A new fd generated from accept() or sctp_peeloff() should inherit the rights of the original fd (cf. https://lists.cam.ac.uk/pipermail/cl-capsicum-discuss/2014-February/msg00001.html) Test case available in https://github.com/google/capsicum-test
A commit references this bug: Author: oshogbo Date: Thu Sep 22 09:58:47 UTC 2016 New revision: 306174 URL: https://svnweb.freebsd.org/changeset/base/306174 Log: capsicum: propagate rights on accept(2) Descriptor returned by accept(2) should inherits capabilities rights from the listening socket. PR: 201052 Reviewed by: emaste, jonathan Discussed with: many Differential Revision: https://reviews.freebsd.org/D7724 Changes: head/sys/compat/cloudabi/cloudabi_sock.c head/sys/compat/linux/linux_socket.c head/sys/kern/kern_sendfile.c head/sys/kern/uipc_syscalls.c head/sys/netinet/sctp_syscalls.c head/sys/sys/socketvar.h
A commit references this bug: Author: dchagin Date: Wed Mar 15 16:38:40 UTC 2017 New revision: 315312 URL: https://svnweb.freebsd.org/changeset/base/315312 Log: MFC r305093 (by mjg@): fd: add fdeget_locked and use in kern_descrip MFC r305756 (by oshogbo@): fd: add fget_cap and fget_cap_locked primitives. They can be used to obtain capabilities along with a referenced fp. MFC r306174 (by oshogbo@): capsicum: propagate rights on accept(2) Descriptor returned by accept(2) should inherits capabilities rights from the listening socket. PR: 201052 MFC r306184 (by oshogbo@): fd: simplify fgetvp_rights by using fget_cap_locked. MFC r306225 (by mjg@): fd: fix up fgetvp_rights after r306184 fget_cap_locked returns a referenced file, but the fgetvp_rights does not need it. Instead, due to the filedesc lock being held, it can ref the vnode after the file was looked up. Fix up fget_cap_locked to be consistent with other _locked helpers and not ref the file. This plugs a leak introduced in r306184. MFC r306232 (by oshogbo@): fd: fix up fget_cap If the kernel is not compiled with the CAPABILITIES kernel options fget_unlocked doesn't return the sequence number so fd_modify will always report modification, in that case we got infinity loop. MFC r311474 (by glebius@): Use getsock_cap() instead of fgetsock(). MFC r312079 (by glebius@): Use getsock_cap() instead of deprecated fgetsock(). MFC r312081 (by glebius@): Use getsock_cap() instead of deprecated fgetsock(). MFC r312087 (by glebius@): Remove deprecated fgetsock() and fputsock(). Bump __FreeBSD_version as getsock_cap changed and fgetsock/fputsock pair removed. Changes: _U stable/11/ stable/11/sys/compat/cloudabi/cloudabi_sock.c stable/11/sys/compat/linux/linux_socket.c stable/11/sys/dev/iscsi_initiator/isc_soc.c stable/11/sys/dev/iscsi_initiator/iscsi.c stable/11/sys/kern/kern_descrip.c stable/11/sys/kern/kern_sendfile.c stable/11/sys/kern/uipc_syscalls.c stable/11/sys/netinet/sctp_syscalls.c stable/11/sys/sys/file.h stable/11/sys/sys/filedesc.h stable/11/sys/sys/param.h stable/11/sys/sys/socketvar.h
Mariusz, can this be closed now?
We still don't have support for sctp_peeloff.
(In reply to Mariusz Zaborski from comment #4) Ah, indeed. I've reset the asignee for now.
For bugs matching the following conditions: - Status == In Progress - Assignee == "bugs@FreeBSD.org" - Last Modified Year <= 2017 Do - Set Status to "Open"