diff options
| author | pjd <pjd@FreeBSD.org> | 2012-11-27 10:32:35 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2012-11-27 10:32:35 +0000 |
| commit | 7a831b4b8cd8e6d31377b49c6c08ad2bc20848ac (patch) | |
| tree | 5567ee42ba1d9618d36487ea30a4eda41cdab69f | |
| parent | 6a3d82fdf4470b3a2ad5c31c7c760ec65b4a4ade (diff) | |
| download | FreeBSD-src-7a831b4b8cd8e6d31377b49c6c08ad2bc20848ac.zip FreeBSD-src-7a831b4b8cd8e6d31377b49c6c08ad2bc20848ac.tar.gz | |
- Add NOCAPCHECK flag to namei that allows lookup to work even if the process
is in capability mode.
- Add VN_OPEN_NOCAPCHECK flag for vn_open_cred() to will ne converted into
NOCAPCHECK namei flag.
This functionality will be used to enable core dumps for sandboxed processes.
Reviewed by: rwatson
Obtained from: WHEEL Systems
MFC after: 2 weeks
| -rw-r--r-- | sys/kern/vfs_lookup.c | 2 | ||||
| -rw-r--r-- | sys/kern/vfs_vnops.c | 4 | ||||
| -rw-r--r-- | sys/sys/namei.h | 3 | ||||
| -rw-r--r-- | sys/sys/vnode.h | 1 |
4 files changed, 8 insertions, 2 deletions
diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c index cbb1855..54140ad 100644 --- a/sys/kern/vfs_lookup.c +++ b/sys/kern/vfs_lookup.c @@ -183,7 +183,7 @@ namei(struct nameidata *ndp) * not an absolute path, and not containing '..' components) to * a real file descriptor, not the pseudo-descriptor AT_FDCWD. */ - if (IN_CAPABILITY_MODE(td)) { + if (IN_CAPABILITY_MODE(td) && (cnp->cn_flags & NOCAPCHECK) == 0) { ndp->ni_strictrelative = 1; if (ndp->ni_dirfd == AT_FDCWD) { #ifdef KTRACE diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c index ea42f9d..3f65b05 100644 --- a/sys/kern/vfs_vnops.c +++ b/sys/kern/vfs_vnops.c @@ -135,6 +135,8 @@ restart: ndp->ni_cnd.cn_flags |= FOLLOW; if (!(vn_open_flags & VN_OPEN_NOAUDIT)) ndp->ni_cnd.cn_flags |= AUDITVNODE1; + if (vn_open_flags & VN_OPEN_NOCAPCHECK) + ndp->ni_cnd.cn_flags |= NOCAPCHECK; bwillwrite(); if ((error = namei(ndp)) != 0) return (error); @@ -188,6 +190,8 @@ restart: ndp->ni_cnd.cn_flags |= LOCKSHARED; if (!(vn_open_flags & VN_OPEN_NOAUDIT)) ndp->ni_cnd.cn_flags |= AUDITVNODE1; + if (vn_open_flags & VN_OPEN_NOCAPCHECK) + ndp->ni_cnd.cn_flags |= NOCAPCHECK; if ((error = namei(ndp)) != 0) return (error); vp = ndp->ni_vp; diff --git a/sys/sys/namei.h b/sys/sys/namei.h index a78af80..04e7b59 100644 --- a/sys/sys/namei.h +++ b/sys/sys/namei.h @@ -147,7 +147,8 @@ struct nameidata { #define AUDITVNODE1 0x04000000 /* audit the looked up vnode information */ #define AUDITVNODE2 0x08000000 /* audit the looked up vnode information */ #define TRAILINGSLASH 0x10000000 /* path ended in a slash */ -#define PARAMASK 0x1ffffe00 /* mask of parameter descriptors */ +#define NOCAPCHECK 0x20000000 /* do not perform capability checks */ +#define PARAMASK 0x3ffffe00 /* mask of parameter descriptors */ /* * Initialization of a nameidata structure. diff --git a/sys/sys/vnode.h b/sys/sys/vnode.h index 029458f..42f9e5f 100644 --- a/sys/sys/vnode.h +++ b/sys/sys/vnode.h @@ -565,6 +565,7 @@ vn_canvmio(struct vnode *vp) /* vn_open_flags */ #define VN_OPEN_NOAUDIT 0x00000001 +#define VN_OPEN_NOCAPCHECK 0x00000002 /* * Public vnode manipulation functions. |
