Re: RFC: New security model secmodel_securechroot(9)

[Aleksey Cheusov <cheusov%tut.by@localhost>]

 >>  >>      ·   Processor-set manipulation is not allowed.
 >> 
 >> > Please cross reference what you mean here (cpuctl(8), I take?)
 >> No. schedctl(8).
 >> CPU manipulations using cpuctl(8) is also not allowed.

> Please make sure that it is clear that you mean the global scheduler
> settings and not the pthread affinity flags.

Could you please list all functions you'd like to see allowed
(with argument if necessary)?

 >> 
 >>  >>      ·   Changing coredump settings for set-id processes is not allowed.
 >> 
 >> > Does this mean setrlimit(2) is prohibited for disabling core dumps?
 >> 
 >> Disabling core dump generation is not allowed in chroots due to
 >> denying KAUTH_REQ_PROCESS_RLIMIT_SET requests.
 >> But the sentence above is about changing kern.coredump.setid only.

> That's problematic for programs dealing with cryptographic material,
> which often (intentionally) disallow core dumps for obvious reasons.

Done. Lowering limits is allowed.
Appropriate code now looks like the following

case KAUTH_PROCESS_RLIMIT:
        p = arg0;
        req = (enum kauth_system_req)arg1;
        if (req == KAUTH_REQ_PROCESS_RLIMIT_SET){
                new_rlimit = arg2;
                which = (u_long)arg3;
                if (new_rlimit->rlim_cur > p->p_rlimit[which].rlim_cur ||
                    new_rlimit->rlim_max > p->p_rlimit[which].rlim_max)
                {
                        result = KAUTH_RESULT_DENY;
                }
        }
        break;

-- 
Best regards, Aleksey Cheusov.