freebsd32_getpagesize
+getpeername
+getpgid
+getpgrp
+getpid
+getppid
+getpriority
+getresgid
+getresuid
+getrlimit
+freebsd32_getrusage
+getsid
+getsockname
+getsockopt
+freebsd32_gettimeofday
+getuid
+freebsd32_ioctl
+issetugid
+freebsd32_kevent
+kill
+freebsd32_kmq_notify
+freebsd32_kmq_setattr
+freebsd32_kmq_timedreceive
+freebsd32_kmq_timedsend
+kqueue
+freebsd32_ktimer_create
+ktimer_delete
+ktimer_getoverrun
+freebsd32_ktimer_gettime
+freebsd32_ktimer_settime
+#ktrace
+freebsd32_lio_listio
+listen
+freebsd32_lseek
+madvise
+mincore
+minherit
+mlock
+mlockall
+freebsd32_mmap
+freebsd32_mprotect
+msync
+munlock
+munlockall
+munmap
+freebsd32_nanosleep
+ntp_gettime
+freebsd6_freebsd32_aio_read
+freebsd6_freebsd32_aio_write
+obreak
+freebsd6_freebsd32_lio_listio
+chflagsat
+faccessat
+fchmodat
+fchownat
+freebsd32_fstatat
+freebsd32_futimesat
+linkat
+mkdirat
+mkfifoat
+mknodat
+openat
+readlinkat
+renameat
+symlinkat
+unlinkat
+freebsd32_utimensat
+open
+pdfork
+pdgetpid
+pdkill
+#pdwait4	# not yet implemented
+freebsd32_pipe
+pipe2
+poll
+freebsd32_pread
+freebsd32_preadv
+profil
+#ptrace
+freebsd32_pwrite
+freebsd32_pwritev
+read
+freebsd32_readv
+freebsd6_freebsd32_recv
+freebsd32_recvfrom
+freebsd32_recvmsg
+rtprio
+rtprio_thread
+sbrk
+sched_get_priority_max
+sched_get_priority_min
+sched_getparam
+sched_getscheduler
+sched_rr_get_interval
+sched_setparam
+sched_setscheduler
+sched_yield
+sctp_generic_recvmsg
+sctp_generic_sendmsg
+sctp_generic_sendmsg_iov
+sctp_peeloff
+freebsd32_pselect
+freebsd32_select
+freebsd6_freebsd32_send
+freebsd32_sendfile
+freebsd32_sendmsg
+sendto
+setaudit
+setaudit_addr
+setauid
+freebsd32_setcontext
+setegid
+seteuid
+setgid
+freebsd32_setitimer
+setpriority
+setregid
+setresgid
+setresuid
+setreuid
+setrlimit
+setsid
+setsockopt
+setuid
+shm_open
+shutdown
+freebsd32_sigaction
+freebsd32_sigaltstack
+freebsd32_sigblock
+freebsd32_sigpending
+sigprocmask
+sigqueue
+freebsd32_sigreturn
+freebsd32_sigsetmask
+ofreebsd32_sigstack
+sigsuspend
+freebsd32_sigtimedwait
+freebsd32_sigvec
+freebsd32_sigwaitinfo
+sigwait
+socket
+socketpair
+sstk
+sync
+sys_exit
+freebsd32_sysarch
+thr_create
+thr_exit
+thr_kill
+#thr_kill2
+freebsd32_thr_new
+thr_self
+thr_set_name
+freebsd32_thr_suspend
+thr_wake
+umask
+utrace
+uuidgen
+write
+freebsd32_writev
+yield
--- a/sys/compat/freebsd32/freebsd32_capability.c
+++ b/sys/compat/freebsd32/freebsd32_capability.c
@ -48,18 +48,6 @@ __FBSDID("$FreeBSD$");

 MALLOC_DECLARE(M_FILECAPS);

-int
-freebsd32_cap_enter(struct thread *td,
-    struct freebsd32_cap_enter_args *uap)
-{
-
-	/*
-	 * We do not have an equivalent of capabilities.conf for freebsd32
-	 * compatibility, so do not allow capability mode for now.
-	 */
-	return (ENOSYS);
-}
-
 int
 freebsd32_cap_ioctls_limit(struct thread *td,
    struct freebsd32_cap_ioctls_limit_args *uap)
@ -147,14 +135,6 @@ freebsd32_cap_ioctls_get(struct thread *td,

 #else /* !CAPABILITIES */

-int
-freebsd32_cap_enter(struct thread *td,
-    struct freebsd32_cap_enter_args *uap)
-{
-
-	return (ENOSYS);
-}
-
 int
 freebsd32_cap_ioctls_limit(struct thread *td,
    struct freebsd32_cap_ioctls_limit_args *uap)
--- a/sys/compat/freebsd32/syscalls.master
+++ b/sys/compat/freebsd32/syscalls.master
@ -974,7 +974,7 @@
 514	AUE_NULL	OBSOL	cap_new
 515	AUE_CAP_RIGHTS_GET	NOPROTO	{ int __cap_rights_get(int version, \
 				    int fd, cap_rights_t *rightsp); }
-516	AUE_CAP_ENTER	STD	{ int freebsd32_cap_enter(void); }
+516	AUE_CAP_ENTER	NOPROTO	{ int cap_enter(void); }
 517	AUE_CAP_GETMODE	NOPROTO	{ int cap_getmode(u_int *modep); }
 518	AUE_PDFORK	NOPROTO	{ int pdfork(int *fdp, int flags); }
 519	AUE_PDKILL	NOPROTO	{ int pdkill(int fd, int signum); }