Hi,
On 2011-08-11, Robert Watson wrote:
> Second-to-last commit implementing Capsicum capabilities in the FreeBSD
> kernel for FreeBSD 9.0:
This commit seems to have broken nfsd for me.
> Modified: head/sys/fs/nfsserver/nfs_nfsdport.c
> ==============================================================================
> --- head/sys/fs/nfsserver/nfs_nfsdport.c Thu Aug 11 11:30:21 2011
> (r224777)
> +++ head/sys/fs/nfsserver/nfs_nfsdport.c Thu Aug 11 12:30:23 2011
> (r224778)
> @@ -3027,8 +3029,14 @@ nfssvc_nfsd(struct thread *td, struct nf
> error = copyin(uap->argp, (caddr_t)&sockarg, sizeof (sockarg));
> if (error)
> goto out;
> - if ((error = fget(td, sockarg.sock, &fp)) != 0)
> + /*
> + * Since we don't know what rights might be required,
> + * pretend that we need them all. It is better to be too
> + * careful than too reckless.
> + */
> + if ((error = fget(td, sockarg.sock, CAP_SOCK_ALL, &fp)) != 0)
> goto out;
> + return (error);
This for sure can't be correct. With the patch below nfsd seems to work
again for me.
%%%
Index: sys/fs/nfsserver/nfs_nfsdport.c
===================================================================
--- sys/fs/nfsserver/nfs_nfsdport.c (revision 224908)
+++ sys/fs/nfsserver/nfs_nfsdport.c (working copy)
@@ -3036,7 +3036,6 @@ nfssvc_nfsd(struct thread *td, struct nf
*/
if ((error = fget(td, sockarg.sock, CAP_SOCK_ALL, &fp)) != 0)
goto out;
- return (error);
if (fp->f_type != DTYPE_SOCKET) {
fdrop(fp, td);
error = EPERM;
%%%
--
Jaakko
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
