MFC r324560: allow posix_fallocate in capability mode

posix_fallocate is logically equivalent to writing zero blocks to the
desired file size and there is no reason to prevent calling it in
capability mode. posix_fallocate already checked for the CAP_WRITE
right, so we merely need to list it in capabilities.conf.

Also MFC r324564: allow posix_fallocate in 32-bit compat capability mode

Sponsored by:	The FreeBSD Foundation

2 files changed, 2 insertions, 1 deletions

diff --git a/sys/kern/capabilities.conf b/sys/kern/capabilities.conf
index 693c024..ca3f4b7 100644
--- a/sys/kern/capabilities.conf
+++ b/sys/kern/capabilities.conf
@@ -495,6 +495,7 @@ poll
 ##
 ## Allow I/O-related file descriptors, subject to capability rights.
 ##
+posix_fallocate
 pread
 preadv
 
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 219e862..e5bb4d9 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -4163,7 +4163,7 @@ kern_posix_fallocate(struct thread *td, int fd, off_t offset, off_t len)
 	/* Check for wrap. */
 	if (offset > OFF_MAX - len)
 		return (EFBIG);
-	error = fget(td, fd, cap_rights_init(&rights, CAP_WRITE), &fp);
+	error = fget(td, fd, cap_rights_init(&rights, CAP_PWRITE), &fp);
 	if (error != 0)
 		return (error);
 	if ((fp->f_ops->fo_flags & DFLAG_SEEKABLE) == 0) {