Page MenuHomeFreeBSD
Files F102898771

D43315.diff
No OneTemporary
Actions

D43315.diff
View Options

diff --git a/usr.sbin/bhyveload/bhyveload.c b/usr.sbin/bhyveload/bhyveload.c
--- a/usr.sbin/bhyveload/bhyveload.c
+++ b/usr.sbin/bhyveload/bhyveload.c
@@ -734,12 +734,17 @@
static void
hostbase_open(const char *base)
{
+ cap_rights_t rights;
if (hostbase_fd != -1)
close(hostbase_fd);
hostbase_fd = open(base, O_DIRECTORY | O_PATH);
if (hostbase_fd == -1)
err(EX_OSERR, "open");
+
+ if (caph_rights_limit(hostbase_fd, cap_rights_init(&rights, CAP_FSTATAT,
+ CAP_LOOKUP, CAP_READ)) < 0)
+ err(EX_OSERR, "caph_rights_limit");
}
static void
@@ -860,11 +865,24 @@
* guest requesting a different one.
*/
if (explicit_loader_fd == -1) {
+ cap_rights_t rights;
+
bootfd = open("/boot", O_DIRECTORY | O_PATH);
if (bootfd == -1) {
perror("open");
exit(1);
}
+
+ /*
+ * bootfd will be used to do a lookup of our loader and do an
+ * fdlopen(3) on the loader; thus, we need mmap(2) in addition
+ * to the more usual lookup rights.
+ */
+ if (caph_rights_limit(bootfd, cap_rights_init(&rights,
+ CAP_FSTATAT, CAP_LOOKUP, CAP_MMAP_RX, CAP_READ)) < 0) {
+ perror("caph_rights_limit");
+ exit(1);
+ }
}
vcpu = vm_vcpu_open(ctx, BSP);

File Metadata

Mime Type
text/plain
Expires
Tue, Nov 19, 11:49 AM (20 h, 50 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
14715969
Default Alt Text
D43315.diff (1 KB)

Event Timeline