D10776.diff
No OneTemporary
Actions

Size

30 KB

Referenced Files

None

Subscribers

None

D10776.diff
View Options

	Index: lib/libc/sys/cap_enter.2
	===================================================================
	--- lib/libc/sys/cap_enter.2
	+++ lib/libc/sys/cap_enter.2
	@@ -118,22 +118,10 @@
	sets the flag to a non-zero value.
	A zero value means the process is not in capability mode.
	.Sh ERRORS
	-The
	-.Fn cap_enter
	-and
	-.Fn cap_getmode
	-system calls
	-will fail if:
	-.Bl -tag -width Er
	-.It Bq Er ENOSYS
	-The kernel is compiled without:
	-.Pp
	-.Cd "options CAPABILITY_MODE"
	-.El
	.Pp
	The
	.Fn cap_getmode
	-system call may also return the following error:
	+system call will return the following error:
	.Bl -tag -width Er
	.It Bq Er EFAULT
	Pointer
	Index: share/man/man4/capsicum.4
	===================================================================
	--- share/man/man4/capsicum.4
	+++ share/man/man4/capsicum.4
	@@ -26,15 +26,12 @@
	.\"
	.\" $FreeBSD$
	.\"
	-.Dd July 5, 2016
	+.Dd May 15, 2017
	.Dt CAPSICUM 4
	.Os
	.Sh NAME
	.Nm Capsicum
	.Nd lightweight OS capability and sandbox framework
	-.Sh SYNOPSIS
	-.Cd "options CAPABILITY_MODE"
	-.Cd "options CAPABILITIES"
	.Sh DESCRIPTION
	.Nm
	is a lightweight OS capability and sandbox framework implementing a hybrid
	Index: sys/amd64/amd64/sys_machdep.c
	===================================================================
	--- sys/amd64/amd64/sys_machdep.c
	+++ sys/amd64/amd64/sys_machdep.c
	@@ -33,8 +33,6 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#include "opt_capsicum.h"
	-
	#include <sys/param.h>
	#include <sys/systm.h>
	#include <sys/capsicum.h>
	@@ -181,7 +179,6 @@
	struct i386_get_xfpustate i386xfpu;
	struct amd64_get_xfpustate a64xfpu;

	-#ifdef CAPABILITY_MODE
	/*
	* When adding new operations, add a new case statement here to
	* explicitly indicate whether or not the operation is safe to
	@@ -213,7 +210,6 @@
	return (ECAPMODE);
	}
	}
	-#endif

	if (uap->op == I386_GET_LDT \|\| uap->op == I386_SET_LDT)
	return (sysarch_ldt(td, uap, UIO_USERSPACE));
	Index: sys/amd64/conf/GENERIC
	===================================================================
	--- sys/amd64/conf/GENERIC
	+++ sys/amd64/conf/GENERIC
	@@ -69,8 +69,6 @@
	options KBD_INSTALL_CDEV # install a CDEV entry in /dev
	options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
	options AUDIT # Security event auditing
	-options CAPABILITY_MODE # Capsicum capability mode
	-options CAPABILITIES # Capsicum capabilities
	options MAC # TrustedBSD MAC Framework
	options KDTRACE_FRAME # Ensure frames are compiled in
	options KDTRACE_HOOKS # Kernel DTrace hooks
	Index: sys/amd64/conf/MINIMAL
	===================================================================
	--- sys/amd64/conf/MINIMAL
	+++ sys/amd64/conf/MINIMAL
	@@ -70,8 +70,6 @@
	options KBD_INSTALL_CDEV # install a CDEV entry in /dev
	options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
	options AUDIT # Security event auditing
	-options CAPABILITY_MODE # Capsicum capability mode
	-options CAPABILITIES # Capsicum capabilities
	options MAC # TrustedBSD MAC Framework
	options KDTRACE_FRAME # Ensure frames are compiled in
	options KDTRACE_HOOKS # Kernel DTrace hooks
	Index: sys/arm/arm/sys_machdep.c
	===================================================================
	--- sys/arm/arm/sys_machdep.c
	+++ sys/arm/arm/sys_machdep.c
	@@ -32,8 +32,6 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#include "opt_capsicum.h"
	-
	#include <sys/param.h>
	#include <sys/systm.h>
	#include <sys/capsicum.h>
	@@ -194,7 +192,6 @@
	{
	int error;

	-#ifdef CAPABILITY_MODE
	/*
	* When adding new operations, add a new case statement here to
	* explicitly indicate whether or not the operation is safe to
	@@ -216,7 +213,6 @@
	return (ECAPMODE);
	}
	}
	-#endif

	switch (uap->op) {
	case ARM_SYNC_ICACHE:
	Index: sys/arm/conf/ATMEL
	===================================================================
	--- sys/arm/conf/ATMEL
	+++ sys/arm/conf/ATMEL
	@@ -66,8 +66,6 @@
	options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
	#options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
	#options AUDIT # Security event auditing
	-#options CAPABILITY_MODE # Capsicum capability mode
	-#options CAPABILITIES # Capsicum capabilities
	#options MAC # TrustedBSD MAC Framework
	#options INCLUDE_CONFIG_FILE # Include this file in kernel

	Index: sys/arm/conf/ETHERNUT5
	===================================================================
	--- sys/arm/conf/ETHERNUT5
	+++ sys/arm/conf/ETHERNUT5
	@@ -62,8 +62,6 @@
	options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
	#options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
	#options AUDIT # Security event auditing
	-#options CAPABILITY_MODE # Capsicum capability mode
	-#options CAPABILITIES # Capsicum capabilities
	#options MAC # TrustedBSD MAC Framework
	#options INCLUDE_CONFIG_FILE # Include this file in kernel

	Index: sys/arm/conf/SAM9260EK
	===================================================================
	--- sys/arm/conf/SAM9260EK
	+++ sys/arm/conf/SAM9260EK
	@@ -74,8 +74,6 @@
	options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
	#options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
	#options AUDIT # Security event auditing
	-#options CAPABILITY_MODE # Capsicum capability mode
	-#options CAPABILITIES # Capsicum capabilities
	#options MAC # TrustedBSD MAC Framework
	#options INCLUDE_CONFIG_FILE # Include this file in kernel

	Index: sys/arm64/conf/GENERIC
	===================================================================
	--- sys/arm64/conf/GENERIC
	+++ sys/arm64/conf/GENERIC
	@@ -61,8 +61,6 @@
	options KBD_INSTALL_CDEV # install a CDEV entry in /dev
	options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
	options AUDIT # Security event auditing
	-options CAPABILITY_MODE # Capsicum capability mode
	-options CAPABILITIES # Capsicum capabilities
	options MAC # TrustedBSD MAC Framework
	options KDTRACE_FRAME # Ensure frames are compiled in
	options KDTRACE_HOOKS # Kernel DTrace hooks
	Index: sys/compat/freebsd32/freebsd32_capability.c
	===================================================================
	--- sys/compat/freebsd32/freebsd32_capability.c
	+++ sys/compat/freebsd32/freebsd32_capability.c
	@@ -30,8 +30,6 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#include "opt_capsicum.h"
	-
	#include <sys/param.h>
	#include <sys/capsicum.h>
	#include <sys/filedesc.h>
	@@ -44,8 +42,6 @@

	#include <compat/freebsd32/freebsd32_proto.h>

	-#ifdef CAPABILITIES
	-
	MALLOC_DECLARE(M_FILECAPS);

	int
	@@ -132,23 +128,3 @@
	FILEDESC_SUNLOCK(fdp);
	return (error);
	}
	-
	-#else /* !CAPABILITIES */
	-
	-int
	-freebsd32_cap_ioctls_limit(struct thread *td,
	- struct freebsd32_cap_ioctls_limit_args *uap)
	-{
	-
	- return (ENOSYS);
	-}
	-
	-int
	-freebsd32_cap_ioctls_get(struct thread *td,
	- struct freebsd32_cap_ioctls_get_args *uap)
	-{
	-
	- return (ENOSYS);
	-}
	-
	-#endif /* CAPABILITIES */
	Index: sys/conf/NOTES
	===================================================================
	--- sys/conf/NOTES
	+++ sys/conf/NOTES
	@@ -1202,10 +1202,6 @@
	options MAC_STUB
	options MAC_TEST

	-# Support for Capsicum
	-options CAPABILITIES # fine-grained rights on file descriptors
	-options CAPABILITY_MODE # sandboxes with no global namespace access
	-

	#####################################################################
	# CLOCK OPTIONS
	Index: sys/conf/options
	===================================================================
	--- sys/conf/options
	+++ sys/conf/options
	@@ -78,8 +78,6 @@
	BOOTHOWTO opt_global.h
	BOOTVERBOSE opt_global.h
	CALLOUT_PROFILING
	-CAPABILITIES opt_capsicum.h
	-CAPABILITY_MODE opt_capsicum.h
	COMPAT_43 opt_compat.h
	COMPAT_43TTY opt_compat.h
	COMPAT_FREEBSD4 opt_compat.h
	Index: sys/i386/conf/GENERIC
	===================================================================
	--- sys/i386/conf/GENERIC
	+++ sys/i386/conf/GENERIC
	@@ -70,8 +70,6 @@
	options KBD_INSTALL_CDEV # install a CDEV entry in /dev
	options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
	options AUDIT # Security event auditing
	-options CAPABILITY_MODE # Capsicum capability mode
	-options CAPABILITIES # Capsicum capabilities
	options MAC # TrustedBSD MAC Framework
	options KDTRACE_HOOKS # Kernel DTrace hooks
	options DDB_CTF # Kernel ELF linker loads CTF data
	Index: sys/i386/i386/sys_machdep.c
	===================================================================
	--- sys/i386/i386/sys_machdep.c
	+++ sys/i386/i386/sys_machdep.c
	@@ -32,7 +32,6 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#include "opt_capsicum.h"
	#include "opt_kstack_pages.h"

	#include <sys/param.h>
	@@ -114,7 +113,6 @@

	AUDIT_ARG_CMD(uap->op);

	-#ifdef CAPABILITY_MODE
	/*
	* When adding new operations, add a new case statement here to
	* explicitly indicate whether or not the operation is safe to
	@@ -141,7 +139,6 @@
	return (ECAPMODE);
	}
	}
	-#endif

	switch (uap->op) {
	case I386_GET_IOPERM:
	Index: sys/kern/imgact_elf.c
	===================================================================
	--- sys/kern/imgact_elf.c
	+++ sys/kern/imgact_elf.c
	@@ -32,7 +32,6 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#include "opt_capsicum.h"
	#include "opt_compat.h"
	#include "opt_gzio.h"

	@@ -660,14 +659,12 @@
	u_long base_addr = 0;
	int error, i, numsegs;

	-#ifdef CAPABILITY_MODE
	/*
	* XXXJA: This check can go away once we are sufficiently confident
	* that the checks in namei() are correct.
	*/
	if (IN_CAPABILITY_MODE(curthread))
	return (ECAPMODE);
	-#endif

	tempdata = malloc(sizeof(*tempdata), M_TEMP, M_WAITOK);
	nd = &tempdata->nd;
	Index: sys/kern/kern_descrip.c
	===================================================================
	--- sys/kern/kern_descrip.c
	+++ sys/kern/kern_descrip.c
	@@ -37,7 +37,6 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#include "opt_capsicum.h"
	#include "opt_compat.h"
	#include "opt_ddb.h"
	#include "opt_ktrace.h"
	@@ -297,15 +296,11 @@
	struct filedescent *fde;

	fde = &fdp->fd_ofiles[fd];
	-#ifdef CAPABILITIES
	seq_write_begin(&fde->fde_seq);
	-#endif
	fdefree_last(fde);
	fde->fde_file = NULL;
	fdunused(fdp, fd);
	-#ifdef CAPABILITIES
	seq_write_end(&fde->fde_seq);
	-#endif
	}

	void
	@@ -903,9 +898,7 @@
	/*
	* Duplicate the source descriptor.
	*/
	-#ifdef CAPABILITIES
	seq_write_begin(&newfde->fde_seq);
	-#endif
	filecaps_free(&newfde->fde_caps);
	memcpy(newfde, oldfde, fde_change_size);
	filecaps_copy(&oldfde->fde_caps, &newfde->fde_caps, true);
	@@ -913,9 +906,7 @@
	newfde->fde_flags = oldfde->fde_flags \| UF_EXCLOSE;
	else
	newfde->fde_flags = oldfde->fde_flags & ~UF_EXCLOSE;
	-#ifdef CAPABILITIES
	seq_write_end(&newfde->fde_seq);
	-#endif
	td->td_retval[0] = new;

	error = 0;
	@@ -1793,18 +1784,14 @@
	FILEDESC_XLOCK_ASSERT(fdp);

	fde = &fdp->fd_ofiles[fd];
	-#ifdef CAPABILITIES
	seq_write_begin(&fde->fde_seq);
	-#endif
	fde->fde_file = fp;
	fde->fde_flags = (flags & O_CLOEXEC) != 0 ? UF_EXCLOSE : 0;
	if (fcaps != NULL)
	filecaps_move(fcaps, &fde->fde_caps);
	else
	filecaps_fill(&fde->fde_caps);
	-#ifdef CAPABILITIES
	seq_write_end(&fde->fde_seq);
	-#endif
	}

	int
	@@ -2463,11 +2450,9 @@
	goto out;
	}

	-#ifdef CAPABILITIES
	error = cap_check(cap_rights_fde(fde), needrightsp);
	if (error != 0)
	goto out;
	-#endif

	if (havecapsp != NULL)
	filecaps_copy(&fde->fde_caps, havecapsp, true);
	@@ -2485,11 +2470,6 @@
	{
	struct filedesc *fdp = td->td_proc->p_fd;
	int error;
	-#ifndef CAPABILITIES
	- error = fget_unlocked(fdp, fd, needrightsp, fpp, NULL);
	- if (error == 0 && havecapsp != NULL)
	- filecaps_fill(havecapsp);
	-#else
	struct file *fp;
	seq_t seq;

	@@ -2520,7 +2500,6 @@
	if (error == 0)
	fhold(*fpp);
	FILEDESC_SUNLOCK(fdp);
	-#endif
	return (error);
	}

	@@ -2528,17 +2507,13 @@
	fget_unlocked(struct filedesc fdp, int fd, cap_rights_t needrightsp,
	struct file *fpp, seq_t seqp)
	{
	-#ifdef CAPABILITIES
	struct filedescent *fde;
	-#endif
	struct fdescenttbl *fdt;
	struct file *fp;
	u_int count;
	-#ifdef CAPABILITIES
	seq_t seq;
	cap_rights_t haverights;
	int error;
	-#endif

	fdt = fdp->fd_files;
	if ((u_int)fd >= fdt->fdt_nfiles)
	@@ -2552,23 +2527,17 @@
	* due to preemption.
	*/
	for (;;) {
	-#ifdef CAPABILITIES
	seq = seq_read(fd_seq(fdt, fd));
	fde = &fdt->fdt_ofiles[fd];
	haverights = *cap_rights_fde(fde);
	fp = fde->fde_file;
	if (!seq_consistent(fd_seq(fdt, fd), seq))
	continue;
	-#else
	- fp = fdt->fdt_ofiles[fd].fde_file;
	-#endif
	if (fp == NULL)
	return (EBADF);
	-#ifdef CAPABILITIES
	error = cap_check(&haverights, needrightsp);
	if (error != 0)
	return (error);
	-#endif
	count = fp->f_count;
	retry:
	if (count == 0) {
	@@ -2587,19 +2556,13 @@
	if (atomic_fcmpset_acq_int(&fp->f_count, &count, count + 1) == 0)
	goto retry;
	fdt = fdp->fd_files;
	-#ifdef CAPABILITIES
	if (seq_consistent_nomb(fd_seq(fdt, fd), seq))
	-#else
	- if (fp == fdt->fdt_ofiles[fd].fde_file)
	-#endif
	break;
	fdrop(fp, curthread);
	}
	*fpp = fp;
	if (seqp != NULL) {
	-#ifdef CAPABILITIES
	*seqp = seq;
	-#endif
	}
	return (0);
	}
	@@ -2677,11 +2640,6 @@
	struct file **fpp)
	{
	int error;
	-#ifndef CAPABILITIES
	- error = _fget(td, fd, fpp, 0, rightsp, NULL);
	- if (maxprotp != NULL)
	- *maxprotp = VM_PROT_ALL;
	-#else
	struct filedesc *fdp = td->td_proc->p_fd;
	seq_t seq;

	@@ -2699,7 +2657,6 @@
	break;
	fdrop(*fpp, td);
	}
	-#endif
	return (error);
	}

	@@ -2722,9 +2679,6 @@
	struct file **fpp)
	{
	struct filedesc *fdp = td->td_proc->p_fd;
	-#ifndef CAPABILITIES
	- return (fget_unlocked(fdp, fd, rightsp, fpp, NULL));
	-#else
	int error;
	seq_t seq;

	@@ -2743,7 +2697,6 @@
	*fpp = NULL;
	}
	return (error);
	-#endif
	}

	/*
	@@ -2965,14 +2918,10 @@
	fhold(fp);
	newfde = &fdp->fd_ofiles[indx];
	oldfde = &fdp->fd_ofiles[dfd];
	-#ifdef CAPABILITIES
	seq_write_begin(&newfde->fde_seq);
	-#endif
	memcpy(newfde, oldfde, fde_change_size);
	filecaps_copy(&oldfde->fde_caps, &newfde->fde_caps, true);
	-#ifdef CAPABILITIES
	seq_write_end(&newfde->fde_seq);
	-#endif
	break;
	case ENXIO:
	/*
	@@ -2980,15 +2929,11 @@
	*/
	newfde = &fdp->fd_ofiles[indx];
	oldfde = &fdp->fd_ofiles[dfd];
	-#ifdef CAPABILITIES
	seq_write_begin(&newfde->fde_seq);
	-#endif
	memcpy(newfde, oldfde, fde_change_size);
	oldfde->fde_file = NULL;
	fdunused(fdp, dfd);
	-#ifdef CAPABILITIES
	seq_write_end(&newfde->fde_seq);
	-#endif
	break;
	}
	FILEDESC_XUNLOCK(fdp);
	@@ -3521,11 +3466,7 @@
	for (i = 0; fdp->fd_refcnt > 0 && i <= fdp->fd_lastfile; i++) {
	if ((fp = fdp->fd_ofiles[i].fde_file) == NULL)
	continue;
	-#ifdef CAPABILITIES
	rights = *cap_rights(fdp, i);
	-#else /* !CAPABILITIES */
	- cap_rights_init(&rights);
	-#endif
	/*
	* Create sysctl entry. It is OK to drop the filedesc
	* lock inside of export_file_to_sb() as we will
	Index: sys/kern/kern_exec.c
	===================================================================
	--- sys/kern/kern_exec.c
	+++ sys/kern/kern_exec.c
	@@ -27,7 +27,6 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#include "opt_capsicum.h"
	#include "opt_compat.h"
	#include "opt_hwpmc_hooks.h"
	#include "opt_ktrace.h"
	@@ -432,7 +431,6 @@

	interpret:
	if (args->fname != NULL) {
	-#ifdef CAPABILITY_MODE
	/*
	* While capability mode can't reach this point via direct
	* path arguments to execve(), we also don't allow
	@@ -443,7 +441,6 @@
	error = ECAPMODE;
	goto exec_fail;
	}
	-#endif
	error = namei(&nd);
	if (error)
	goto exec_fail;
	@@ -523,9 +520,7 @@
	#endif

	if (credential_changing &&
	-#ifdef CAPABILITY_MODE
	((oldcred->cr_flags & CRED_FLAG_CAPMODE) == 0) &&
	-#endif
	(imgp->vp->v_mount->mnt_flag & MNT_NOSUID) == 0 &&
	(p->p_flag & P_TRACED) == 0) {
	imgp->credential_setid = true;
	Index: sys/kern/kern_sysctl.c
	===================================================================
	--- sys/kern/kern_sysctl.c
	+++ sys/kern/kern_sysctl.c
	@@ -38,7 +38,6 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#include "opt_capsicum.h"
	#include "opt_compat.h"
	#include "opt_ktrace.h"

	@@ -1844,7 +1843,6 @@

	KASSERT(req->td != NULL, ("sysctl_root(): req->td == NULL"));

	-#ifdef CAPABILITY_MODE
	/*
	* If the process is in capability mode, then don't permit reading or
	* writing unless specifically granted for the node.
	@@ -1856,7 +1854,6 @@
	goto out;
	}
	}
	-#endif

	/* Is this sysctl sensitive to securelevels? */
	if (req->newptr && (oid->oid_kind & CTLFLAG_SECURE)) {
	Index: sys/kern/subr_syscall.c
	===================================================================
	--- sys/kern/subr_syscall.c
	+++ sys/kern/subr_syscall.c
	@@ -38,7 +38,6 @@
	* from: @(#)trap.c 7.4 (Berkeley) 5/13/91
	*/

	-#include "opt_capsicum.h"
	#include "opt_ktrace.h"

	__FBSDID("$FreeBSD$");
	@@ -110,7 +109,6 @@
	goto retval;
	}

	-#ifdef CAPABILITY_MODE
	/*
	* In capability mode, we only allow access to system calls
	* flagged with SYF_CAPENABLED.
	@@ -120,7 +118,6 @@
	error = ECAPMODE;
	goto retval;
	}
	-#endif

	error = syscall_thread_enter(td, sa->callp);
	if (error != 0)
	Index: sys/kern/sys_capability.c
	===================================================================
	--- sys/kern/sys_capability.c
	+++ sys/kern/sys_capability.c
	@@ -58,7 +58,6 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#include "opt_capsicum.h"
	#include "opt_ktrace.h"

	#include <sys/param.h>
	@@ -87,8 +86,6 @@
	SYSCTL_INT(_kern, OID_AUTO, trap_enotcap, CTLFLAG_RW, &trap_enotcap, 0,
	"Deliver SIGTRAP on ENOTCAPABLE");

	-#ifdef CAPABILITY_MODE
	-
	#define IOCTLS_MAX_COUNT 256 /* XXX: Is 256 sane? */

	FEATURE(security_capability_mode, "Capsicum Capability Mode");
	@@ -128,26 +125,6 @@
	return (copyout(&i, uap->modep, sizeof(i)));
	}

	-#else /* !CAPABILITY_MODE */
	-
	-int
	-sys_cap_enter(struct thread td, struct cap_enter_args uap)
	-{
	-
	- return (ENOSYS);
	-}
	-
	-int
	-sys_cap_getmode(struct thread td, struct cap_getmode_args uap)
	-{
	-
	- return (ENOSYS);
	-}
	-
	-#endif /* CAPABILITY_MODE */
	-
	-#ifdef CAPABILITIES
	-
	FEATURE(security_capabilities, "Capsicum Capabilities");

	MALLOC_DECLARE(M_FILECAPS);
	@@ -602,54 +579,3 @@

	return (copyout(&rights, uap->fcntlrightsp, sizeof(rights)));
	}
	-
	-#else /* !CAPABILITIES */
	-
	-/*
	- * Stub Capability functions for when options CAPABILITIES isn't compiled
	- * into the kernel.
	- */
	-
	-int
	-sys_cap_rights_limit(struct thread td, struct cap_rights_limit_args uap)
	-{
	-
	- return (ENOSYS);
	-}
	-
	-int
	-sys___cap_rights_get(struct thread td, struct __cap_rights_get_args uap)
	-{
	-
	- return (ENOSYS);
	-}
	-
	-int
	-sys_cap_ioctls_limit(struct thread td, struct cap_ioctls_limit_args uap)
	-{
	-
	- return (ENOSYS);
	-}
	-
	-int
	-sys_cap_ioctls_get(struct thread td, struct cap_ioctls_get_args uap)
	-{
	-
	- return (ENOSYS);
	-}
	-
	-int
	-sys_cap_fcntls_limit(struct thread td, struct cap_fcntls_limit_args uap)
	-{
	-
	- return (ENOSYS);
	-}
	-
	-int
	-sys_cap_fcntls_get(struct thread td, struct cap_fcntls_get_args uap)
	-{
	-
	- return (ENOSYS);
	-}
	-
	-#endif /* CAPABILITIES */
	Index: sys/kern/sys_generic.c
	===================================================================
	--- sys/kern/sys_generic.c
	+++ sys/kern/sys_generic.c
	@@ -37,7 +37,6 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#include "opt_capsicum.h"
	#include "opt_compat.h"
	#include "opt_ktrace.h"

	@@ -758,9 +757,6 @@
	{
	struct file *fp;
	struct filedesc *fdp;
	-#ifndef CAPABILITIES
	- cap_rights_t rights;
	-#endif
	int error, tmp, locked;

	AUDIT_ARG_FD(fd);
	@@ -775,16 +771,11 @@
	locked = LA_XLOCKED;
	break;
	default:
	-#ifdef CAPABILITIES
	FILEDESC_SLOCK(fdp);
	locked = LA_SLOCKED;
	-#else
	- locked = LA_UNLOCKED;
	-#endif
	break;
	}

	-#ifdef CAPABILITIES
	if ((fp = fget_locked(fdp, fd)) == NULL) {
	error = EBADF;
	goto out;
	@@ -798,13 +789,6 @@
	FILEDESC_SUNLOCK(fdp);
	locked = LA_UNLOCKED;
	}
	-#else
	- error = fget(td, fd, cap_rights_init(&rights, CAP_IOCTL), &fp);
	- if (error != 0) {
	- fp = NULL;
	- goto out;
	- }
	-#endif
	if ((fp->f_flag & (FREAD \| FWRITE)) == 0) {
	error = EBADF;
	goto out;
	@@ -839,11 +823,9 @@
	case LA_XLOCKED:
	FILEDESC_XUNLOCK(fdp);
	break;
	-#ifdef CAPABILITIES
	case LA_SLOCKED:
	FILEDESC_SUNLOCK(fdp);
	break;
	-#endif
	default:
	FILEDESC_UNLOCK_ASSERT(fdp);
	break;
	@@ -1479,9 +1461,7 @@
	struct filedesc *fdp;
	struct file *fp;
	struct pollfd *fd;
	-#ifdef CAPABILITIES
	cap_rights_t rights;
	-#endif
	int n;

	n = 0;
	@@ -1496,14 +1476,9 @@
	if (si != NULL)
	continue;
	fp = fdp->fd_ofiles[fd->fd].fde_file;
	-#ifdef CAPABILITIES
	if (fp == NULL \|\|
	cap_check(cap_rights(fdp, fd->fd),
	- cap_rights_init(&rights, CAP_EVENT)) != 0)
	-#else
	- if (fp == NULL)
	-#endif
	- {
	+ cap_rights_init(&rights, CAP_EVENT)) != 0) {
	fd->revents = POLLNVAL;
	n++;
	continue;
	@@ -1557,9 +1532,7 @@
	{
	struct filedesc *fdp = td->td_proc->p_fd;
	struct file *fp;
	-#ifdef CAPABILITIES
	cap_rights_t rights;
	-#endif
	int i, n = 0;

	FILEDESC_SLOCK(fdp);
	@@ -1571,14 +1544,9 @@
	fds->revents = 0;
	} else {
	fp = fdp->fd_ofiles[fds->fd].fde_file;
	-#ifdef CAPABILITIES
	if (fp == NULL \|\|
	cap_check(cap_rights(fdp, fds->fd),
	- cap_rights_init(&rights, CAP_EVENT)) != 0)
	-#else
	- if (fp == NULL)
	-#endif
	- {
	+ cap_rights_init(&rights, CAP_EVENT)) != 0) {
	fds->revents = POLLNVAL;
	n++;
	} else {
	Index: sys/kern/tty.c
	===================================================================
	--- sys/kern/tty.c
	+++ sys/kern/tty.c
	@@ -30,7 +30,6 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#include "opt_capsicum.h"
	#include "opt_compat.h"

	#include <sys/param.h>
	Index: sys/kern/uipc_mqueue.c
	===================================================================
	--- sys/kern/uipc_mqueue.c
	+++ sys/kern/uipc_mqueue.c
	@@ -51,7 +51,6 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#include "opt_capsicum.h"
	#include "opt_compat.h"

	#include <sys/param.h>
	@@ -2321,9 +2320,7 @@
	static int
	kern_kmq_notify(struct thread td, int mqd, struct sigevent sigev)
	{
	-#ifdef CAPABILITIES
	cap_rights_t rights;
	-#endif
	struct filedesc *fdp;
	struct proc *p;
	struct mqueue *mq;
	@@ -2355,14 +2352,12 @@
	error = EBADF;
	goto out;
	}
	-#ifdef CAPABILITIES
	error = cap_check(cap_rights(fdp, mqd),
	cap_rights_init(&rights, CAP_EVENT));
	if (error) {
	FILEDESC_SUNLOCK(fdp);
	goto out;
	}
	-#endif
	if (fp2 != fp) {
	FILEDESC_SUNLOCK(fdp);
	error = EBADF;
	Index: sys/kern/uipc_shm.c
	===================================================================
	--- sys/kern/uipc_shm.c
	+++ sys/kern/uipc_shm.c
	@@ -49,7 +49,6 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#include "opt_capsicum.h"
	#include "opt_ktrace.h"

	#include <sys/param.h>
	@@ -707,13 +706,11 @@
	mode_t cmode;
	int fd, error;

	-#ifdef CAPABILITY_MODE
	/*
	* shm_open(2) is only allowed for anonymous objects.
	*/
	if (IN_CAPABILITY_MODE(td) && (userpath != SHM_ANON))
	return (ECAPMODE);
	-#endif

	AUDIT_ARG_FFLAGS(flags);
	AUDIT_ARG_MODE(mode);
	Index: sys/kern/uipc_syscalls.c
	===================================================================
	--- sys/kern/uipc_syscalls.c
	+++ sys/kern/uipc_syscalls.c
	@@ -32,7 +32,6 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#include "opt_capsicum.h"
	#include "opt_inet.h"
	#include "opt_inet6.h"
	#include "opt_compat.h"
	@@ -700,10 +699,8 @@
	struct sockaddr *to;
	int error;

	-#ifdef CAPABILITY_MODE
	if (IN_CAPABILITY_MODE(td) && (mp->msg_name != NULL))
	return (ECAPMODE);
	-#endif

	if (mp->msg_name != NULL) {
	error = getsockaddr(&to, mp->msg_name, mp->msg_namelen);
	Index: sys/kern/vfs_lookup.c
	===================================================================
	--- sys/kern/vfs_lookup.c
	+++ sys/kern/vfs_lookup.c
	@@ -37,7 +37,6 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#include "opt_capsicum.h"
	#include "opt_ktrace.h"

	#include <sys/param.h>
	@@ -333,7 +332,6 @@
	if (error == 0 && *cnp->cn_pnbuf == '\0')
	error = ENOENT;

	-#ifdef CAPABILITY_MODE
	/*
	* In capability mode, lookups must be restricted to happen in
	* the subtree with the root specified by the file descriptor:
	@@ -358,7 +356,6 @@
	error = ECAPMODE;
	}
	}
	-#endif
	if (error != 0) {
	namei_cleanup_cnp(cnp);
	ndp->ni_vp = NULL;
	@@ -412,7 +409,6 @@
	&rights, &ndp->ni_filecaps, &dp);
	if (error == EINVAL)
	error = ENOTDIR;
	-#ifdef CAPABILITIES
	/*
	* If file descriptor doesn't have all rights,
	* all lookups relative to it must also be
	@@ -425,7 +421,6 @@
	ndp->ni_filecaps.fc_nioctls != -1) {
	ndp->ni_lcf \|= NI_LCF_STRICTRELATIVE;
	}
	-#endif
	}
	if (error == 0 && dp->v_type != VDIR)
	error = ENOTDIR;
	Index: sys/kern/vfs_syscalls.c
	===================================================================
	--- sys/kern/vfs_syscalls.c
	+++ sys/kern/vfs_syscalls.c
	@@ -37,7 +37,6 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#include "opt_capsicum.h"
	#include "opt_compat.h"
	#include "opt_ktrace.h"

	@@ -1076,11 +1075,9 @@
	if (indx == -1) {
	struct filecaps *fcaps;

	-#ifdef CAPABILITIES
	if ((nd.ni_lcf & NI_LCF_STRICTRELATIVE) != 0)
	fcaps = &nd.ni_filecaps;
	else
	-#endif
	fcaps = NULL;
	error = finstall(td, fp, &indx, flags, fcaps);
	/* On success finstall() consumes fcaps. */
	@@ -3513,7 +3510,6 @@
	error = EISDIR;
	goto out;
	}
	-#ifdef CAPABILITIES
	if (newfd != AT_FDCWD) {
	/*
	* If the target already exists we require CAP_UNLINKAT
	@@ -3524,7 +3520,6 @@
	if (error != 0)
	goto out;
	}
	-#endif
	}
	if (fvp == tdvp) {
	error = EINVAL;
	Index: sys/mips/conf/std.BERI
	===================================================================
	--- sys/mips/conf/std.BERI
	+++ sys/mips/conf/std.BERI
	@@ -28,9 +28,6 @@
	options ALT_BREAK_TO_DEBUGGER
	options KTRACE

	-options CAPABILITY_MODE
	-options CAPABILITIES
	-
	options COMPAT_FREEBSD10
	options COMPAT_FREEBSD11

	Index: sys/mips/conf/std.MALTA
	===================================================================
	--- sys/mips/conf/std.MALTA
	+++ sys/mips/conf/std.MALTA
	@@ -26,8 +26,6 @@
	options NFS_ROOT #NFS usable as /, requires NFSCL
	options PSEUDOFS #Pseudo-filesystem framework
	options _KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions
	-options CAPABILITY_MODE # Capsicum capability mode
	-options CAPABILITIES # Capsicum capabilities

	options TMPFS #Efficient memory filesystem

	Index: sys/modules/mqueue/Makefile
	===================================================================
	--- sys/modules/mqueue/Makefile
	+++ sys/modules/mqueue/Makefile
	@@ -5,6 +5,6 @@
	KMOD= mqueuefs
	SRCS= uipc_mqueue.c \
	vnode_if.h \
	- opt_posix.h opt_compat.h opt_capsicum.h
	+ opt_posix.h opt_compat.h

	.include <bsd.kmod.mk>
	Index: sys/netinet/sctp_syscalls.c
	===================================================================
	--- sys/netinet/sctp_syscalls.c
	+++ sys/netinet/sctp_syscalls.c
	@@ -31,7 +31,6 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#include "opt_capsicum.h"
	#include "opt_inet.h"
	#include "opt_inet6.h"
	#include "opt_sctp.h"
	Index: sys/powerpc/conf/GENERIC
	===================================================================
	--- sys/powerpc/conf/GENERIC
	+++ sys/powerpc/conf/GENERIC
	@@ -74,8 +74,6 @@
	options _KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions
	options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
	options AUDIT # Security event auditing
	-options CAPABILITY_MODE # Capsicum capability mode
	-options CAPABILITIES # Capsicum capabilities
	options MAC # TrustedBSD MAC Framework
	options KDTRACE_HOOKS # Kernel DTrace hooks
	options DDB_CTF # Kernel ELF linker loads CTF data
	Index: sys/powerpc/conf/GENERIC64
	===================================================================
	--- sys/powerpc/conf/GENERIC64
	+++ sys/powerpc/conf/GENERIC64
	@@ -74,8 +74,6 @@
	options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
	options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
	options AUDIT # Security event auditing
	-options CAPABILITY_MODE # Capsicum capability mode
	-options CAPABILITIES # Capsicum capabilities
	options MAC # TrustedBSD MAC Framework
	options KDTRACE_HOOKS # Kernel DTrace hooks
	options DDB_CTF # Kernel ELF linker loads CTF data
	Index: sys/powerpc/conf/MPC85XX
	===================================================================
	--- sys/powerpc/conf/MPC85XX
	+++ sys/powerpc/conf/MPC85XX
	@@ -50,8 +50,6 @@
	options PROCFS
	options PSEUDOFS
	options SCHED_ULE
	-options CAPABILITIES
	-options CAPABILITY_MODE
	options SMP
	options SYSVMSG
	options SYSVSEM
	Index: sys/powerpc/conf/MPC85XXSPE
	===================================================================
	--- sys/powerpc/conf/MPC85XXSPE
	+++ sys/powerpc/conf/MPC85XXSPE
	@@ -50,8 +50,6 @@
	options PROCFS
	options PSEUDOFS
	options SCHED_ULE
	-options CAPABILITIES
	-options CAPABILITY_MODE
	options SMP
	options SYSVMSG
	options SYSVSEM
	Index: sys/powerpc/conf/QORIQ64
	===================================================================
	--- sys/powerpc/conf/QORIQ64
	+++ sys/powerpc/conf/QORIQ64
	@@ -55,8 +55,6 @@
	options PROCFS
	options PSEUDOFS
	options SCHED_ULE
	-options CAPABILITIES
	-options CAPABILITY_MODE
	options SMP
	options SYSVMSG
	options SYSVSEM
	Index: sys/riscv/conf/GENERIC
	===================================================================
	--- sys/riscv/conf/GENERIC
	+++ sys/riscv/conf/GENERIC
	@@ -64,8 +64,6 @@
	options KBD_INSTALL_CDEV # install a CDEV entry in /dev
	# options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
	options AUDIT # Security event auditing
	-options CAPABILITY_MODE # Capsicum capability mode
	-options CAPABILITIES # Capsicum capabilities
	options MAC # TrustedBSD MAC Framework
	options KDTRACE_FRAME # Ensure frames are compiled in
	options KDTRACE_HOOKS # Kernel DTrace hooks
	Index: sys/sparc64/conf/GENERIC
	===================================================================
	--- sys/sparc64/conf/GENERIC
	+++ sys/sparc64/conf/GENERIC
	@@ -66,8 +66,6 @@
	options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
	options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
	options AUDIT # Security event auditing
	-options CAPABILITY_MODE # Capsicum capability mode
	-options CAPABILITIES # Capsicum capabilities
	options MAC # TrustedBSD MAC Framework
	options INCLUDE_CONFIG_FILE # Include this file in kernel
	options RACCT # Resource accounting framework
	Index: sys/sparc64/sparc64/sys_machdep.c
	===================================================================
	--- sys/sparc64/sparc64/sys_machdep.c
	+++ sys/sparc64/sparc64/sys_machdep.c
	@@ -26,8 +26,6 @@
	* $FreeBSD$
	*/

	-#include "opt_capsicum.h"
	-
	#include <sys/param.h>
	#include <sys/systm.h>
	#include <sys/capsicum.h>
	@@ -56,7 +54,6 @@
	{
	int error;

	-#ifdef CAPABILITY_MODE
	/*
	* When adding new operations, add a new case statement here to
	* explicitly indicate whether or not the operation is safe to
	@@ -76,7 +73,6 @@
	return (ECAPMODE);
	}
	}
	-#endif

	mtx_lock(&Giant);
	switch (uap->op) {
	Index: sys/sys/filedesc.h
	===================================================================
	--- sys/sys/filedesc.h
	+++ sys/sys/filedesc.h
	@@ -229,14 +229,12 @@
	return (fde);
	}

	-#ifdef CAPABILITIES
	static __inline bool
	fd_modified(struct filedesc *fdp, int fd, seq_t seq)
	{

	return (!seq_consistent(fd_seq(fdp->fd_files, fd), seq));
	}
	-#endif

	/* cdir/rdir/jdir manipulation functions. */
	void pwd_chdir(struct thread td, struct vnode vp);

File Metadata

Mime Type: text/plain
Expires: Wed, Nov 20, 6:12 AM (21 h, 33 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 14731889
Default Alt Text: D10776.diff (30 KB)

D10776.diffNo OneTemporaryActions

D10776.diffView Options

File Metadata

Event Timeline

D10776.diff
No OneTemporary
Actions

D10776.diff
View Options