allow posix_fallocate in capability mode

posix_fallocate is logically equivalent to writing zero blocks to the desired file size and there is no reason to prevent calling it in capability mode. posix_fallocate already checked for the CAP_WRITE right, so we merely need to list it in capabilities.conf. Reviewed by: allanjude MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D12640
2017-10-12 15:45:53 +00:00 · 2017-10-12 15:45:53 +00:00 · 5532aa9bb4
commit 5532aa9bb4
parent 042ea0aa16
3 changed files with 7 additions and 2 deletions
--- a/lib/libc/sys/posix_fallocate.2
+++ b/lib/libc/sys/posix_fallocate.2
@ -28,7 +28,7 @@
 .\"     @(#)open.2	8.2 (Berkeley) 11/16/93
 .\" $FreeBSD$
 .\"
-.Dd January 23, 2014
+.Dd October 12, 2017
 .Dt POSIX_FALLOCATE 2
 .Os
 .Sh NAME
@ -118,6 +118,10 @@ argument does not refer to a regular file.
 .It Bq Er ENOSPC
 There is insufficient free space remaining on the file system storage
 media.
+.It Bq Er ENOTCAPABLE
+The file descriptor
+.Fa fd
+has insufficient rights.
 .It Bq Er ESPIPE
 The
 .Fa fd
--- a/sys/kern/capabilities.conf
+++ b/sys/kern/capabilities.conf
@ -488,6 +488,7 @@ poll
 ##
 ## Allow I/O-related file descriptors, subject to capability rights.
 ##
+posix_fallocate
 pread
 preadv

--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@ -4400,7 +4400,7 @@ kern_posix_fallocate(struct thread *td, int fd, off_t offset, off_t len)
 	if (offset > OFF_MAX - len)
 		return (EFBIG);
 	AUDIT_ARG_FD(fd);
-	error = fget(td, fd, cap_rights_init(&rights, CAP_WRITE), &fp);
+	error = fget(td, fd, cap_rights_init(&rights, CAP_PWRITE), &fp);
 	if (error != 0)
 		return (error);
 	AUDIT_ARG_FILE(td->td_proc, fp);