I have written a short test program that runs unlinkat(2) in capability mode and fails due to not having the write capabilities:
https://people.freebsd.org/~rstone/src/unlink.c If I run the binary under ktrace and look at the kdump output, it gives the following incorrect output: 43775 unlink CALL unlinkat(0x3,0x7fffffffe995,0) 43775 unlink NAMI "from.QAUlAA0" 43775 unlink CAP operation requires CAP_LOOKUP, descriptor holds CAP_LOOKUP 43775 unlink RET unlinkat -1 errno 93 Capabilities insufficient The message should instead say that the operation requires CAP_UNLINKAT. Looking at sys/capsicum.h, I suspect that the problem is related to the strange definition of CAP_UNLINKAT: #define CAP_UNLINKAT (CAP_LOOKUP | 0x0000000010000000ULL) I have observed the same problem with renameat(2) and CAP_RENAMEAT_SOURCE and CAP_RENAMEAT_TARGET: https://people.freebsd.org/~rstone/src/rename.c _______________________________________________ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
