The branch stable/13 has been updated by kevans:
URL:
https://cgit.FreeBSD.org/src/commit/?id=6b23df1a398ff29db25fc988857d846a879f277a
commit 6b23df1a398ff29db25fc988857d846a879f277a
Author: Kyle Evans <kev...@freebsd.org>
AuthorDate: 2024-01-09 03:08:16 +0000
Commit: Kyle Evans <kev...@freebsd.org>
CommitDate: 2024-01-22 17:17:53 +0000
bhyveload: add CAP_SEEK to our dirfd rights
In the case of hostbase_fd, this is infact a bug fix; we have a seek
callback that the host: filesystem may use in loader, and we really
don't have a good excuse to break it.
bootfd-derived fds will only be used with fdlopen(3) and rtld doesn't
seem to need pread / lseek at all for it today, but there's no reason to
break if it finds a good reason to later.
Suggested by: markj
(cherry picked from commit cef5e56f3fea33d6c421276af49f2967453ad4ff)
---
usr.sbin/bhyveload/bhyveload.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/usr.sbin/bhyveload/bhyveload.c b/usr.sbin/bhyveload/bhyveload.c
index 0c37bd6989e4..dbc4240eaa8a 100644
--- a/usr.sbin/bhyveload/bhyveload.c
+++ b/usr.sbin/bhyveload/bhyveload.c
@@ -752,7 +752,7 @@ hostbase_open(const char *base)
err(EX_OSERR, "open");
if (caph_rights_limit(hostbase_fd, cap_rights_init(&rights, CAP_FSTATAT,
- CAP_LOOKUP, CAP_READ)) < 0)
+ CAP_LOOKUP, CAP_PREAD)) < 0)
err(EX_OSERR, "caph_rights_limit");
}
@@ -884,7 +884,7 @@ main(int argc, char** argv)
* to the more usual lookup rights.
*/
if (caph_rights_limit(bootfd, cap_rights_init(&rights,
- CAP_FSTATAT, CAP_LOOKUP, CAP_MMAP_RX, CAP_READ)) < 0)
+ CAP_FSTATAT, CAP_LOOKUP, CAP_MMAP_RX, CAP_PREAD)) < 0)
err(1, "caph_rights_limit");
}
