From 4534a41f336b9e0e8f7ebc8046e20bda8351527f Mon Sep 17 00:00:00 2001 From: kib Date: Sun, 18 Sep 2016 22:03:07 +0000 Subject: [PATCH] Add compat32 support for capsicum. Reviewed by: bapt, emaste Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D7942 --- sys/compat/freebsd32/Makefile | 2 +- sys/compat/freebsd32/capabilities.conf | 284 ++++++++++++++++++++ sys/compat/freebsd32/freebsd32_capability.c | 20 -- sys/compat/freebsd32/syscalls.master | 2 +- 4 files changed, 286 insertions(+), 22 deletions(-) create mode 100644 sys/compat/freebsd32/capabilities.conf diff --git a/sys/compat/freebsd32/Makefile b/sys/compat/freebsd32/Makefile index 777b7355b50e..e91e04218254 100644 --- a/sys/compat/freebsd32/Makefile +++ b/sys/compat/freebsd32/Makefile @@ -8,7 +8,7 @@ all: sysent: freebsd32_sysent.c freebsd32_syscall.h freebsd32_proto.h freebsd32_systrace_args.c freebsd32_sysent.c freebsd32_syscalls.c freebsd32_syscall.h freebsd32_proto.h freebsd32_systrace_args.c : \ - ../../kern/makesyscalls.sh syscalls.master syscalls.conf + ../../kern/makesyscalls.sh syscalls.master syscalls.conf capabilities.conf sh ../../kern/makesyscalls.sh syscalls.master syscalls.conf clean: diff --git a/sys/compat/freebsd32/capabilities.conf b/sys/compat/freebsd32/capabilities.conf new file mode 100644 index 000000000000..e14ff2db6371 --- /dev/null +++ b/sys/compat/freebsd32/capabilities.conf @@ -0,0 +1,284 @@ +## +## Copyright (c) 2008-2010 Robert N. M. Watson +## Copyright (c) 2016 The FreeBSD Foundation +## All rights reserved. +## +## This software was developed at the University of Cambridge Computer +## Laboratory with support from a grant from Google, Inc. +## +## Portions of this software were developed by Konstantin Belousov +## under sponsorship from the FreeBSD Foundation. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted provided that the following conditions +## are met: +## 1. Redistributions of source code must retain the above copyright +## notice, this list of conditions and the following disclaimer. +## 2. Redistributions in binary form must reproduce the above copyright +## notice, this list of conditions and the following disclaimer in the +## documentation and/or other materials provided with the distribution. +## +## THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +## ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +## ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +## FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +## DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +## OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +## OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +## SUCH DAMAGE. +## +## List of system calls enabled in freebsd32 capability mode, one name +## per line. See the original list in the sys/kern/capabilities.conf. +## Position of the compat syscall in this file must be identical to +## the master, to facilitate comparision and diagnostic. +## +## $FreeBSD$ +## + +__acl_aclcheck_fd +__acl_delete_fd +__acl_get_fd +__acl_set_fd +__mac_get_fd +#__mac_get_pid +__mac_get_proc +__mac_set_fd +__mac_set_proc +freebsd32_sysctl +freebsd32_umtx_op +abort2 +accept +accept4 +aio_cancel +freebsd32_aio_error +aio_fsync +freebsd32_aio_read +freebsd32_aio_return +freebsd32_aio_suspend +freebsd32_aio_waitcomplete +freebsd32_aio_write +#audit +bindat +cap_enter +cap_fcntls_get +cap_fcntls_limit +cap_getmode +freebsd32_cap_ioctls_get +freebsd32_cap_ioctls_limit +__cap_rights_get +cap_rights_limit +freebsd32_clock_getres +freebsd32_clock_gettime +close +closefrom +connectat +#cpuset +#freebsd32_cpuset_getaffinity +#freebsd32_cpuset_getid +#freebsd32_cpuset_setaffinity +#freebsd32_cpuset_setid +dup +dup2 +extattr_delete_fd +extattr_get_fd +extattr_list_fd +extattr_set_fd +fchflags +fchmod +fchown +freebsd32_fcntl +freebsd32_fexecve +flock +fork +fpathconf +freebsd6_freebsd32_ftruncate +freebsd6_freebsd32_lseek +freebsd6_freebsd32_mmap +freebsd6_freebsd32_pread +freebsd6_freebsd32_pwrite +freebsd32_fstat +fstatfs +fsync +ftruncate +freebsd32_futimens +freebsd32_futimes +getaudit +getaudit_addr +getauid +freebsd32_getcontext +getdents +freebsd32_getdirentries +getdomainname +getdtablesize +getegid +geteuid +gethostid +gethostname +freebsd32_getitimer +getgid +getgroups +getlogin +freebsd32_getpagesize +getpeername +getpgid +getpgrp +getpid +getppid +getpriority +getresgid +getresuid +getrlimit +freebsd32_getrusage +getsid +getsockname +getsockopt +freebsd32_gettimeofday +getuid +freebsd32_ioctl +issetugid +freebsd32_kevent +kill +freebsd32_kmq_notify +freebsd32_kmq_setattr +freebsd32_kmq_timedreceive +freebsd32_kmq_timedsend +kqueue +freebsd32_ktimer_create +ktimer_delete +ktimer_getoverrun +freebsd32_ktimer_gettime +freebsd32_ktimer_settime +#ktrace +freebsd32_lio_listio +listen +freebsd32_lseek +madvise +mincore +minherit +mlock +mlockall +freebsd32_mmap +freebsd32_mprotect +msync +munlock +munlockall +munmap +freebsd32_nanosleep +ntp_gettime +freebsd6_freebsd32_aio_read +freebsd6_freebsd32_aio_write +obreak +freebsd6_freebsd32_lio_listio +chflagsat +faccessat +fchmodat +fchownat +freebsd32_fstatat +freebsd32_futimesat +linkat +mkdirat +mkfifoat +mknodat +openat +readlinkat +renameat +symlinkat +unlinkat +freebsd32_utimensat +open +pdfork +pdgetpid +pdkill +#pdwait4 # not yet implemented +freebsd32_pipe +pipe2 +poll +freebsd32_pread +freebsd32_preadv +profil +#ptrace +freebsd32_pwrite +freebsd32_pwritev +read +freebsd32_readv +freebsd6_freebsd32_recv +freebsd32_recvfrom +freebsd32_recvmsg +rtprio +rtprio_thread +sbrk +sched_get_priority_max +sched_get_priority_min +sched_getparam +sched_getscheduler +sched_rr_get_interval +sched_setparam +sched_setscheduler +sched_yield +sctp_generic_recvmsg +sctp_generic_sendmsg +sctp_generic_sendmsg_iov +sctp_peeloff +freebsd32_pselect +freebsd32_select +freebsd6_freebsd32_send +freebsd32_sendfile +freebsd32_sendmsg +sendto +setaudit +setaudit_addr +setauid +freebsd32_setcontext +setegid +seteuid +setgid +freebsd32_setitimer +setpriority +setregid +setresgid +setresuid +setreuid +setrlimit +setsid +setsockopt +setuid +shm_open +shutdown +freebsd32_sigaction +freebsd32_sigaltstack +freebsd32_sigblock +freebsd32_sigpending +sigprocmask +sigqueue +freebsd32_sigreturn +freebsd32_sigsetmask +ofreebsd32_sigstack +sigsuspend +freebsd32_sigtimedwait +freebsd32_sigvec +freebsd32_sigwaitinfo +sigwait +socket +socketpair +sstk +sync +sys_exit +freebsd32_sysarch +thr_create +thr_exit +thr_kill +#thr_kill2 +freebsd32_thr_new +thr_self +thr_set_name +freebsd32_thr_suspend +thr_wake +umask +utrace +uuidgen +write +freebsd32_writev +yield diff --git a/sys/compat/freebsd32/freebsd32_capability.c b/sys/compat/freebsd32/freebsd32_capability.c index 2aee10bda733..cc4cad2c2077 100644 --- a/sys/compat/freebsd32/freebsd32_capability.c +++ b/sys/compat/freebsd32/freebsd32_capability.c @@ -48,18 +48,6 @@ __FBSDID("$FreeBSD$"); MALLOC_DECLARE(M_FILECAPS); -int -freebsd32_cap_enter(struct thread *td, - struct freebsd32_cap_enter_args *uap) -{ - - /* - * We do not have an equivalent of capabilities.conf for freebsd32 - * compatibility, so do not allow capability mode for now. - */ - return (ENOSYS); -} - int freebsd32_cap_ioctls_limit(struct thread *td, struct freebsd32_cap_ioctls_limit_args *uap) @@ -147,14 +135,6 @@ out: #else /* !CAPABILITIES */ -int -freebsd32_cap_enter(struct thread *td, - struct freebsd32_cap_enter_args *uap) -{ - - return (ENOSYS); -} - int freebsd32_cap_ioctls_limit(struct thread *td, struct freebsd32_cap_ioctls_limit_args *uap) diff --git a/sys/compat/freebsd32/syscalls.master b/sys/compat/freebsd32/syscalls.master index db3adfd60235..72b8d1faa109 100644 --- a/sys/compat/freebsd32/syscalls.master +++ b/sys/compat/freebsd32/syscalls.master @@ -974,7 +974,7 @@ 514 AUE_NULL OBSOL cap_new 515 AUE_CAP_RIGHTS_GET NOPROTO { int __cap_rights_get(int version, \ int fd, cap_rights_t *rightsp); } -516 AUE_CAP_ENTER STD { int freebsd32_cap_enter(void); } +516 AUE_CAP_ENTER NOPROTO { int cap_enter(void); } 517 AUE_CAP_GETMODE NOPROTO { int cap_getmode(u_int *modep); } 518 AUE_PDFORK NOPROTO { int pdfork(int *fdp, int flags); } 519 AUE_PDKILL NOPROTO { int pdkill(int fd, int signum); }