Summary: | Capsicum should have "static" initializer as well | ||
---|---|---|---|
Product: | Base System | Reporter: | vini.ipsmaker |
Component: | kern | Assignee: | Mariusz Zaborski <oshogbo> |
Status: | New --- | ||
Severity: | Affects Only Me | CC: | emaste, oshogbo |
Priority: | --- | ||
Version: | 14.0-RELEASE | ||
Hardware: | Any | ||
OS: | Any |
Description
vini.ipsmaker
2023-11-25 12:19:58 UTC
Unfortunately, you can't do it with a simple macro. The capability structure is a little bit complex - https://people.freebsd.org/~pjd/pubs/Capsicum_and_Casper.pdf (slides 4-8). I can look into adding cap_rights_empty, this seems reasonable. For reference, this is the workaround I'm using for the lack of CAP_RIGHTS_INITIALIZER: https://gitlab.com/emilua/emilua/-/blob/4e4c55eff7676476530032aa2aa424a62c73aeed/src/file_descriptor.cpp#L46 (i.e. C++ features to define a function in-place and call it immediately) > I can look into adding cap_rights_empty, this seems reasonable. This means I could replace empty_rights for cap_rights_empty in my code base: https://gitlab.com/emilua/emilua/-/blob/4e4c55eff7676476530032aa2aa424a62c73aeed/src/file_descriptor.cpp#L242 It works for me. However a function such as cap_rights_is_empty() still would be very helpful to me. As I mentioned before, here's the ugly workaround I've been forced to use: https://gitlab.com/emilua/emilua/-/blob/4e4c55eff7676476530032aa2aa424a62c73aeed/src/file_descriptor.cpp#L349 I have created a PR for cap_rights_is_empty: https://reviews.freebsd.org/D42780 A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=a7100ae23aca07976926bd8d50223c45149f65d6 commit a7100ae23aca07976926bd8d50223c45149f65d6 Author: Mariusz Zaborski <oshogbo@FreeBSD.org> AuthorDate: 2023-12-11 11:09:31 +0000 Commit: Mariusz Zaborski <oshogbo@FreeBSD.org> CommitDate: 2023-12-11 11:15:46 +0000 capsicum: introduce cap_rights_is_empty Function Before this commit, we only had the capability to check if a specific capability was set (using cap_rights_is_set function). However, there was no efficient method to determine if a cap_rights_t structure doesn't contain any capability. The cap_rights_is_empty function addresses this gap. PR: 275330 Reported by: vini.ipsmaker@gmail.com Reviewed by: emaste, markj Differential Revision: https://reviews.freebsd.org/D42780 contrib/capsicum-test/capability-fd.cc | 15 +++++++++++++++ lib/libc/capability/Symbol.map | 4 ++++ lib/libc/capability/cap_rights_init.3 | 19 ++++++++++++++++++- sys/kern/subr_capability.c | 19 +++++++++++++++++++ sys/sys/capsicum.h | 2 ++ 5 files changed, 58 insertions(+), 1 deletion(-) > I can look into adding cap_rights_empty Are you still going to add this symbol? For my C++ programs, I can use a workaround that is good enough: https://gitlab.com/emilua/emilua/-/blob/4e4c55eff7676476530032aa2aa424a62c73aeed/src/file_descriptor.cpp#L46 (IIFE) For my C++ programs, I will never miss cap_rights_empty. However what about C programmers? Capsicum is a C API after all. Honestly I don't really code in pure C that much nowadays, so I'm not in the best position to judge. What do you think? |