Author: ed
Date: Wed Jan 14 13:03:03 2015
New Revision: 277178
URL: https://svnweb.freebsd.org/changeset/base/277178
Log:
Make sure CAP_BINDAT and CAP_CONNECTAT are part of CAP_ALL0.
This makes sure that file descriptors of opened directories will
actually get these capabilities. Without this change, bindat() and
connectat() don't seem to work for me.
MFC after: 2 weeks
Reviewed by: rwatson, pjd
Modified:
head/sys/sys/capsicum.h
Modified: head/sys/sys/capsicum.h
==============================================================================
--- head/sys/sys/capsicum.h Wed Jan 14 12:46:58 2015 (r277177)
+++ head/sys/sys/capsicum.h Wed Jan 14 13:03:03 2015 (r277178)
@@ -206,10 +206,10 @@
CAP_SETSOCKOPT | CAP_SHUTDOWN)
/* All used bits for index 0. */
-#define CAP_ALL0 CAPRIGHT(0, 0x0000007FFFFFFFFFULL)
+#define CAP_ALL0 CAPRIGHT(0, 0x000001FFFFFFFFFFULL)
/* Available bits for index 0. */
-#define CAP_UNUSED0_40 CAPRIGHT(0, 0x0000008000000000ULL)
+#define CAP_UNUSED0_42 CAPRIGHT(0, 0x0000020000000000ULL)
/* ... */
#define CAP_UNUSED0_57 CAPRIGHT(0, 0x0100000000000000ULL)
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
