Date: Wed, 17 Jun 2009 14:20:38 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 164584 for review Message-ID: <200906171420.n5HEKc3O078611@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=164584 Change 164584 by rwatson@rwatson_freebsd_capabilities on 2009/06/17 14:20:16 Mention rtld-elf interactions of libcapability. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#21 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#21 (text+ko) ==== @@ -55,6 +55,11 @@ .Nm will use one or both of "host" and "sandbox" APIs, depending on whether they consume or produce sandboxed services. +.Nm +will start sandboxed components using a sandbox-specific run-time linker, +.Xr rtld-elf-cap 1 , +rather than the standard +.Xr rtld-elf 1 . .Pp Host processes use the .Nm @@ -67,7 +72,6 @@ to communication with the sandboxed service based on socket I/O or remote procedure call (RPC). .Pp -.Pp Sandbox processes run in capability mode, and are only able to use resources either assigned to the sandbox during creation, or later explicitly passed to the process. @@ -89,6 +93,8 @@ with the requested rights mask. .Sh SEE ALSO .Xr rpcgen 1 , +.Xr rtld-elf 1 , +.Xr rtld-elf-cap 1 , .Xr cap_enter 2 , .Xr cap_new 2 , .Xr close 2 ,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906171420.n5HEKc3O078611>