projects / dragonfly.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f2bb8de) | patch
kernel - Add per-process capability-based restrictions
authorMatthew Dillon <dillon@apollo.backplane.com>
Fri, 13 Oct 2023 02:55:19 +0000 (19:55 -0700)
committerMatthew Dillon <dillon@apollo.backplane.com>
Fri, 13 Oct 2023 05:56:27 +0000 (22:56 -0700)
commit2b3f93ea6d1f70880f3e87f3c2cbe0dc0bfc9332
tree4ffe6f66589a06cddeb1ca2d936afe93e4af5051tree | snapshot
parentf2bb8deffb3aaa3032c73b184f65e7f76bf5285acommit | diff
kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
  turns off numerous kernel features and root accesses.  These restrictions
  are inherited by sub-processes recursively.  Once set, restrictions cannot
  be removed.

  Basic restrictions that mimic an unadorned jail can be enabled without
  creating a jail, but generally speaking real security also requires
  creating a chrooted filesystem topology, and a jail is still needed
  to really segregate processes from each other.  If you do so, however,
  you can (for example) disable mount/umount and most global root-only
  features.

* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)

* Add sys/caps.h

* Add the "setcaps" userland utility and manual page.

* Remove priv.9 and the priv_check infrastructure, replacing it with
  a newly designed caps infrastructure.

* The intention is to add path restriction lists and similar features to
  improve jailess security in the near future, and to optimize the
  priv_check code.
255 files changed:
Makefile_upgrade.inc diff | blob | blame | history
bin/ps/print.c diff | blob | blame | history
bin/ps/ps.1 diff | blob | blame | history
lib/libc/sys/Makefile.inc diff | blob | blame | history
lib/libc/sys/Symbol.map diff | blob | blame | history
lib/libc/sys/syscap_get.2 [new file with mode: 0644] blob
share/man/man9/Makefile diff | blob | blame | history
share/man/man9/priv.9 [deleted file] blob | blame | history
sys/bus/u4b/audio/uaudio.c diff | blob | blame | history
sys/bus/u4b/controller/ehci.c diff | blob | blame | history
sys/bus/u4b/controller/ehci_pci.c diff | blob | blame | history
sys/bus/u4b/controller/ohci.c diff | blob | blame | history
sys/bus/u4b/controller/ohci_pci.c diff | blob | blame | history
sys/bus/u4b/controller/uhci.c diff | blob | blame | history
sys/bus/u4b/controller/uhci_pci.c diff | blob | blame | history
sys/bus/u4b/controller/usb_controller.c diff | blob | blame | history
sys/bus/u4b/controller/xhci.c diff | blob | blame | history
sys/bus/u4b/controller/xhci_pci.c diff | blob | blame | history
sys/bus/u4b/gadget/g_audio.c diff | blob | blame | history
sys/bus/u4b/gadget/g_keyboard.c diff | blob | blame | history
sys/bus/u4b/gadget/g_modem.c diff | blob | blame | history
sys/bus/u4b/gadget/g_mouse.c diff | blob | blame | history
sys/bus/u4b/input/uhid.c diff | blob | blame | history
sys/bus/u4b/input/ukbd.c diff | blob | blame | history
sys/bus/u4b/input/ums.c diff | blob | blame | history
sys/bus/u4b/misc/ufm.c diff | blob | blame | history
sys/bus/u4b/net/if_aue.c diff | blob | blame | history
sys/bus/u4b/net/if_cdce.c diff | blob | blame | history
sys/bus/u4b/net/if_cue.c diff | blob | blame | history
sys/bus/u4b/net/if_ipheth.c diff | blob | blame | history
sys/bus/u4b/net/if_kue.c diff | blob | blame | history
sys/bus/u4b/net/if_mos.c diff | blob | blame | history
sys/bus/u4b/net/if_udav.c diff | blob | blame | history
sys/bus/u4b/net/if_urndis.c diff | blob | blame | history
sys/bus/u4b/quirk/usb_quirk.c diff | blob | blame | history
sys/bus/u4b/serial/u3g.c diff | blob | blame | history
sys/bus/u4b/serial/uark.c diff | blob | blame | history
sys/bus/u4b/serial/ubsa.c diff | blob | blame | history
sys/bus/u4b/serial/ubser.c diff | blob | blame | history
sys/bus/u4b/serial/uchcom.c diff | blob | blame | history
sys/bus/u4b/serial/ucycom.c diff | blob | blame | history
sys/bus/u4b/serial/ufoma.c diff | blob | blame | history
sys/bus/u4b/serial/uftdi.c diff | blob | blame | history
sys/bus/u4b/serial/ugensa.c diff | blob | blame | history
sys/bus/u4b/serial/uipaq.c diff | blob | blame | history
sys/bus/u4b/serial/ulpt.c diff | blob | blame | history
sys/bus/u4b/serial/umcs.c diff | blob | blame | history
sys/bus/u4b/serial/umct.c diff | blob | blame | history
sys/bus/u4b/serial/umodem.c diff | blob | blame | history
sys/bus/u4b/serial/umoscom.c diff | blob | blame | history
sys/bus/u4b/serial/uplcom.c diff | blob | blame | history
sys/bus/u4b/serial/usb_serial.c diff | blob | blame | history
sys/bus/u4b/serial/uslcom.c diff | blob | blame | history
sys/bus/u4b/serial/uvisor.c diff | blob | blame | history
sys/bus/u4b/serial/uvscom.c diff | blob | blame | history
sys/bus/u4b/storage/umass.c diff | blob | blame | history
sys/bus/u4b/storage/urio.c diff | blob | blame | history
sys/bus/u4b/storage/ustorage_fs.c diff | blob | blame | history
sys/bus/u4b/template/usb_template.c diff | blob | blame | history
sys/bus/u4b/template/usb_template_audio.c diff | blob | blame | history
sys/bus/u4b/template/usb_template_cdce.c diff | blob | blame | history
sys/bus/u4b/template/usb_template_kbd.c diff | blob | blame | history
sys/bus/u4b/template/usb_template_modem.c diff | blob | blame | history
sys/bus/u4b/template/usb_template_mouse.c diff | blob | blame | history
sys/bus/u4b/template/usb_template_msc.c diff | blob | blame | history
sys/bus/u4b/template/usb_template_mtp.c diff | blob | blame | history
sys/bus/u4b/template/usb_template_phone.c diff | blob | blame | history
sys/bus/u4b/template/usb_template_serialnet.c diff | blob | blame | history
sys/bus/u4b/usb_busdma.c diff | blob | blame | history
sys/bus/u4b/usb_core.c diff | blob | blame | history
sys/bus/u4b/usb_debug.c diff | blob | blame | history
sys/bus/u4b/usb_dev.c diff | blob | blame | history
sys/bus/u4b/usb_device.c diff | blob | blame | history
sys/bus/u4b/usb_dynamic.c diff | blob | blame | history
sys/bus/u4b/usb_error.c diff | blob | blame | history
sys/bus/u4b/usb_generic.c diff | blob | blame | history
sys/bus/u4b/usb_handle_request.c diff | blob | blame | history
sys/bus/u4b/usb_hid.c diff | blob | blame | history
sys/bus/u4b/usb_hub.c diff | blob | blame | history
sys/bus/u4b/usb_lookup.c diff | blob | blame | history
sys/bus/u4b/usb_mbuf.c diff | blob | blame | history
sys/bus/u4b/usb_msctest.c diff | blob | blame | history
sys/bus/u4b/usb_parse.c diff | blob | blame | history
sys/bus/u4b/usb_process.c diff | blob | blame | history
sys/bus/u4b/usb_request.c diff | blob | blame | history
sys/bus/u4b/usb_transfer.c diff | blob | blame | history
sys/bus/u4b/usb_util.c diff | blob | blame | history
sys/conf/files diff | blob | blame | history
sys/dev/disk/fd/fd.c diff | blob | blame | history
sys/dev/disk/nata/atapi-cd.c diff | blob | blame | history
sys/dev/disk/vn/vn.c diff | blob | blame | history
sys/dev/drm/include/linux/capability.h diff | blob | blame | history
sys/dev/drm/ttm/ttm_memory.c diff | blob | blame | history
sys/dev/misc/cpuctl/cpuctl.c diff | blob | blame | history
sys/dev/misc/dcons/dcons_os.c diff | blob | blame | history
sys/dev/misc/nmdm/nmdm.c diff | blob | blame | history
sys/dev/misc/syscons/syscons.c diff | blob | blame | history
sys/dev/misc/syscons/sysmouse.c diff | blob | blame | history
sys/dev/netif/ath/ath/if_ath.c diff | blob | blame | history
sys/dev/netif/ath/ath/if_ath_beacon.c diff | blob | blame | history
sys/dev/netif/ath/ath/if_ath_debug.c diff | blob | blame | history
sys/dev/netif/ath/ath/if_ath_descdma.c diff | blob | blame | history
sys/dev/netif/ath/ath/if_ath_ioctl.c diff | blob | blame | history
sys/dev/netif/ath/ath/if_ath_keycache.c diff | blob | blame | history
sys/dev/netif/ath/ath/if_ath_led.c diff | blob | blame | history
sys/dev/netif/ath/ath/if_ath_rx.c diff | blob | blame | history
sys/dev/netif/ath/ath/if_ath_rx_edma.c diff | blob | blame | history
sys/dev/netif/ath/ath/if_ath_sysctl.c diff | blob | blame | history
sys/dev/netif/ath/ath/if_ath_tdma.c diff | blob | blame | history
sys/dev/netif/ath/ath/if_ath_tx.c diff | blob | blame | history
sys/dev/netif/ath/ath/if_ath_tx_edma.c diff | blob | blame | history
sys/dev/netif/ath/ath/if_ath_tx_ht.c diff | blob | blame | history
sys/dev/netif/iwn/if_iwn.c diff | blob | blame | history
sys/dev/netif/oce/oce_if.c diff | blob | blame | history
sys/dev/netif/oce/oce_if.h diff | blob | blame | history
sys/dev/netif/sbsh/if_sbsh.c diff | blob | blame | history
sys/dev/netif/wi/if_wi.c diff | blob | blame | history
sys/dev/raid/asr/asr.c diff | blob | blame | history
sys/dev/raid/mpr/mpr.c diff | blob | blame | history
sys/dev/raid/vinum/vinum.c diff | blob | blame | history
sys/dev/raid/vinum/vinumhdr.h diff | blob | blame | history
sys/dev/serial/sio/sio.c diff | blob | blame | history
sys/kern/imgact_resident.c diff | blob | blame | history
sys/kern/init_sysent.c diff | blob | blame | history
sys/kern/kern_acct.c diff | blob | blame | history
sys/kern/kern_caps.c [new file with mode: 0644] blob
sys/kern/kern_clock.c diff | blob | blame | history
sys/kern/kern_dmsg.c diff | blob | blame | history
sys/kern/kern_environment.c diff | blob | blame | history
sys/kern/kern_exec.c diff | blob | blame | history
sys/kern/kern_fp.c diff | blob | blame | history
sys/kern/kern_jail.c diff | blob | blame | history
sys/kern/kern_kinfo.c diff | blob | blame | history
sys/kern/kern_linker.c diff | blob | blame | history
sys/kern/kern_memio.c diff | blob | blame | history
sys/kern/kern_ntptime.c diff | blob | blame | history
sys/kern/kern_plimit.c diff | blob | blame | history
sys/kern/kern_prot.c diff | blob | blame | history
sys/kern/kern_resource.c diff | blob | blame | history
sys/kern/kern_shutdown.c diff | blob | blame | history
sys/kern/kern_sig.c diff | blob | blame | history
sys/kern/kern_spinlock.c diff | blob | blame | history
sys/kern/kern_synch.c diff | blob | blame | history
sys/kern/kern_sysctl.c diff | blob | blame | history
sys/kern/kern_time.c diff | blob | blame | history
sys/kern/kern_usched.c diff | blob | blame | history
sys/kern/kern_varsym.c diff | blob | blame | history
sys/kern/subr_firmware.c diff | blob | blame | history
sys/kern/subr_prf.c diff | blob | blame | history
sys/kern/subr_sleepqueue.c diff | blob | blame | history
sys/kern/sys_mqueue.c diff | blob | blame | history
sys/kern/sys_process.c diff | blob | blame | history
sys/kern/syscalls.c diff | blob | blame | history
sys/kern/syscalls.master diff | blob | blame | history
sys/kern/sysv_ipc.c diff | blob | blame | history
sys/kern/sysv_msg.c diff | blob | blame | history
sys/kern/tty.c diff | blob | blame | history
sys/kern/tty_cons.c diff | blob | blame | history
sys/kern/tty_pty.c diff | blob | blame | history
sys/kern/vfs_helper.c diff | blob | blame | history
sys/kern/vfs_subr.c diff | blob | blame | history
sys/kern/vfs_syscalls.c diff | blob | blame | history
sys/kern/vfs_vnops.c diff | blob | blame | history
sys/net/bridge/if_bridge.c diff | blob | blame | history
sys/net/gre/if_gre.c diff | blob | blame | history
sys/net/if.c diff | blob | blame | history
sys/net/lagg/if_lagg.c diff | blob | blame | history
sys/net/pf/if_pfsync.c diff | blob | blame | history
sys/net/raw_usrreq.c diff | blob | blame | history
sys/net/rtsock.c diff | blob | blame | history
sys/net/sl/if_sl.c diff | blob | blame | history
sys/net/tap/if_tap.c diff | blob | blame | history
sys/net/tun/if_tun.c diff | blob | blame | history
sys/netbt/hci_ioctl.c diff | blob | blame | history
sys/netbt/hci_socket.c diff | blob | blame | history
sys/netgraph/socket/ng_socket.c diff | blob | blame | history
sys/netgraph/tty/ng_tty.c diff | blob | blame | history
sys/netgraph7/bluetooth/drivers/h4/ng_h4.c diff | blob | blame | history
sys/netgraph7/bluetooth/drivers/ubt/ng_ubt.c diff | blob | blame | history
sys/netgraph7/bluetooth/drivers/ubtbcmfw/ubtbcmfw.c diff | blob | blame | history
sys/netgraph7/bluetooth/socket/ng_btsocket_hci_raw.c diff | blob | blame | history
sys/netgraph7/bluetooth/socket/ng_btsocket_l2cap_raw.c diff | blob | blame | history
sys/netgraph7/socket/ng_socket.c diff | blob | blame | history
sys/netgraph7/tty/ng_tty.c diff | blob | blame | history
sys/netinet/in.c diff | blob | blame | history
sys/netinet/in_pcb.c diff | blob | blame | history
sys/netinet/ip_carp.c diff | blob | blame | history
sys/netinet/ip_divert.c diff | blob | blame | history
sys/netinet/ip_output.c diff | blob | blame | history
sys/netinet/raw_ip.c diff | blob | blame | history
sys/netinet/tcp_subr.c diff | blob | blame | history
sys/netinet/udp_usrreq.c diff | blob | blame | history
sys/netinet6/in6.c diff | blob | blame | history
sys/netinet6/in6_pcb.c diff | blob | blame | history
sys/netinet6/in6_src.c diff | blob | blame | history
sys/netinet6/ip6_input.c diff | blob | blame | history
sys/netinet6/ip6_output.c diff | blob | blame | history
sys/netinet6/raw_ip6.c diff | blob | blame | history
sys/netinet6/udp6_output.c diff | blob | blame | history
sys/netinet6/udp6_usrreq.c diff | blob | blame | history
sys/netproto/802_11/wlan/ieee80211_ioctl.c diff | blob | blame | history
sys/netproto/smb/smb_conn.c diff | blob | blame | history
sys/netproto/smb/smb_subr.h diff | blob | blame | history
sys/platform/pc64/x86_64/machdep.c diff | blob | blame | history
sys/platform/pc64/x86_64/mp_flame.c diff | blob | blame | history
sys/sys/caps.h [new file with mode: 0644] blob
sys/sys/kinfo.h diff | blob | blame | history
sys/sys/priv.h [deleted file] blob | blame | history
sys/sys/proc.h diff | blob | blame | history
sys/sys/syscall.h diff | blob | blame | history
sys/sys/syscall.mk diff | blob | blame | history
sys/sys/sysproto.h diff | blob | blame | history
sys/sys/sysunion.h diff | blob | blame | history
sys/sys/ucred.h diff | blob | blame | history
sys/vfs/devfs/devfs_vnops.c diff | blob | blame | history
sys/vfs/ext2fs/ext2_vfsops.c diff | blob | blame | history
sys/vfs/ext2fs/ext2_vnops.c diff | blob | blame | history
sys/vfs/fuse/fuse_vfsops.c diff | blob | blame | history
sys/vfs/hammer/hammer.h diff | blob | blame | history
sys/vfs/hammer/hammer_ioctl.c diff | blob | blame | history
sys/vfs/hammer2/hammer2.h diff | blob | blame | history
sys/vfs/hammer2/hammer2_ioctl.c diff | blob | blame | history
sys/vfs/hpfs/hpfs_vnops.c diff | blob | blame | history
sys/vfs/isofs/cd9660/cd9660_vfsops.c diff | blob | blame | history
sys/vfs/msdosfs/msdosfs_vnops.c diff | blob | blame | history
sys/vfs/nfs/nfs_serv.c diff | blob | blame | history
sys/vfs/nfs/nfs_subs.c diff | blob | blame | history
sys/vfs/nfs/nfs_syscalls.c diff | blob | blame | history
sys/vfs/procfs/procfs.h diff | blob | blame | history
sys/vfs/procfs/procfs_ctl.c diff | blob | blame | history
sys/vfs/procfs/procfs_dbregs.c diff | blob | blame | history
sys/vfs/procfs/procfs_fpregs.c diff | blob | blame | history
sys/vfs/procfs/procfs_mem.c diff | blob | blame | history
sys/vfs/procfs/procfs_regs.c diff | blob | blame | history
sys/vfs/procfs/procfs_status.c diff | blob | blame | history
sys/vfs/procfs/procfs_vnops.c diff | blob | blame | history
sys/vfs/smbfs/smbfs_vnops.c diff | blob | blame | history
sys/vfs/tmpfs/tmpfs_subr.c diff | blob | blame | history
sys/vfs/tmpfs/tmpfs_vnops.c diff | blob | blame | history
sys/vfs/udf/udf_vfsops.c diff | blob | blame | history
sys/vfs/ufs/ufs_vfsops.c diff | blob | blame | history
sys/vfs/ufs/ufs_vnops.c diff | blob | blame | history
sys/vm/vm_mmap.c diff | blob | blame | history
sys/vm/vm_swap.c diff | blob | blame | history
tools/tools/netrate/pktgen/pktgen.c diff | blob | blame | history
usr.bin/Makefile diff | blob | blame | history
usr.bin/dsynth/build.c diff | blob | blame | history
usr.bin/dsynth/dsynth.c diff | blob | blame | history
usr.bin/dsynth/dsynth.h diff | blob | blame | history
usr.bin/dsynth/subs.c diff | blob | blame | history
usr.bin/setcaps/Makefile [new file with mode: 0644] blob
usr.bin/setcaps/setcaps.1 [new file with mode: 0644] blob
usr.bin/setcaps/setcaps.c [new file with mode: 0644] blob
usr.bin/w/w.c diff | blob | blame | history
usr.sbin/makefs/hammer2/hammer2.h diff | blob | blame | history
DragonFly Project Source