mirror of
https://github.com/opnsense/src.git
synced 2026-02-25 19:05:20 -05:00
7493f24ee6
int bindat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen); int connectat(int fd, int s, const struct sockaddr *name, socklen_t namelen); which allow to bind and connect respectively to a UNIX domain socket with a path relative to the directory associated with the given file descriptor 'fd'. - Add manual pages for the new syscalls. - Make the new syscalls available for processes in capability mode sandbox. - Add capability rights CAP_BINDAT and CAP_CONNECTAT that has to be present on the directory descriptor for the syscalls to work. - Update audit(4) to support those two new syscalls and to handle path in sockaddr_un structure relative to the given directory descriptor. - Update procstat(1) to recognize the new capability rights. - Document the new capability rights in cap_rights_limit(2). Sponsored by: The FreeBSD Foundation Discussed with: rwatson, jilles, kib, des |
||
|---|---|---|
| .. | ||
| audit.c | ||
| audit.h | ||
| audit_arg.c | ||
| audit_bsm.c | ||
| audit_bsm_klib.c | ||
| audit_ioctl.h | ||
| audit_pipe.c | ||
| audit_private.h | ||
| audit_syscalls.c | ||
| audit_trigger.c | ||
| audit_worker.c | ||
| bsm_domain.c | ||
| bsm_errno.c | ||
| bsm_fcntl.c | ||
| bsm_socket_type.c | ||
| bsm_token.c | ||