-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
this week i've been fixing the bugs I introduced at the end of last week in the capability mode. I wrote some test programs to verify that the comportment of the new syscalls is correct. The capability mode is mostly done, i've been groking the kernel to see where holdfp/holdvnode/holdsock are used and understand what capability is needed in each case for the operation. This is not finished and i'll be doing that the whole next week. I also need to add a filter in the syscall path to check if the syscall is allowed in capability mode. FreeBSD has a different sysent table than dragonfly. They have added a a flag field for each syscall. A new flag SYF_CAPENABLED can be set for each syscall, and the syscall path checks if the flag is set before calling the syscall if the process is in capability mode (https://gitweb.dragonflybsd.org/freebsd.git/blob/HEAD:/sys/kern/subr_syscall.c#l106). I need a mechanism to achieve a similar goal in dragonfly. I see two possibilities : * Adding a flag field in the sysent like freebsd * If i'm correct, the sysent vector is only accessed via the p_sysent field of the proc structure. The syscall is lookup in trac.c (machine dependent code) using this pointer. The sysent vector could be context dependent, with two statically alloced sysent vectors : one for normal processes, and one for processes in capability mode. Switching a process in capability mode would hence only have to switch the p_sysent pointer to the other sysent vector. * Other suggestions welcome ! Thanks, Joris -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iQEcBAEBAgAGBQJR49VJAAoJEKTpb5GpqFh5bGYH/2ntMFQxOARbmwSiJ+t0gki/ +AiUwUDIYqZeip3sJFEyrC4ZxZ6xpbADm441xvRADscAEn0OS+Ok3JiMHUz8n9V6 Nj9yYhHH76r2USa846IRIpdQfRI9sm2LorefNb+s3HqLrRAxGtdf0M5glBiciu5I Jl+8+V+At0RJL7LbLrdYEOFa8EcoWJQs8Kl6tY+nvKAWZOD8Mkd2XrJlevj507P8 f+kCoOkulavjVGBmCk2cmh1yfJ14d2v5Esq/Ns2gqDAonE0mO/t/ReHEwo3lawui TYw7+kerRNcMCWB1Fj+bywvJFJWzZN3BLM/wQAZ9iWCa27VQQs2LJv8GZ1x6s0s= =TH42 -----END PGP SIGNATURE-----
