CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	jilles <jilles@FreeBSD.org>
	Tue, 17 Sep 2013 20:48:19 +0000 (20:48 +0000)
committer	jilles <jilles@FreeBSD.org>
	Tue, 17 Sep 2013 20:48:19 +0000 (20:48 +0000)
commit	5faad32e2cb68eac36328d8a57f6ffc2b94c1a39
tree	8721f0fa580ee08d74844e4259a8a80b42b7c3f8	tree \| snapshot
parent	5a339ba5aa8ada3092d9f5715e202e11a1fbed8e	commit \| diff

Disallow cap_enter() in freebsd32 compatibility mode.

The freebsd32 compatibility mode (for running 32-bit binaries on 64-bit
kernels) does not currently allow any system calls in capability mode, but
still permits cap_enter(). As a result, 32-bit binaries on 64-bit kernels
that use capability mode do not work (they crash after being disallowed to
call sys_exit()). Affected binaries include dhclient and uniq. The latter's
crashes cause obscure build failures.

This commit makes freebsd32 cap_enter() fail with [ENOSYS], as if capability
mode was not compiled in. Applications deal with this by doing their work
without capability mode.

This commit does not fix the uncommon situation where a 64-bit process
enters capability mode and then executes a 32-bit binary using fexecve().

This commit should be reverted when allowing the necessary freebsd32 system
calls in capability mode.

Reviewed by: pjd
Approved by: re (hrs)

sys/compat/freebsd32/freebsd32_capability.c		diff \| blob \| history
sys/compat/freebsd32/syscalls.master		diff \| blob \| history