Add sysent flag to switch to capabilities mode on startup.

CloudABI processes should run in capabilities mode automatically. There is no need to switch manually (e.g., by calling cap_enter()). Add a flag, SV_CAPSICUM, that can be used to call into cap_enter() during execve(). Reviewed by: kib
author: ed <ed@FreeBSD.org> 2015-08-03 13:41:47 +0000
committer: ed <ed@FreeBSD.org> 2015-08-03 13:41:47 +0000
commit: b2ca400b88fe784dac7366a03a4bbc52585f027f (patch)
tree: b5d9e9c8cd70290b6d489f0020de0d73bfbda976 /sys/kern/kern_exec.c
parent: b31c115daa6de83fc575d484bbd4f7114d62b234 (diff)
download: FreeBSD-src-b2ca400b88fe784dac7366a03a4bbc52585f027f.zip
FreeBSD-src-b2ca400b88fe784dac7366a03a4bbc52585f027f.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 517b689..56207a0 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -562,6 +562,10 @@ interpret:
 		goto exec_fail_dealloc;
 	}
 
+	/* ABI enforces the use of Capsicum. Switch into capabilities mode. */
+	if (SV_PROC_FLAG(p, SV_CAPSICUM))
+		sys_cap_enter(td, NULL);
+
 	/*
 	 * Copy out strings (args and env) and initialize stack base
 	 */
author	ed <ed@FreeBSD.org>	2015-08-03 13:41:47 +0000
committer	ed <ed@FreeBSD.org>	2015-08-03 13:41:47 +0000
commit	b2ca400b88fe784dac7366a03a4bbc52585f027f (patch)
tree	b5d9e9c8cd70290b6d489f0020de0d73bfbda976 /sys/kern/kern_exec.c
parent	b31c115daa6de83fc575d484bbd4f7114d62b234 (diff)
download	FreeBSD-src-b2ca400b88fe784dac7366a03a4bbc52585f027f.zip FreeBSD-src-b2ca400b88fe784dac7366a03a4bbc52585f027f.tar.gz