diff options
| author | pjd <pjd@FreeBSD.org> | 2011-05-23 20:59:50 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2011-05-23 20:59:50 +0000 |
| commit | 93ce9f3fcbbde41cb45642bb7ddf5d939336ac3b (patch) | |
| tree | 62d2418bd3fffff7e42aa3f3b443e3f7a7c27f87 /sbin/hastd | |
| parent | 32741e735e42bb084397320b65c103fb1a44b19a (diff) | |
| download | FreeBSD-src-93ce9f3fcbbde41cb45642bb7ddf5d939336ac3b.zip FreeBSD-src-93ce9f3fcbbde41cb45642bb7ddf5d939336ac3b.tar.gz | |
To handle BIO_FLUSH and BIO_DELETE requests in secondary worker we need
to use ioctl(2). This is why we can't use capsicum for now to sandbox
secondary. Capsicum is still used to sandbox hastctl.
MFC after: 1 week
Diffstat (limited to 'sbin/hastd')
| -rw-r--r-- | sbin/hastd/subr.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/sbin/hastd/subr.c b/sbin/hastd/subr.c index 29f33e7..806338b 100644 --- a/sbin/hastd/subr.c +++ b/sbin/hastd/subr.c @@ -224,7 +224,13 @@ drop_privs(struct hast_resource *res) return (-1); } - if (res == NULL || res->hr_role != HAST_ROLE_PRIMARY) + /* + * Until capsicum doesn't allow ioctl(2) we cannot use it to sandbox + * primary and secondary worker processes, as primary uses GGATE + * ioctls and secondary uses ioctls to handle BIO_DELETE and BIO_FLUSH. + * For now capsicum is only used to sandbox hastctl. + */ + if (res == NULL) capsicum = (cap_enter() == 0); else capsicum = false; |
