diff options
| author | Pawel Jakub Dawidek <pjd@FreeBSD.org> | 2012-11-27 10:38:11 +0000 |
|---|---|---|
| committer | Pawel Jakub Dawidek <pjd@FreeBSD.org> | 2012-11-27 10:38:11 +0000 |
| commit | b0c9d4d70e4af2a9b62b068ac97a123f51e37611 (patch) | |
| tree | ec9ff180b15782f20e372b01e51048a0ba0f2dc0 /sys/kern/kern_sig.c | |
| parent | f121e3e81db2e12e3a6d1087ad7c80975929fd32 (diff) | |
| download | src-b0c9d4d70e4af2a9b62b068ac97a123f51e37611.tar.gz src-b0c9d4d70e4af2a9b62b068ac97a123f51e37611.zip | |
Add kern.capmode_coredump sysctl/tunable to allow processes in capability mode
to dump core.
Reviewed by: rwatson
Obtained from: WHEEL Systems
MFC after: 2 weeks
Notes
Notes:
svn path=/head/; revision=243613
Diffstat (limited to 'sys/kern/kern_sig.c')
| -rw-r--r-- | sys/kern/kern_sig.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index a0b5809f1c2a..541ea2bdf68f 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -175,6 +175,11 @@ TUNABLE_INT("kern.sugid_coredump", &sugid_coredump); SYSCTL_INT(_kern, OID_AUTO, sugid_coredump, CTLFLAG_RW, &sugid_coredump, 0, "Allow setuid and setgid processes to dump core"); +static int capmode_coredump; +TUNABLE_INT("kern.capmode_coredump", &capmode_coredump); +SYSCTL_INT(_kern, OID_AUTO, capmode_coredump, CTLFLAG_RW, + &capmode_coredump, 0, "Allow processes in capability mode to dump core"); + static int do_coredump = 1; SYSCTL_INT(_kern, OID_AUTO, coredump, CTLFLAG_RW, &do_coredump, 0, "Enable/Disable coredumps"); @@ -3134,12 +3139,17 @@ nomem: int error, n; int flags = O_CREAT | O_EXCL | FWRITE | O_NOFOLLOW; int cmode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP; + int oflags = 0; + + if (capmode_coredump) + oflags = VN_OPEN_NOCAPCHECK; for (n = 0; n < num_cores; n++) { temp[indexpos] = '0' + n; NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, temp, td); - error = vn_open(&nd, &flags, cmode, NULL); + error = vn_open_cred(&nd, &flags, cmode, oflags, + td->td_ucred, NULL); if (error) { if (error == EEXIST) continue; @@ -3241,7 +3251,8 @@ coredump(struct thread *td) restart: NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, td); flags = O_CREAT | FWRITE | O_NOFOLLOW; - error = vn_open_cred(&nd, &flags, S_IRUSR | S_IWUSR, VN_OPEN_NOAUDIT, + error = vn_open_cred(&nd, &flags, S_IRUSR | S_IWUSR, + VN_OPEN_NOAUDIT | (capmode_coredump ? VN_OPEN_NOCAPCHECK : 0), cred, NULL); if (error) { #ifdef AUDIT |