- Add NOCAPCHECK flag to namei that allows lookup to work even if the process

is in capability mode. - Add VN_OPEN_NOCAPCHECK flag for vn_open_cred() to will ne converted into NOCAPCHECK namei flag. This functionality will be used to enable core dumps for sandboxed processes. Reviewed by: rwatson Obtained from: WHEEL Systems MFC after: 2 weeks
author: pjd <pjd@FreeBSD.org> 2012-11-27 10:32:35 +0000
committer: pjd <pjd@FreeBSD.org> 2012-11-27 10:32:35 +0000
commit: 7a831b4b8cd8e6d31377b49c6c08ad2bc20848ac (patch)
tree: 5567ee42ba1d9618d36487ea30a4eda41cdab69f /sys/kern/vfs_vnops.c
parent: 6a3d82fdf4470b3a2ad5c31c7c760ec65b4a4ade (diff)
download: FreeBSD-src-7a831b4b8cd8e6d31377b49c6c08ad2bc20848ac.zip
FreeBSD-src-7a831b4b8cd8e6d31377b49c6c08ad2bc20848ac.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index ea42f9d..3f65b05 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -135,6 +135,8 @@ restart:
 			ndp->ni_cnd.cn_flags |= FOLLOW;
 		if (!(vn_open_flags & VN_OPEN_NOAUDIT))
 			ndp->ni_cnd.cn_flags |= AUDITVNODE1;
+		if (vn_open_flags & VN_OPEN_NOCAPCHECK)
+			ndp->ni_cnd.cn_flags |= NOCAPCHECK;
 		bwillwrite();
 		if ((error = namei(ndp)) != 0)
 			return (error);
@@ -188,6 +190,8 @@ restart:
 			ndp->ni_cnd.cn_flags |= LOCKSHARED;
 		if (!(vn_open_flags & VN_OPEN_NOAUDIT))
 			ndp->ni_cnd.cn_flags |= AUDITVNODE1;
+		if (vn_open_flags & VN_OPEN_NOCAPCHECK)
+			ndp->ni_cnd.cn_flags |= NOCAPCHECK;
 		if ((error = namei(ndp)) != 0)
 			return (error);
 		vp = ndp->ni_vp;
author	pjd <pjd@FreeBSD.org>	2012-11-27 10:32:35 +0000
committer	pjd <pjd@FreeBSD.org>	2012-11-27 10:32:35 +0000
commit	7a831b4b8cd8e6d31377b49c6c08ad2bc20848ac (patch)
tree	5567ee42ba1d9618d36487ea30a4eda41cdab69f /sys/kern/vfs_vnops.c
parent	6a3d82fdf4470b3a2ad5c31c7c760ec65b4a4ade (diff)
download	FreeBSD-src-7a831b4b8cd8e6d31377b49c6c08ad2bc20848ac.zip FreeBSD-src-7a831b4b8cd8e6d31377b49c6c08ad2bc20848ac.tar.gz