freebsd-src icon indicating copy to clipboard operation
freebsd-src copied to clipboard
verified publisher icon freebsd

lsvfs(1): Capsicumise

Open kfv opened this issue 1 year ago • 3 comments

kfv avatar Oct 27 '24 15:10 kfv

This must be ready, I believe.

Cc: @oshogbo

kfv avatar Jan 01 '25 17:01 kfv

We don't need to change Makefile to add casper support?

You're right; I had changed it but forgot to commit. My apologies.

kfv avatar Jan 02 '25 11:01 kfv

@markjdb any final comments?

bsdimp avatar Jun 12 '25 00:06 bsdimp

@kfv Any comments? Otherwise, I plan on closing soon.

bsdimp avatar Aug 04 '25 19:08 bsdimp

Hi, apologies for the extended delay in addressing the requested changes. The past year has been personally and geopolitically challenging, and I appreciate your patience. I make sure to go through all the pending requests within the coming week at most. Thank you again for your understanding.

kfv avatar Aug 04 '25 22:08 kfv

@bsdimp, @markjdb: Hey! I believe it's now ready to ship.

kfv avatar Aug 05 '25 14:08 kfv

The first commit landed: a3eab01304884e13342bdaca4cf5204fa97ba456

oshogbo avatar Aug 11 '25 14:08 oshogbo

@oshogbo: I’m pretty sure we’re finally ready to ship the Capsicumise commit as well. I’ve completely reworked it since it had some issues. Thanks a lot for catching that and for bearing with my slip-ups. It’s been a great journey!

kfv avatar Aug 11 '25 17:08 kfv

@kfv Thoughts?

oshogbo avatar Aug 19 '25 08:08 oshogbo

@oshogbo: Reworked this based on your feedback (and also shared some thoughts on the thread). Sorry for the delay — I was away on vacation.

This version now fetches the full vfs.conflist list up front, then enters capability mode before any filtering/printing. That way sandboxing is meaningful, while keeping the overall approach close to what we had with getvfsbyname, but done manually here without further sysctl calls under the hood.

Could you take a look and let me know what you think?

kfv avatar Aug 22 '25 21:08 kfv

Yes, it looks much better. I will build it and test and let you know if it runs as expected.

oshogbo avatar Aug 24 '25 12:08 oshogbo 

usr.bin/lsvfs/lsvfs.c:67:18: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
   67 |                         for (j = 0; j < argc; j++) {
      |                                     ~ ^ ~~~~
usr.bin/lsvfs/lsvfs.c:71:10: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
   71 |                         if (j == argc)
      |                             ~ ^  ~~~~
2 errors generated.
*** Error code 1

oshogbo avatar Aug 28 '25 10:08 oshogbo

Right, j should have been declared as int since it is compared against argc. My apologies for the oversight.

kfv avatar Aug 30 '25 09:08 kfv

Commited: a0c709ab5af4e87ce4579404c4ffbd4295ad12c5

oshogbo avatar Oct 06 '25 15:10 oshogbo