1 files changed, 13 insertions, 1 deletions

diff --git a/sys/compat/cloudabi/cloudabi_proc.c b/sys/compat/cloudabi/cloudabi_proc.c
index 1f4418f..d917337 100644
--- a/sys/compat/cloudabi/cloudabi_proc.c
+++ b/sys/compat/cloudabi/cloudabi_proc.c
@@ -27,8 +27,11 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
+#include <sys/capsicum.h>
+#include <sys/filedesc.h>
 #include <sys/imgact.h>
 #include <sys/lock.h>
+#include <sys/module.h>
 #include <sys/mutex.h>
 #include <sys/proc.h>
 #include <sys/signalvar.h>
@@ -43,14 +46,19 @@ cloudabi_sys_proc_exec(struct thread *td,
     struct cloudabi_sys_proc_exec_args *uap)
 {
 	struct image_args args;
+	struct vmspace *oldvmspace;
 	int error;
 
+	error = pre_execve(td, &oldvmspace);
+	if (error != 0)
+		return (error);
 	error = exec_copyin_data_fds(td, &args, uap->data, uap->datalen,
 	    uap->fds, uap->fdslen);
 	if (error == 0) {
 		args.fd = uap->fd;
 		error = kern_execve(td, &args, NULL);
 	}
+	post_execve(td, error, oldvmspace);
 	return (error);
 }
 
@@ -67,10 +75,12 @@ int
 cloudabi_sys_proc_fork(struct thread *td,
     struct cloudabi_sys_proc_fork_args *uap)
 {
+	struct filecaps fcaps = {};
 	struct proc *p2;
 	int error, fd;
 
-	error = fork1(td, RFFDG | RFPROC | RFPROCDESC, 0, &p2, &fd, 0);
+	cap_rights_init(&fcaps.fc_rights, CAP_FSTAT, CAP_EVENT);
+	error = fork1(td, RFFDG | RFPROC | RFPROCDESC, 0, &p2, &fd, 0, &fcaps);
 	if (error != 0)
 		return (error);
 	/* Return the file descriptor to the parent process. */
@@ -129,3 +139,5 @@ cloudabi_sys_proc_raise(struct thread *td,
 	PROC_UNLOCK(p);
 	return (0);
 }
+
+MODULE_VERSION(cloudabi, 1);