diff options
| author | Jerry Jelinek <jerry.jelinek@joyent.com> | 2015-08-04 18:12:13 +0000 |
|---|---|---|
| committer | Jerry Jelinek <jerry.jelinek@joyent.com> | 2015-08-04 18:12:13 +0000 |
| commit | 710216a4b4dd849bd21b2d9b754036777a856236 (patch) | |
| tree | 0d45bd663151ac801f462ee84fab19b566715f16 | |
| parent | a6312f35f39642af75b0535cbff3d4a583b37b9a (diff) | |
| download | illumos-joyent-710216a4b4dd849bd21b2d9b754036777a856236.tar.gz | |
OS-4596 need /proc/sys/kernel/cap_last_cap
| -rw-r--r-- | usr/src/lib/brand/lx/lx_brand/common/capabilities.c | 9 | ||||
| -rw-r--r-- | usr/src/uts/common/brand/lx/procfs/lx_proc.h | 1 | ||||
| -rw-r--r-- | usr/src/uts/common/brand/lx/procfs/lx_prvnops.c | 12 | ||||
| -rw-r--r-- | usr/src/uts/common/brand/lx/sys/lx_brand.h | 3 |
4 files changed, 20 insertions, 5 deletions
diff --git a/usr/src/lib/brand/lx/lx_brand/common/capabilities.c b/usr/src/lib/brand/lx/lx_brand/common/capabilities.c index 4f72c6c900..f80afc9ea0 100644 --- a/usr/src/lib/brand/lx/lx_brand/common/capabilities.c +++ b/usr/src/lib/brand/lx/lx_brand/common/capabilities.c @@ -10,7 +10,7 @@ */ /* - * Copyright 2014 Joyent, Inc. All rights reserved. + * Copyright 2015 Joyent, Inc. All rights reserved. */ /* @@ -66,12 +66,11 @@ typedef struct { #define LX_CAP_SETPCAP 8 /* - * Even though we lack mappings for capabilities higher than 36, it's valuable - * to test all the way out to the end of the second field. This ensures that - * new capabilities we lack support for are not silently accepted. + * Even though we lack mappings for capabilities higher than LX_CAP_MAX_VALID, + * it's valuable to test all the way out to the end of the second field. This + * ensures that new capabilities we lack support for are not silently accepted. */ #define LX_CAP_MAX_CHECK 63 -#define LX_CAP_MAX_VALID 36 #define LX_CAP_CAPISSET(id, cap) \ (((id < 32) && (((0x1 << id) & cap[0]) != 0)) || \ diff --git a/usr/src/uts/common/brand/lx/procfs/lx_proc.h b/usr/src/uts/common/brand/lx/procfs/lx_proc.h index 52330936d6..a2ea2aa7a7 100644 --- a/usr/src/uts/common/brand/lx/procfs/lx_proc.h +++ b/usr/src/uts/common/brand/lx/procfs/lx_proc.h @@ -197,6 +197,7 @@ typedef enum lxpr_nodetype { LXPR_SYS_FS_INOTIFY_MAX_USER_INSTANCES, /* inotify/max_user_instances */ LXPR_SYS_FS_INOTIFY_MAX_USER_WATCHES, /* inotify/max_user_watches */ LXPR_SYS_KERNELDIR, /* /proc/sys/kernel/ */ + LXPR_SYS_KERNEL_CAPLCAP, /* /proc/sys/kernel/cap_last_cap */ LXPR_SYS_KERNEL_HOSTNAME, /* /proc/sys/kernel/hostname */ LXPR_SYS_KERNEL_MSGMNI, /* /proc/sys/kernel/msgmni */ LXPR_SYS_KERNEL_NGROUPS_MAX, /* /proc/sys/kernel/ngroups_max */ diff --git a/usr/src/uts/common/brand/lx/procfs/lx_prvnops.c b/usr/src/uts/common/brand/lx/procfs/lx_prvnops.c index 5d66a00b37..2ffc71014a 100644 --- a/usr/src/uts/common/brand/lx/procfs/lx_prvnops.c +++ b/usr/src/uts/common/brand/lx/procfs/lx_prvnops.c @@ -202,6 +202,7 @@ static void lxpr_read_sys_fs_inotify_max_user_instances(lxpr_node_t *, lxpr_uiobuf_t *); static void lxpr_read_sys_fs_inotify_max_user_watches(lxpr_node_t *, lxpr_uiobuf_t *); +static void lxpr_read_sys_kernel_caplcap(lxpr_node_t *, lxpr_uiobuf_t *); static void lxpr_read_sys_kernel_hostname(lxpr_node_t *, lxpr_uiobuf_t *); static void lxpr_read_sys_kernel_msgmni(lxpr_node_t *, lxpr_uiobuf_t *); static void lxpr_read_sys_kernel_ngroups_max(lxpr_node_t *, lxpr_uiobuf_t *); @@ -437,6 +438,7 @@ static lxpr_dirent_t sys_fs_inotifydir[] = { * contents of /proc/sys/kernel directory */ static lxpr_dirent_t sys_kerneldir[] = { + { LXPR_SYS_KERNEL_CAPLCAP, "cap_last_cap" }, { LXPR_SYS_KERNEL_HOSTNAME, "hostname" }, { LXPR_SYS_KERNEL_MSGMNI, "msgmni" }, { LXPR_SYS_KERNEL_NGROUPS_MAX, "ngroups_max" }, @@ -647,6 +649,7 @@ static void (*lxpr_read_function[LXPR_NFILES])() = { lxpr_read_sys_fs_inotify_max_user_instances, /* max_user_instances */ lxpr_read_sys_fs_inotify_max_user_watches, /* max_user_watches */ lxpr_read_invalid, /* /proc/sys/kernel */ + lxpr_read_sys_kernel_caplcap, /* /proc/sys/kernel/cap_last_cap */ lxpr_read_sys_kernel_hostname, /* /proc/sys/kernel/hostname */ lxpr_read_sys_kernel_msgmni, /* /proc/sys/kernel/msgmni */ lxpr_read_sys_kernel_ngroups_max, /* /proc/sys/kernel/ngroups_max */ @@ -759,6 +762,7 @@ static vnode_t *(*lxpr_lookup_function[LXPR_NFILES])() = { lxpr_lookup_not_a_dir, /* .../inotify/max_user_instances */ lxpr_lookup_not_a_dir, /* .../inotify/max_user_watches */ lxpr_lookup_sys_kerneldir, /* /proc/sys/kernel */ + lxpr_lookup_not_a_dir, /* /proc/sys/kernel/cap_last_cap */ lxpr_lookup_not_a_dir, /* /proc/sys/kernel/hostname */ lxpr_lookup_not_a_dir, /* /proc/sys/kernel/msgmni */ lxpr_lookup_not_a_dir, /* /proc/sys/kernel/ngroups_max */ @@ -871,6 +875,7 @@ static int (*lxpr_readdir_function[LXPR_NFILES])() = { lxpr_readdir_not_a_dir, /* .../inotify/max_user_instances */ lxpr_readdir_not_a_dir, /* .../inotify/max_user_watches */ lxpr_readdir_sys_kerneldir, /* /proc/sys/kernel */ + lxpr_readdir_not_a_dir, /* /proc/sys/kernel/cap_last_cap */ lxpr_readdir_not_a_dir, /* /proc/sys/kernel/hostname */ lxpr_readdir_not_a_dir, /* /proc/sys/kernel/msgmni */ lxpr_readdir_not_a_dir, /* /proc/sys/kernel/ngroups_max */ @@ -3718,6 +3723,13 @@ lxpr_read_sys_fs_inotify_max_user_watches(lxpr_node_t *lxpnp, } static void +lxpr_read_sys_kernel_caplcap(lxpr_node_t *lxpnp, lxpr_uiobuf_t *uiobuf) +{ + ASSERT(lxpnp->lxpr_type == LXPR_SYS_KERNEL_CAPLCAP); + lxpr_uiobuf_printf(uiobuf, "%d\n", LX_CAP_MAX_VALID); +} + +static void lxpr_read_sys_kernel_hostname(lxpr_node_t *lxpnp, lxpr_uiobuf_t *uiobuf) { ASSERT(lxpnp->lxpr_type == LXPR_SYS_KERNEL_HOSTNAME); diff --git a/usr/src/uts/common/brand/lx/sys/lx_brand.h b/usr/src/uts/common/brand/lx/sys/lx_brand.h index 7198bea59c..8cf16b9ea4 100644 --- a/usr/src/uts/common/brand/lx/sys/lx_brand.h +++ b/usr/src/uts/common/brand/lx/sys/lx_brand.h @@ -70,6 +70,9 @@ extern "C" { */ #define LX_NSYSCALLS 358 +/* Highest capability we know about */ +#define LX_CAP_MAX_VALID 36 + /* * brand(2) subcommands * |