Date: Tue, 16 Jun 2009 21:48:41 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 164538 for review Message-ID: <200906162148.n5GLmfGY050536@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=164538 Change 164538 by rwatson@rwatson_freebsd_capabilities on 2009/06/16 21:47:52 libcapabilitym is no longer required. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/lib/Makefile#8 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/Makefile#14 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#20 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapabilitym/Makefile#3 delete Differences ... ==== //depot/projects/trustedbsd/capabilities/src/lib/Makefile#8 (text+ko) ==== @@ -32,7 +32,7 @@ ncurses ${_libnetgraph} libradius librpcsvc libsbuf \ libtacplus libutil ${_libypclnt} libalias libarchive ${_libatm} \ libbegemot ${_libbluetooth} ${_libbsnmp} libbz2 \ - libcalendar libcam libcapability libcapabilitym libcompat \ + libcalendar libcam libcapability libcompat \ libdevinfo libdevstat \ libdisk \ libdwarf libedit libexpat libfetch libftpio libgeom ${_libgpib} \ ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/Makefile#14 (text+ko) ==== @@ -20,8 +20,7 @@ MAN= libcapability.3 MAN+= libcapability_host.3 MAN+= libcapability_sandbox.3 -MLINKS= libcapability.3 libcapabilitym.3 \ - libcapability.3 lc_limitfd.3 \ +MLINKS= libcapability.3 lc_limitfd.3 \ libcapability_host.3 lch_autosandbox_isenabled.3 \ libcapability_host.3 lch_start.3 \ libcapability_host.3 lch_start_flags.3 \ ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#20 (text+ko) ==== @@ -78,20 +78,6 @@ .Xr libcapability_sandbox 3 . Sandboxed processes themselves may launch software components in further sandboxes, so a single program may use both host and sandbox APIs. -.Pp -Applications will link against one of two versions of the library: -.Pp -.Nm libcapability -is intended to run in an unsandboxed environment, and is appropriate for use -by application running with full user privileges. -It relies on the UNIX file system namespace to load software components that -will be executed in sandboxes. -.Pp -.Nm libcapabilitym -is intended to run in a sandboxed environment, and loads binaries and -supporting libraries for sandboxes from the library descriptor cache -maintained by -.Xr rtld-elf-cap 1 . .Sh CAPABILITY API .Fn lc_limitfd is a wrapper around
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906162148.n5GLmfGY050536>