aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKyle Evans <kevans@FreeBSD.org>2024-01-09 03:08:16 +0000
committerKyle Evans <kevans@FreeBSD.org>2024-01-09 03:08:16 +0000
commitcef5e56f3fea33d6c421276af49f2967453ad4ff (patch)
treecee16608b8d4dce67c362ccb19b5f0d8c2cf90e7
parent59ce044a7856b16803f7eb0aa5c54cfe6e13cff7 (diff)
downloadsrc-cef5e56f3fea33d6c421276af49f2967453ad4ff.tar.gz
src-cef5e56f3fea33d6c421276af49f2967453ad4ff.zip
bhyveload: add CAP_SEEK to our dirfd rights
In the case of hostbase_fd, this is infact a bug fix; we have a seek callback that the host: filesystem may use in loader, and we really don't have a good excuse to break it. bootfd-derived fds will only be used with fdlopen(3) and rtld doesn't seem to need pread / lseek at all for it today, but there's no reason to break if it finds a good reason to later. Suggested by: markj
Diffstat
-rw-r--r--usr.sbin/bhyveload/bhyveload.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.sbin/bhyveload/bhyveload.c b/usr.sbin/bhyveload/bhyveload.c
index 4d89393424f4..5250e2120938 100644
--- a/usr.sbin/bhyveload/bhyveload.c
+++ b/usr.sbin/bhyveload/bhyveload.c
@@ -755,7 +755,7 @@ hostbase_open(const char *base)
err(EX_OSERR, "open");
if (caph_rights_limit(hostbase_fd, cap_rights_init(&rights, CAP_FSTATAT,
- CAP_LOOKUP, CAP_READ)) < 0)
+ CAP_LOOKUP, CAP_PREAD)) < 0)
err(EX_OSERR, "caph_rights_limit");
}
@@ -887,7 +887,7 @@ main(int argc, char** argv)
* to the more usual lookup rights.
*/
if (caph_rights_limit(bootfd, cap_rights_init(&rights,
- CAP_FSTATAT, CAP_LOOKUP, CAP_MMAP_RX, CAP_READ)) < 0)
+ CAP_FSTATAT, CAP_LOOKUP, CAP_MMAP_RX, CAP_PREAD)) < 0)
err(1, "caph_rights_limit");
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-03 09:34:33 +0000