Date: Tue, 1 Mar 2011 13:23:37 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/compat/freebsd32 syscalls.master src/sys/conf NOTES options src/sys/kern kern_proc.c sys_capability.c syscalls.master src/sys/sys ucred.h user.h Message-ID: <201103011323.p21DNv6t032625@repoman.freebsd.org>
index | next in thread | raw e-mail
rwatson 2011-03-01 13:23:37 UTC
FreeBSD src repository
Modified files:
sys/compat/freebsd32 syscalls.master
sys/conf NOTES options
sys/kern kern_proc.c syscalls.master
sys/sys ucred.h user.h
Added files:
sys/kern sys_capability.c
Log:
SVN rev 219129 on 2011-03-01 13:23:37Z by rwatson
Add initial support for Capsicum's Capability Mode to the FreeBSD kernel,
compiled conditionally on options CAPABILITIES:
Add a new credential flag, CRED_FLAG_CAPMODE, which indicates that a
subject (typically a process) is in capability mode.
Add two new system calls, cap_enter(2) and cap_getmode(2), which allow
setting and querying (but never clearing) the flag.
Export the capability mode flag via process information sysctls.
Sponsored by: Google, Inc.
Reviewed by: anderson
Discussed with: benl, kris, pjd
Obtained from: Capsicum Project
MFC after: 3 months
Revision Changes Path
1.133 +2 -2 src/sys/compat/freebsd32/syscalls.master
1.1599 +3 -0 src/sys/conf/NOTES
1.715 +1 -0 src/sys/conf/options
1.310 +3 -1 src/sys/kern/kern_proc.c
1.1 +123 -0 src/sys/kern/sys_capability.c (new)
1.266 +2 -2 src/sys/kern/syscalls.master
1.62 +5 -0 src/sys/sys/ucred.h
1.89 +4 -2 src/sys/sys/user.h
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201103011323.p21DNv6t032625>