I don't know why, but cap_ftruncate_rights doesn't appear to work in 32-bit emulation. The bug can be reproduced by running i386's dd binary on a 64-bit kernel: $ /bin/dd if=/dev/zero of=1.file bs=1 count=1 oseek=1 conv=sparse 1+0 records in 1+0 records out 1 bytes transferred in 0.000235 secs (4263 bytes/sec) $ /root32/bin/dd if=/dev/zero of=1.file bs=1 count=1 oseek=1 conv=sparse dd: truncating 1.file: Not permitted in capability mode 1+0 records in 1+0 records out 1 bytes transferred in 0.000111 secs (9035 bytes/sec) There doesn't appear to be anything obviously wrong with the code in either dd or kern_ftruncate, so I think it's a deeper capsicum bug.
What's the return value of cap_rights_limit? Does truss support 32 bit binaries?
Hm. There are compat32 versions of cap_ioctls_limit and cap_ioctls_get, but not cap_rights_limit, cap_rights_get, or cap_fcntls*.
cap_rights_limit must've exited 0, because otherwise dd would've aborted. I don't know about truss, but I tried both ktrace and dtrace. Dtracing syscalls::cap_rights_limit:enter showed the same value for the capabilities in both 64 and 32 bit mode. Why do you say that cap_rights_limit has no 32-bit version? I see it in line 1033 of sys/compat/freebsd32/syscalls.master.
(In reply to Alan Somers from comment #3) > Why do you say that cap_rights_limit has no 32-bit version? I mean no compat32-specific definition, e.g., see the difference between that line and the cap_ioctl* definitions in that file.
Maybe freebsd32_ftruncate needs to be added to compat/freebsd32/capabilities.conf ?
By the way, it seems the freebsd6_* and freebsd11_* in compat/freebsd32/capabilities.conf are unused by makesyscalls.sh
(In reply to Antoine Brodin from comment #5) Yes, you are almost right. The entry should be corrected, it is errnonously called 'ftruncate' in compat32 capabilities.conf.
Created attachment 196317 [details] Correct the line in compat32 capabilities.conf for ftruncate(2).
The ftruncate in compat32 capabilities.conf enables capability for 130 = old ftruncate
A commit references this bug: Author: kib Date: Tue Aug 28 18:49:40 UTC 2018 New revision: 338357 URL: https://svnweb.freebsd.org/changeset/base/338357 Log: Fix compat32 ftruncate cap mode after ino64. Reported by: asomers PR: 230120 Sponsored by: The FreeBSD Foundation Approved by: re (gjb) Changes: head/sys/compat/freebsd32/capabilities.conf
MFC?
A commit references this bug: Author: kib Date: Wed Sep 5 21:15:23 UTC 2018 New revision: 338480 URL: https://svnweb.freebsd.org/changeset/base/338480 Log: MFC r338357: Fix compat32 ftruncate cap mode. PR: 230120 Changes: _U stable/11/ stable/11/sys/compat/freebsd32/capabilities.conf