Author: emaste Date: Thu Oct 12 15:45:53 2017 New Revision: 324560 URL: https://svnweb.freebsd.org/changeset/base/324560
Log: allow posix_fallocate in capability mode posix_fallocate is logically equivalent to writing zero blocks to the desired file size and there is no reason to prevent calling it in capability mode. posix_fallocate already checked for the CAP_WRITE right, so we merely need to list it in capabilities.conf. Reviewed by: allanjude MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D12640 Modified: head/lib/libc/sys/posix_fallocate.2 head/sys/kern/capabilities.conf head/sys/kern/vfs_syscalls.c Modified: head/lib/libc/sys/posix_fallocate.2 ============================================================================== --- head/lib/libc/sys/posix_fallocate.2 Thu Oct 12 15:16:27 2017 (r324559) +++ head/lib/libc/sys/posix_fallocate.2 Thu Oct 12 15:45:53 2017 (r324560) @@ -28,7 +28,7 @@ .\" @(#)open.2 8.2 (Berkeley) 11/16/93 .\" $FreeBSD$ .\" -.Dd January 23, 2014 +.Dd October 12, 2017 .Dt POSIX_FALLOCATE 2 .Os .Sh NAME @@ -118,6 +118,10 @@ argument does not refer to a regular file. .It Bq Er ENOSPC There is insufficient free space remaining on the file system storage media. +.It Bq Er ENOTCAPABLE +The file descriptor +.Fa fd +has insufficient rights. .It Bq Er ESPIPE The .Fa fd Modified: head/sys/kern/capabilities.conf ============================================================================== --- head/sys/kern/capabilities.conf Thu Oct 12 15:16:27 2017 (r324559) +++ head/sys/kern/capabilities.conf Thu Oct 12 15:45:53 2017 (r324560) @@ -488,6 +488,7 @@ poll ## ## Allow I/O-related file descriptors, subject to capability rights. ## +posix_fallocate pread preadv Modified: head/sys/kern/vfs_syscalls.c ============================================================================== --- head/sys/kern/vfs_syscalls.c Thu Oct 12 15:16:27 2017 (r324559) +++ head/sys/kern/vfs_syscalls.c Thu Oct 12 15:45:53 2017 (r324560) @@ -4400,7 +4400,7 @@ kern_posix_fallocate(struct thread *td, int fd, off_t if (offset > OFF_MAX - len) return (EFBIG); AUDIT_ARG_FD(fd); - error = fget(td, fd, cap_rights_init(&rights, CAP_WRITE), &fp); + error = fget(td, fd, cap_rights_init(&rights, CAP_PWRITE), &fp); if (error != 0) return (error); AUDIT_ARG_FILE(td->td_proc, fp); _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
