d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f07ebb8888
freebsd-skq/lib/libc/sys/Makefile.inc
pjd f07ebb8888 Merge Capsicum overhaul: 
- Capability is no longer separate descriptor type. Now every descriptor
  has set of its own capability rights.

- The cap_new(2) system call is left, but it is no longer documented and
  should not be used in new code.

- The new syscall cap_rights_limit(2) should be used instead of
  cap_new(2), which limits capability rights of the given descriptor
  without creating a new one.

- The cap_getrights(2) syscall is renamed to cap_rights_get(2).

- If CAP_IOCTL capability right is present we can further reduce allowed
  ioctls list with the new cap_ioctls_limit(2) syscall. List of allowed
  ioctls can be retrived with cap_ioctls_get(2) syscall.

- If CAP_FCNTL capability right is present we can further reduce fcntls
  that can be used with the new cap_fcntls_limit(2) syscall and retrive
  them with cap_fcntls_get(2).

- To support ioctl and fcntl white-listing the filedesc structure was
  heavly modified.

- The audit subsystem, kdump and procstat tools were updated to
  recognize new syscalls.

- Capability rights were revised and eventhough I tried hard to provide
  backward API and ABI compatibility there are some incompatible changes
  that are described in detail below:

	CAP_CREATE old behaviour:
	- Allow for openat(2)+O_CREAT.
	- Allow for linkat(2).
	- Allow for symlinkat(2).
	CAP_CREATE new behaviour:
	- Allow for openat(2)+O_CREAT.

	Added CAP_LINKAT:
	- Allow for linkat(2). ABI: Reuses CAP_RMDIR bit.
	- Allow to be target for renameat(2).

	Added CAP_SYMLINKAT:
	- Allow for symlinkat(2).

	Removed CAP_DELETE. Old behaviour:
	- Allow for unlinkat(2) when removing non-directory object.
	- Allow to be source for renameat(2).

	Removed CAP_RMDIR. Old behaviour:
	- Allow for unlinkat(2) when removing directory.

	Added CAP_RENAMEAT:
	- Required for source directory for the renameat(2) syscall.

	Added CAP_UNLINKAT (effectively it replaces CAP_DELETE and CAP_RMDIR):
	- Allow for unlinkat(2) on any object.
	- Required if target of renameat(2) exists and will be removed by this
	  call.

	Removed CAP_MAPEXEC.

	CAP_MMAP old behaviour:
	- Allow for mmap(2) with any combination of PROT_NONE, PROT_READ and
	  PROT_WRITE.
	CAP_MMAP new behaviour:
	- Allow for mmap(2)+PROT_NONE.

	Added CAP_MMAP_R:
	- Allow for mmap(PROT_READ).
	Added CAP_MMAP_W:
	- Allow for mmap(PROT_WRITE).
	Added CAP_MMAP_X:
	- Allow for mmap(PROT_EXEC).
	Added CAP_MMAP_RW:
	- Allow for mmap(PROT_READ | PROT_WRITE).
	Added CAP_MMAP_RX:
	- Allow for mmap(PROT_READ | PROT_EXEC).
	Added CAP_MMAP_WX:
	- Allow for mmap(PROT_WRITE | PROT_EXEC).
	Added CAP_MMAP_RWX:
	- Allow for mmap(PROT_READ | PROT_WRITE | PROT_EXEC).

	Renamed CAP_MKDIR to CAP_MKDIRAT.
	Renamed CAP_MKFIFO to CAP_MKFIFOAT.
	Renamed CAP_MKNODE to CAP_MKNODEAT.

	CAP_READ old behaviour:
	- Allow pread(2).
	- Disallow read(2), readv(2) (if there is no CAP_SEEK).
	CAP_READ new behaviour:
	- Allow read(2), readv(2).
	- Disallow pread(2) (CAP_SEEK was also required).

	CAP_WRITE old behaviour:
	- Allow pwrite(2).
	- Disallow write(2), writev(2) (if there is no CAP_SEEK).
	CAP_WRITE new behaviour:
	- Allow write(2), writev(2).
	- Disallow pwrite(2) (CAP_SEEK was also required).

	Added convinient defines:

	#define	CAP_PREAD		(CAP_SEEK | CAP_READ)
	#define	CAP_PWRITE		(CAP_SEEK | CAP_WRITE)
	#define	CAP_MMAP_R		(CAP_MMAP | CAP_SEEK | CAP_READ)
	#define	CAP_MMAP_W		(CAP_MMAP | CAP_SEEK | CAP_WRITE)
	#define	CAP_MMAP_X		(CAP_MMAP | CAP_SEEK | 0x0000000000000008ULL)
	#define	CAP_MMAP_RW		(CAP_MMAP_R | CAP_MMAP_W)
	#define	CAP_MMAP_RX		(CAP_MMAP_R | CAP_MMAP_X)
	#define	CAP_MMAP_WX		(CAP_MMAP_W | CAP_MMAP_X)
	#define	CAP_MMAP_RWX		(CAP_MMAP_R | CAP_MMAP_W | CAP_MMAP_X)
	#define	CAP_RECV		CAP_READ
	#define	CAP_SEND		CAP_WRITE

	#define	CAP_SOCK_CLIENT \
		(CAP_CONNECT | CAP_GETPEERNAME | CAP_GETSOCKNAME | CAP_GETSOCKOPT | \
		 CAP_PEELOFF | CAP_RECV | CAP_SEND | CAP_SETSOCKOPT | CAP_SHUTDOWN)
	#define	CAP_SOCK_SERVER \
		(CAP_ACCEPT | CAP_BIND | CAP_GETPEERNAME | CAP_GETSOCKNAME | \
		 CAP_GETSOCKOPT | CAP_LISTEN | CAP_PEELOFF | CAP_RECV | CAP_SEND | \
		 CAP_SETSOCKOPT | CAP_SHUTDOWN)

	Added defines for backward API compatibility:

	#define	CAP_MAPEXEC		CAP_MMAP_X
	#define	CAP_DELETE		CAP_UNLINKAT
	#define	CAP_MKDIR		CAP_MKDIRAT
	#define	CAP_RMDIR		CAP_UNLINKAT
	#define	CAP_MKFIFO		CAP_MKFIFOAT
	#define	CAP_MKNOD		CAP_MKNODAT
	#define	CAP_SOCK_ALL		(CAP_SOCK_CLIENT | CAP_SOCK_SERVER)

Sponsored by:	The FreeBSD Foundation
Reviewed by:	Christoph Mallon <christoph.mallon@gmx.de>
Many aspects discussed with:	rwatson, benl, jonathan
ABI compatibility discussed with:	kib
2013-03-02 00:53:12 +00:00

403 lines
8.5 KiB
Makefile
Raw Blame History

# @(#)Makefile.inc 8.3 (Berkeley) 10/24/94
# $FreeBSD$
# sys sources
.PATH: ${.CURDIR}/${LIBC_ARCH}/sys ${.CURDIR}/sys
# Include the generated makefile containing the *complete* list
# of syscall names in MIASM.
.include "${.CURDIR}/../../sys/sys/syscall.mk"
# Include machine dependent definitions.
#
# MDASM names override the default syscall names in MIASM.
# NOASM will prevent the default syscall code from being generated.
#
.sinclude "${.CURDIR}/${LIBC_ARCH}/sys/Makefile.inc"
SRCS+= clock_gettime.c gettimeofday.c __vdso_gettimeofday.c
NOASM+= clock_gettime.o gettimeofday.o
PSEUDO+= _clock_gettime.o _gettimeofday.o
# Sources common to both syscall interfaces:
SRCS+= stack_protector.c stack_protector_compat.c __error.c
.if !defined(WITHOUT_SYSCALL_COMPAT)
SYSCALL_COMPAT_SRCS= fcntl.c ftruncate.c lseek.c mmap.c pread.c \
pwrite.c truncate.c
SRCS+= ${SYSCALL_COMPAT_SRCS}
NOASM+= ${SYSCALL_COMPAT_SRCS:S/.c/.o/}
PSEUDO+= _fcntl.o
.endif
SRCS+= sigwait.c
NOASM+= sigwait.o
PSEUDO+= _sigwait.o
# Add machine dependent asm sources:
SRCS+=${MDASM}
# Look though the complete list of syscalls (MIASM) for names that are
# not defined with machine dependent implementations (MDASM) and are
# not declared for no generation of default code (NOASM). Add each
# syscall that satisfies these conditions to the ASM list.
.for _asm in ${MIASM}
.if (${MDASM:R:M${_asm:R}} == "")
.if (${NOASM:R:M${_asm:R}} == "")
ASM+=$(_asm)
.endif
.endif
.endfor
OBJS+= ${ASM} ${PSEUDO}
SASM= ${ASM:S/.o/.S/}
SPSEUDO= ${PSEUDO:S/.o/.S/}
SRCS+= ${SASM} ${SPSEUDO}
SYM_MAPS+= ${.CURDIR}/sys/Symbol.map
# Generated files
CLEANFILES+= ${SASM} ${SPSEUDO}
.if ${MACHINE_CPUARCH} == "amd64" || ${MACHINE_CPUARCH} == "i386" || \
${MACHINE_CPUARCH} == "powerpc"
NOTE_GNU_STACK='\t.section .note.GNU-stack,"",%%progbits\n'
.else
NOTE_GNU_STACK=''
.endif
${SASM}:
printf '#include "compat.h"\n' > ${.TARGET}
printf '#include "SYS.h"\nRSYSCALL(${.PREFIX})\n' >> ${.TARGET}
printf ${NOTE_GNU_STACK} >>${.TARGET}
${SPSEUDO}:
printf '#include "compat.h"\n' > ${.TARGET}
printf '#include "SYS.h"\nPSEUDO(${.PREFIX:S/_//})\n' \
>> ${.TARGET}
printf ${NOTE_GNU_STACK} >>${.TARGET}
MAN+= abort2.2 \
accept.2 \
access.2 \
acct.2 \
adjtime.2 \
aio_cancel.2 \
aio_error.2 \
aio_read.2 \
aio_return.2 \
aio_suspend.2 \
aio_waitcomplete.2 \
aio_write.2 \
bind.2 \
brk.2 \
cap_enter.2 \
cap_fcntls_limit.2 \
cap_ioctls_limit.2 \
cap_rights_limit.2 \
chdir.2 \
chflags.2 \
chmod.2 \
chown.2 \
chroot.2 \
clock_gettime.2 \
close.2 \
closefrom.2 \
connect.2 \
cpuset.2 \
cpuset_getaffinity.2 \
dup.2 \
execve.2 \
_exit.2 \
extattr_get_file.2 \
fcntl.2 \
ffclock.2 \
fhopen.2 \
flock.2 \
fork.2 \
fsync.2 \
getdirentries.2 \
getdtablesize.2 \
getfh.2 \
getfsstat.2 \
getgid.2 \
getgroups.2 \
getitimer.2 \
getlogin.2 \
getloginclass.2 \
getpeername.2 \
getpgrp.2 \
getpid.2 \
getpriority.2 \
getrlimit.2 \
getrusage.2 \
getsid.2 \
getsockname.2 \
getsockopt.2 \
gettimeofday.2 \
getuid.2 \
intro.2 \
ioctl.2 \
issetugid.2 \
jail.2 \
kenv.2 \
kill.2 \
kldfind.2 \
kldfirstmod.2 \
kldload.2 \
kldnext.2 \
kldstat.2 \
kldsym.2 \
kldunload.2 \
kqueue.2 \
ktrace.2 \
link.2 \
lio_listio.2 \
listen.2 \
lseek.2 \
madvise.2 \
mincore.2 \
minherit.2 \
mkdir.2 \
mkfifo.2 \
mknod.2 \
mlock.2 \
mlockall.2 \
mmap.2 \
modfind.2 \
modnext.2 \
modstat.2 \
mount.2 \
mprotect.2 \
mq_close.2 \
mq_getattr.2 \
mq_notify.2 \
mq_open.2 \
mq_receive.2 \
mq_send.2 \
mq_setattr.2 \
msgctl.2 \
msgget.2 \
msgrcv.2 \
msgsnd.2 \
msync.2 \
munmap.2 \
nanosleep.2 \
nfssvc.2 \
ntp_adjtime.2 \
open.2 \
pathconf.2 \
pdfork.2 \
pipe.2 \
poll.2 \
posix_fadvise.2 \
posix_fallocate.2 \
posix_openpt.2 \
profil.2 \
pselect.2 \
ptrace.2 \
quotactl.2 \
read.2 \
readlink.2 \
reboot.2 \
recv.2 \
rename.2 \
revoke.2 \
rfork.2 \
rmdir.2 \
rtprio.2
.if !defined(NO_P1003_1B)
MAN+= sched_get_priority_max.2 \
sched_setparam.2 \
sched_setscheduler.2 \
sched_yield.2
.endif
MAN+= sctp_generic_recvmsg.2 \
sctp_generic_sendmsg.2 \
sctp_peeloff.2 \
select.2 \
semctl.2 \
semget.2 \
semop.2 \
send.2 \
setfib.2 \
sendfile.2 \
setgroups.2 \
setpgid.2 \
setregid.2 \
setresuid.2 \
setreuid.2 \
setsid.2 \
setuid.2 \
shmat.2 \
shmctl.2 \
shmget.2 \
shm_open.2 \
shutdown.2 \
sigaction.2 \
sigaltstack.2 \
sigpending.2 \
sigprocmask.2 \
sigqueue.2 \
sigreturn.2 \
sigstack.2 \
sigsuspend.2 \
sigwait.2 \
sigwaitinfo.2 \
socket.2 \
socketpair.2 \
stat.2 \
statfs.2 \
swapon.2 \
symlink.2 \
sync.2 \
sysarch.2 \
syscall.2 \
timer_create.2 \
timer_delete.2 \
timer_settime.2 \
truncate.2 \
umask.2 \
undelete.2 \
unlink.2 \
utimes.2 \
utrace.2 \
uuidgen.2 \
vfork.2 \
wait.2 \
write.2
MLINKS+=access.2 eaccess.2 \
access.2 faccessat.2
MLINKS+=brk.2 sbrk.2
MLINKS+=cap_enter.2 cap_getmode.2
MLINKS+=cap_fcntls_limit.2 cap_fcntls_get.2
MLINKS+=cap_ioctls_limit.2 cap_ioctls_get.2
MLINKS+=cap_rights_limit.2 cap_rights_get.2
MLINKS+=chdir.2 fchdir.2
MLINKS+=chflags.2 fchflags.2 \
chflags.2 lchflags.2
MLINKS+=chmod.2 fchmod.2 \
chmod.2 fchmodat.2 \
chmod.2 lchmod.2
MLINKS+=chown.2 fchown.2 \
chown.2 fchownat.2 \
chown.2 lchown.2
MLINKS+=clock_gettime.2 clock_getres.2 \
clock_gettime.2 clock_settime.2
MLINKS+=cpuset.2 cpuset_getid.2 \
cpuset.2 cpuset_setid.2
MLINKS+=cpuset_getaffinity.2 cpuset_setaffinity.2
MLINKS+=dup.2 dup2.2
MLINKS+=execve.2 fexecve.2
MLINKS+=extattr_get_file.2 extattr.2 \
extattr_get_file.2 extattr_delete_fd.2 \
extattr_get_file.2 extattr_delete_file.2 \
extattr_get_file.2 extattr_delete_list.2 \
extattr_get_file.2 extattr_get_fd.2 \
extattr_get_file.2 extattr_get_list.2 \
extattr_get_file.2 extattr_list_fd.2 \
extattr_get_file.2 extattr_list_file.2 \
extattr_get_file.2 extattr_list_link.2 \
extattr_get_file.2 extattr_set_fd.2 \
extattr_get_file.2 extattr_set_file.2 \
extattr_get_file.2 extattr_set_link.2
MLINKS+=ffclock.2 ffclock_getcounter.2 \
ffclock.2 ffclock_getestimate.2 \
ffclock.2 ffclock_setestimate.2
MLINKS+=fhopen.2 fhstat.2 fhopen.2 fhstatfs.2
MLINKS+=getdirentries.2 getdents.2
MLINKS+=getfh.2 lgetfh.2
MLINKS+=getgid.2 getegid.2
MLINKS+=getitimer.2 setitimer.2
MLINKS+=getlogin.2 getlogin_r.3
MLINKS+=getlogin.2 setlogin.2
MLINKS+=getloginclass.2 setloginclass.2
MLINKS+=getpgrp.2 getpgid.2
MLINKS+=getpid.2 getppid.2
MLINKS+=getpriority.2 setpriority.2
MLINKS+=getrlimit.2 setrlimit.2
MLINKS+=getsockopt.2 setsockopt.2
MLINKS+=gettimeofday.2 settimeofday.2
MLINKS+=getuid.2 geteuid.2
MLINKS+=intro.2 errno.2
MLINKS+=jail.2 jail_attach.2 \
jail.2 jail_get.2 \
jail.2 jail_remove.2 \
jail.2 jail_set.2
MLINKS+=kldunload.2 kldunloadf.2
MLINKS+=kqueue.2 kevent.2 \
kqueue.2 EV_SET.3
MLINKS+=link.2 linkat.2
MLINKS+=madvise.2 posix_madvise.2
MLINKS+=mkdir.2 mkdirat.2
MLINKS+=mkfifo.2 mkfifoat.2
MLINKS+=mknod.2 mknodat.2
MLINKS+=mlock.2 munlock.2
MLINKS+=mlockall.2 munlockall.2
MLINKS+=modnext.2 modfnext.2
MLINKS+=mount.2 nmount.2 \
mount.2 unmount.2
MLINKS+=mq_receive.2 mq_timedreceive.2
MLINKS+=mq_send.2 mq_timedsend.2
MLINKS+=ntp_adjtime.2 ntp_gettime.2
MLINKS+=open.2 openat.2
MLINKS+=pathconf.2 fpathconf.2
MLINKS+=pathconf.2 lpathconf.2
MLINKS+=pdfork.2 pdgetpid.2\
pdfork.2 pdkill.2 \
pdfork.2 pdwait4.2
MLINKS+=read.2 pread.2 \
read.2 preadv.2 \
read.2 readv.2
MLINKS+=readlink.2 readlinkat.2
MLINKS+=recv.2 recvfrom.2 \
recv.2 recvmsg.2
MLINKS+=rename.2 renameat.2
MLINKS+=rtprio.2 rtprio_thread.2
.if !defined(NO_P1003_1B)
MLINKS+=sched_get_priority_max.2 sched_get_priority_min.2 \
sched_get_priority_max.2 sched_rr_get_interval.2
MLINKS+=sched_setparam.2 sched_getparam.2
MLINKS+=sched_setscheduler.2 sched_getscheduler.2
.endif
MLINKS+=select.2 FD_CLR.3 \
select.2 FD_ISSET.3 \
select.2 FD_SET.3 \
select.2 FD_ZERO.3
MLINKS+=send.2 sendmsg.2 \
send.2 sendto.2
MLINKS+=setpgid.2 setpgrp.2
MLINKS+=setresuid.2 getresgid.2 \
setresuid.2 getresuid.2 \
setresuid.2 setresgid.2
MLINKS+=setuid.2 setegid.2 \
setuid.2 seteuid.2 \
setuid.2 setgid.2
MLINKS+=shmat.2 shmdt.2
MLINKS+=shm_open.2 shm_unlink.2
MLINKS+=sigwaitinfo.2 sigtimedwait.2
MLINKS+=stat.2 fstat.2 \
stat.2 fstatat.2 \
stat.2 lstat.2
MLINKS+=statfs.2 fstatfs.2
MLINKS+=swapon.2 swapoff.2
MLINKS+=symlink.2 symlinkat.2
MLINKS+=syscall.2 __syscall.2
MLINKS+=timer_settime.2 timer_getoverrun.2 \
timer_settime.2 timer_gettime.2
MLINKS+=truncate.2 ftruncate.2
MLINKS+=unlink.2 unlinkat.2
MLINKS+=utimes.2 futimes.2 \
utimes.2 futimesat.2 \
utimes.2 lutimes.2
MLINKS+=wait.2 wait3.2 \
wait.2 wait4.2 \
wait.2 waitpid.2 \
wait.2 waitid.2 \
wait.2 wait6.2
MLINKS+=write.2 pwrite.2 \
write.2 pwritev.2 \
write.2 writev.2
Reference in New Issue View Git Blame Copy Permalink