On 1/3/24 16:19, Kyle Evans wrote:
The branch main has been updated by kevans:
URL:
https://cgit.FreeBSD.org/src/commit/?id=bf7c4fcbbb05ff99afde0744d013feeb35d77191
commit bf7c4fcbbb05ff99afde0744d013feeb35d77191
Author: Kyle Evans <[email protected]>
AuthorDate: 2024-01-03 22:17:59 +0000
Commit: Kyle Evans <[email protected]>
CommitDate: 2024-01-03 22:19:15 +0000
bhyveload: hold /boot and do relative lookups for the loader
The next change will push bhyveload into capability mode right after we
allocate vcpu state, before we've setup or entered the loader, to limit
the surface area that a rogue loader script can touch.
With an explicit -l loader, we don't need to preopen /boot because
changing interpreters isn't allowed. We'll just dlopen() entirely in
advance in that case to eliminate some complexity.
Sigh, sorry, just realized I forgot to update this part... the final
version just opens the file in advance, it didn't dlopen() it in advance
so that, e.g., ctors run in the sandbox. The remark about not
preopening /boot is still correct.
Reviewed by: allanjude (earlier version), markj
Differential Revision: https://reviews.freebsd.org/D43285
Thanks,
Kyle Evans
