diff options
author | pjd <pjd@FreeBSD.org> | 2012-11-27 10:32:35 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2012-11-27 10:32:35 +0000 |
commit | 7a831b4b8cd8e6d31377b49c6c08ad2bc20848ac (patch) | |
tree | 5567ee42ba1d9618d36487ea30a4eda41cdab69f /sys/kern/vfs_lookup.c | |
parent | 6a3d82fdf4470b3a2ad5c31c7c760ec65b4a4ade (diff) | |
download | FreeBSD-src-7a831b4b8cd8e6d31377b49c6c08ad2bc20848ac.zip FreeBSD-src-7a831b4b8cd8e6d31377b49c6c08ad2bc20848ac.tar.gz |
- Add NOCAPCHECK flag to namei that allows lookup to work even if the process
is in capability mode.
- Add VN_OPEN_NOCAPCHECK flag for vn_open_cred() to will ne converted into
NOCAPCHECK namei flag.
This functionality will be used to enable core dumps for sandboxed processes.
Reviewed by: rwatson
Obtained from: WHEEL Systems
MFC after: 2 weeks
Diffstat (limited to 'sys/kern/vfs_lookup.c')
-rw-r--r-- | sys/kern/vfs_lookup.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c index cbb1855..54140ad 100644 --- a/sys/kern/vfs_lookup.c +++ b/sys/kern/vfs_lookup.c @@ -183,7 +183,7 @@ namei(struct nameidata *ndp) * not an absolute path, and not containing '..' components) to * a real file descriptor, not the pseudo-descriptor AT_FDCWD. */ - if (IN_CAPABILITY_MODE(td)) { + if (IN_CAPABILITY_MODE(td) && (cnp->cn_flags & NOCAPCHECK) == 0) { ndp->ni_strictrelative = 1; if (ndp->ni_dirfd == AT_FDCWD) { #ifdef KTRACE |