git: kernel - Add per-process capability-based restrictions
Matthew Dillon
dillon at crater.dragonflybsd.org
Thu Oct 12 22:57:45 PDT 2023
commit 2b3f93ea6d1f70880f3e87f3c2cbe0dc0bfc9332
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Thu Oct 12 19:55:19 2023 -0700
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restrictions
are inherited by sub-processes recursively. Once set, restrictions cannot
be removed.
Basic restrictions that mimic an unadorned jail can be enabled without
creating a jail, but generally speaking real security also requires
creating a chrooted filesystem topology, and a jail is still needed
to really segregate processes from each other. If you do so, however,
you can (for example) disable mount/umount and most global root-only
features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with
a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to
improve jailess security in the near future, and to optimize the
priv_check code.
Summary of changes:
Makefile_upgrade.inc | 4 +-
bin/ps/print.c | 14 +
bin/ps/ps.1 | 5 +
lib/libc/sys/Makefile.inc | 2 +
lib/libc/sys/Symbol.map | 6 +
lib/libc/sys/syscap_get.2 | 324 +++++++++++++
share/man/man9/Makefile | 3 -
share/man/man9/priv.9 | 122 -----
sys/bus/u4b/audio/uaudio.c | 2 +-
sys/bus/u4b/controller/ehci.c | 2 +-
sys/bus/u4b/controller/ehci_pci.c | 2 +-
sys/bus/u4b/controller/ohci.c | 2 +-
sys/bus/u4b/controller/ohci_pci.c | 2 +-
sys/bus/u4b/controller/uhci.c | 2 +-
sys/bus/u4b/controller/uhci_pci.c | 2 +-
sys/bus/u4b/controller/usb_controller.c | 2 +-
sys/bus/u4b/controller/xhci.c | 2 +-
sys/bus/u4b/controller/xhci_pci.c | 2 +-
sys/bus/u4b/gadget/g_audio.c | 2 +-
sys/bus/u4b/gadget/g_keyboard.c | 2 +-
sys/bus/u4b/gadget/g_modem.c | 2 +-
sys/bus/u4b/gadget/g_mouse.c | 2 +-
sys/bus/u4b/input/uhid.c | 2 +-
sys/bus/u4b/input/ukbd.c | 2 +-
sys/bus/u4b/input/ums.c | 2 +-
sys/bus/u4b/misc/ufm.c | 2 +-
sys/bus/u4b/net/if_aue.c | 2 +-
sys/bus/u4b/net/if_cdce.c | 2 +-
sys/bus/u4b/net/if_cue.c | 2 +-
sys/bus/u4b/net/if_ipheth.c | 2 +-
sys/bus/u4b/net/if_kue.c | 2 +-
sys/bus/u4b/net/if_mos.c | 2 +-
sys/bus/u4b/net/if_udav.c | 2 +-
sys/bus/u4b/net/if_urndis.c | 2 +-
sys/bus/u4b/quirk/usb_quirk.c | 7 +-
sys/bus/u4b/serial/u3g.c | 2 +-
sys/bus/u4b/serial/uark.c | 2 +-
sys/bus/u4b/serial/ubsa.c | 2 +-
sys/bus/u4b/serial/ubser.c | 2 +-
sys/bus/u4b/serial/uchcom.c | 2 +-
sys/bus/u4b/serial/ucycom.c | 2 +-
sys/bus/u4b/serial/ufoma.c | 2 +-
sys/bus/u4b/serial/uftdi.c | 2 +-
sys/bus/u4b/serial/ugensa.c | 2 +-
sys/bus/u4b/serial/uipaq.c | 2 +-
sys/bus/u4b/serial/ulpt.c | 2 +-
sys/bus/u4b/serial/umcs.c | 2 +-
sys/bus/u4b/serial/umct.c | 2 +-
sys/bus/u4b/serial/umodem.c | 2 +-
sys/bus/u4b/serial/umoscom.c | 2 +-
sys/bus/u4b/serial/uplcom.c | 2 +-
sys/bus/u4b/serial/usb_serial.c | 5 +-
sys/bus/u4b/serial/uslcom.c | 2 +-
sys/bus/u4b/serial/uvisor.c | 2 +-
sys/bus/u4b/serial/uvscom.c | 2 +-
sys/bus/u4b/storage/umass.c | 2 +-
sys/bus/u4b/storage/urio.c | 2 +-
sys/bus/u4b/storage/ustorage_fs.c | 2 +-
sys/bus/u4b/template/usb_template.c | 2 +-
sys/bus/u4b/template/usb_template_audio.c | 2 +-
sys/bus/u4b/template/usb_template_cdce.c | 2 +-
sys/bus/u4b/template/usb_template_kbd.c | 2 +-
sys/bus/u4b/template/usb_template_modem.c | 2 +-
sys/bus/u4b/template/usb_template_mouse.c | 2 +-
sys/bus/u4b/template/usb_template_msc.c | 2 +-
sys/bus/u4b/template/usb_template_mtp.c | 2 +-
sys/bus/u4b/template/usb_template_phone.c | 2 +-
sys/bus/u4b/template/usb_template_serialnet.c | 2 +-
sys/bus/u4b/usb_busdma.c | 2 +-
sys/bus/u4b/usb_core.c | 2 +-
sys/bus/u4b/usb_debug.c | 2 +-
sys/bus/u4b/usb_dev.c | 4 +-
sys/bus/u4b/usb_device.c | 2 +-
sys/bus/u4b/usb_dynamic.c | 2 +-
sys/bus/u4b/usb_error.c | 2 +-
sys/bus/u4b/usb_generic.c | 27 +-
sys/bus/u4b/usb_handle_request.c | 2 +-
sys/bus/u4b/usb_hid.c | 2 +-
sys/bus/u4b/usb_hub.c | 2 +-
sys/bus/u4b/usb_lookup.c | 2 +-
sys/bus/u4b/usb_mbuf.c | 2 +-
sys/bus/u4b/usb_msctest.c | 2 +-
sys/bus/u4b/usb_parse.c | 2 +-
sys/bus/u4b/usb_process.c | 2 +-
sys/bus/u4b/usb_request.c | 2 +-
sys/bus/u4b/usb_transfer.c | 2 +-
sys/bus/u4b/usb_util.c | 2 +-
sys/conf/files | 1 +
sys/dev/disk/fd/fd.c | 4 +-
sys/dev/disk/nata/atapi-cd.c | 4 +-
sys/dev/disk/vn/vn.c | 4 +-
sys/dev/drm/include/linux/capability.h | 6 +-
sys/dev/drm/ttm/ttm_memory.c | 4 +-
sys/dev/misc/cpuctl/cpuctl.c | 6 +-
sys/dev/misc/dcons/dcons_os.c | 6 +-
sys/dev/misc/nmdm/nmdm.c | 6 +-
sys/dev/misc/syscons/syscons.c | 8 +-
sys/dev/misc/syscons/sysmouse.c | 2 +-
sys/dev/netif/ath/ath/if_ath.c | 2 +-
sys/dev/netif/ath/ath/if_ath_beacon.c | 2 +-
sys/dev/netif/ath/ath/if_ath_debug.c | 2 +-
sys/dev/netif/ath/ath/if_ath_descdma.c | 2 +-
sys/dev/netif/ath/ath/if_ath_ioctl.c | 4 +-
sys/dev/netif/ath/ath/if_ath_keycache.c | 2 +-
sys/dev/netif/ath/ath/if_ath_led.c | 2 +-
sys/dev/netif/ath/ath/if_ath_rx.c | 2 +-
sys/dev/netif/ath/ath/if_ath_rx_edma.c | 2 +-
sys/dev/netif/ath/ath/if_ath_sysctl.c | 2 +-
sys/dev/netif/ath/ath/if_ath_tdma.c | 2 +-
sys/dev/netif/ath/ath/if_ath_tx.c | 2 +-
sys/dev/netif/ath/ath/if_ath_tx_edma.c | 2 +-
sys/dev/netif/ath/ath/if_ath_tx_ht.c | 2 +-
sys/dev/netif/iwn/if_iwn.c | 5 +-
sys/dev/netif/oce/oce_if.c | 3 +-
sys/dev/netif/oce/oce_if.h | 2 +-
sys/dev/netif/sbsh/if_sbsh.c | 14 +-
sys/dev/netif/wi/if_wi.c | 2 +-
sys/dev/raid/asr/asr.c | 8 +-
sys/dev/raid/mpr/mpr.c | 6 +-
sys/dev/raid/vinum/vinum.c | 3 +-
sys/dev/raid/vinum/vinumhdr.h | 2 +-
sys/dev/serial/sio/sio.c | 11 +-
sys/kern/imgact_resident.c | 13 +-
sys/kern/init_sysent.c | 20 +-
sys/kern/kern_acct.c | 5 +-
sys/kern/kern_caps.c | 355 ++++++++++++++
sys/kern/kern_clock.c | 4 +-
sys/kern/kern_dmsg.c | 2 +-
sys/kern/kern_environment.c | 6 +-
sys/kern/kern_exec.c | 36 +-
sys/kern/kern_fp.c | 2 +-
sys/kern/kern_jail.c | 92 ++--
sys/kern/kern_kinfo.c | 7 +
sys/kern/kern_linker.c | 8 +-
sys/kern/kern_memio.c | 10 +-
sys/kern/kern_ntptime.c | 5 +-
sys/kern/kern_plimit.c | 7 +-
sys/kern/kern_prot.c | 81 +++-
sys/kern/kern_resource.c | 12 +-
sys/kern/kern_shutdown.c | 5 +-
sys/kern/kern_sig.c | 7 +
sys/kern/kern_spinlock.c | 4 +-
sys/kern/kern_synch.c | 6 +-
sys/kern/kern_sysctl.c | 12 +-
sys/kern/kern_time.c | 17 +-
sys/kern/kern_usched.c | 14 +-
sys/kern/kern_varsym.c | 6 +-
sys/kern/subr_firmware.c | 6 +-
sys/kern/subr_prf.c | 6 +-
sys/kern/subr_sleepqueue.c | 2 +-
sys/kern/sys_mqueue.c | 5 +-
sys/kern/sys_process.c | 6 +-
sys/kern/syscalls.c | 20 +-
sys/kern/syscalls.master | 20 +-
sys/kern/sysv_ipc.c | 14 +-
sys/kern/sysv_msg.c | 4 +-
sys/kern/tty.c | 15 +-
sys/kern/tty_cons.c | 5 +-
sys/kern/tty_pty.c | 5 +-
sys/kern/vfs_helper.c | 10 +-
sys/kern/vfs_subr.c | 6 +-
sys/kern/vfs_syscalls.c | 81 ++--
sys/kern/vfs_vnops.c | 4 +-
sys/net/bridge/if_bridge.c | 5 +-
sys/net/gre/if_gre.c | 40 +-
sys/net/if.c | 36 +-
sys/net/lagg/if_lagg.c | 11 +-
sys/net/pf/if_pfsync.c | 6 +-
sys/net/raw_usrreq.c | 5 +-
sys/net/rtsock.c | 6 +-
sys/net/sl/if_sl.c | 5 +-
sys/net/tap/if_tap.c | 6 +-
sys/net/tun/if_tun.c | 4 +-
sys/netbt/hci_ioctl.c | 13 +-
sys/netbt/hci_socket.c | 4 +-
sys/netgraph/socket/ng_socket.c | 7 +-
sys/netgraph/tty/ng_tty.c | 5 +-
sys/netgraph7/bluetooth/drivers/h4/ng_h4.c | 5 +-
sys/netgraph7/bluetooth/drivers/ubt/ng_ubt.c | 2 +-
.../bluetooth/drivers/ubtbcmfw/ubtbcmfw.c | 2 +-
.../bluetooth/socket/ng_btsocket_hci_raw.c | 4 +-
.../bluetooth/socket/ng_btsocket_l2cap_raw.c | 6 +-
sys/netgraph7/socket/ng_socket.c | 11 +-
sys/netgraph7/tty/ng_tty.c | 5 +-
sys/netinet/in.c | 17 +-
sys/netinet/in_pcb.c | 14 +-
sys/netinet/ip_carp.c | 8 +-
sys/netinet/ip_divert.c | 7 +-
sys/netinet/ip_output.c | 2 +-
sys/netinet/raw_ip.c | 5 +-
sys/netinet/tcp_subr.c | 6 +-
sys/netinet/udp_usrreq.c | 4 +-
sys/netinet6/in6.c | 6 +-
sys/netinet6/in6_pcb.c | 5 +-
sys/netinet6/in6_src.c | 5 +-
sys/netinet6/ip6_input.c | 4 +-
sys/netinet6/ip6_output.c | 11 +-
sys/netinet6/raw_ip6.c | 5 +-
sys/netinet6/udp6_output.c | 8 +-
sys/netinet6/udp6_usrreq.c | 4 +-
sys/netproto/802_11/wlan/ieee80211_ioctl.c | 8 +-
sys/netproto/smb/smb_conn.c | 2 +-
sys/netproto/smb/smb_subr.h | 2 +-
sys/platform/pc64/x86_64/machdep.c | 4 +-
sys/platform/pc64/x86_64/mp_flame.c | 6 +-
sys/sys/caps.h | 381 +++++++++++++++
sys/sys/kinfo.h | 20 +-
sys/sys/priv.h | 510 ---------------------
sys/sys/proc.h | 5 +-
sys/sys/syscall.h | 12 +-
sys/sys/syscall.mk | 2 +
sys/sys/sysproto.h | 13 +
sys/sys/sysunion.h | 2 +
sys/sys/ucred.h | 5 +
sys/vfs/devfs/devfs_vnops.c | 4 +-
sys/vfs/ext2fs/ext2_vfsops.c | 2 +-
sys/vfs/ext2fs/ext2_vnops.c | 24 +-
sys/vfs/fuse/fuse_vfsops.c | 6 +-
sys/vfs/hammer/hammer.h | 2 +-
sys/vfs/hammer/hammer_ioctl.c | 6 +-
sys/vfs/hammer2/hammer2.h | 2 +-
sys/vfs/hammer2/hammer2_ioctl.c | 2 +-
sys/vfs/hpfs/hpfs_vnops.c | 4 +-
sys/vfs/isofs/cd9660/cd9660_vfsops.c | 4 +-
sys/vfs/msdosfs/msdosfs_vnops.c | 19 +-
sys/vfs/nfs/nfs_serv.c | 11 +-
sys/vfs/nfs/nfs_subs.c | 7 +-
sys/vfs/nfs/nfs_syscalls.c | 4 +-
sys/vfs/procfs/procfs.h | 2 +-
sys/vfs/procfs/procfs_ctl.c | 2 +-
sys/vfs/procfs/procfs_dbregs.c | 2 +-
sys/vfs/procfs/procfs_fpregs.c | 2 +-
sys/vfs/procfs/procfs_mem.c | 2 +-
sys/vfs/procfs/procfs_regs.c | 2 +-
sys/vfs/procfs/procfs_status.c | 2 +-
sys/vfs/procfs/procfs_vnops.c | 7 +-
sys/vfs/smbfs/smbfs_vnops.c | 6 +-
sys/vfs/tmpfs/tmpfs_subr.c | 2 +-
sys/vfs/tmpfs/tmpfs_vnops.c | 4 +-
sys/vfs/udf/udf_vfsops.c | 4 +-
sys/vfs/ufs/ufs_vfsops.c | 12 +-
sys/vfs/ufs/ufs_vnops.c | 20 +-
sys/vm/vm_mmap.c | 8 +-
sys/vm/vm_swap.c | 6 +-
tools/tools/netrate/pktgen/pktgen.c | 2 +-
usr.bin/Makefile | 1 +
usr.bin/dsynth/build.c | 5 +
usr.bin/dsynth/dsynth.c | 14 +
usr.bin/dsynth/dsynth.h | 3 +
usr.bin/dsynth/subs.c | 28 ++
usr.bin/setcaps/Makefile | 8 +
usr.bin/setcaps/setcaps.1 | 92 ++++
usr.bin/setcaps/setcaps.c | 190 ++++++++
usr.bin/w/w.c | 39 +-
usr.sbin/makefs/hammer2/hammer2.h | 2 +-
255 files changed, 2321 insertions(+), 1269 deletions(-)
create mode 100644 lib/libc/sys/syscap_get.2
delete mode 100644 share/man/man9/priv.9
create mode 100644 sys/kern/kern_caps.c
create mode 100644 sys/sys/caps.h
delete mode 100644 sys/sys/priv.h
create mode 100644 usr.bin/setcaps/Makefile
create mode 100644 usr.bin/setcaps/setcaps.1
create mode 100644 usr.bin/setcaps/setcaps.c
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/2b3f93ea6d1f70880f3e87f3c2cbe0dc0bfc9332
--
DragonFly BSD source repository
More information about the Commits
mailing list