Add some checks to ensure that Capsicum is behaving correctly, and add some

more explicit comments about what's going on and what future maintainers need to do when e.g. adding a new operation to a sys_machdep.c. Approved by: mentor(rwatson), re(bz)
author: jonathan <jonathan@FreeBSD.org> 2011-06-30 10:56:02 +0000
committer: jonathan <jonathan@FreeBSD.org> 2011-06-30 10:56:02 +0000
commit: 8c932faae446ada0bed49a41fbb164c821227122 (patch)
tree: 4124774c8a367f5606513084c5f950e1a12d2ac0 /sys/kern/uipc_shm.c
parent: ced9bcf26f7e7107339e61b56b9ba7ceba6049ac (diff)
download: FreeBSD-src-8c932faae446ada0bed49a41fbb164c821227122.zip
FreeBSD-src-8c932faae446ada0bed49a41fbb164c821227122.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/sys/kern/uipc_shm.c b/sys/kern/uipc_shm.c
index cea70c7..0414f12 100644
--- a/sys/kern/uipc_shm.c
+++ b/sys/kern/uipc_shm.c
@@ -55,7 +55,10 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include "opt_capsicum.h"
+
 #include <sys/param.h>
+#include <sys/capability.h>
 #include <sys/fcntl.h>
 #include <sys/file.h>
 #include <sys/filedesc.h>
@@ -486,6 +489,14 @@ shm_open(struct thread *td, struct shm_open_args *uap)
 	mode_t cmode;
 	int fd, error;
 
+#ifdef CAPABILITY_MODE
+	/*
+	 * shm_open(2) is only allowed for anonymous objects.
+	 */
+	if (IN_CAPABILITY_MODE(td) && (uap->path != SHM_ANON))
+		return (ECAPMODE);
+#endif
+
 	if ((uap->flags & O_ACCMODE) != O_RDONLY &&
 	    (uap->flags & O_ACCMODE) != O_RDWR)
 		return (EINVAL);
author	jonathan <jonathan@FreeBSD.org>	2011-06-30 10:56:02 +0000
committer	jonathan <jonathan@FreeBSD.org>	2011-06-30 10:56:02 +0000
commit	8c932faae446ada0bed49a41fbb164c821227122 (patch)
tree	4124774c8a367f5606513084c5f950e1a12d2ac0 /sys/kern/uipc_shm.c
parent	ced9bcf26f7e7107339e61b56b9ba7ceba6049ac (diff)
download	FreeBSD-src-8c932faae446ada0bed49a41fbb164c821227122.zip FreeBSD-src-8c932faae446ada0bed49a41fbb164c821227122.tar.gz