From owner-cvs-src-old@FreeBSD.ORG  Tue Mar  1 13:23:57 2011
Return-Path: <owner-cvs-src-old@FreeBSD.ORG>
Delivered-To: cvs-src-old@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5441E106566C
	for <cvs-src-old@freebsd.org>; Tue,  1 Mar 2011 13:23:57 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 3F7748FC0C
	for <cvs-src-old@freebsd.org>; Tue,  1 Mar 2011 13:23:57 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.4/8.14.4) with ESMTP id p21DNvnp032626
	for <cvs-src-old@freebsd.org>; Tue, 1 Mar 2011 13:23:57 GMT
	(envelope-from rwatson@repoman.freebsd.org)
Received: (from svn2cvs@localhost)
	by repoman.freebsd.org (8.14.4/8.14.4/Submit) id p21DNv6t032625
	for cvs-src-old@freebsd.org; Tue, 1 Mar 2011 13:23:57 GMT
	(envelope-from rwatson@repoman.freebsd.org)
Message-Id: <201103011323.p21DNv6t032625@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to
	rwatson@repoman.freebsd.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Date: Tue, 1 Mar 2011 13:23:37 +0000 (UTC)
To: cvs-src-old@freebsd.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/compat/freebsd32 syscalls.master src/sys/conf
 NOTES options src/sys/kern kern_proc.c sys_capability.c
 syscalls.master src/sys/sys ucred.h user.h
X-BeenThere: cvs-src-old@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the src tree
	<cvs-src-old.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src-old>
List-Post: <mailto:cvs-src-old@freebsd.org>
List-Help: <mailto:cvs-src-old-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Mar 2011 13:23:57 -0000

rwatson     2011-03-01 13:23:37 UTC

  FreeBSD src repository

  Modified files:
    sys/compat/freebsd32 syscalls.master 
    sys/conf             NOTES options 
    sys/kern             kern_proc.c syscalls.master 
    sys/sys              ucred.h user.h 
  Added files:
    sys/kern             sys_capability.c 
  Log:
  SVN rev 219129 on 2011-03-01 13:23:37Z by rwatson
  
  Add initial support for Capsicum's Capability Mode to the FreeBSD kernel,
  compiled conditionally on options CAPABILITIES:
  
  Add a new credential flag, CRED_FLAG_CAPMODE, which indicates that a
  subject (typically a process) is in capability mode.
  
  Add two new system calls, cap_enter(2) and cap_getmode(2), which allow
  setting and querying (but never clearing) the flag.
  
  Export the capability mode flag via process information sysctls.
  
  Sponsored by:   Google, Inc.
  Reviewed by:    anderson
  Discussed with: benl, kris, pjd
  Obtained from:  Capsicum Project
  MFC after:      3 months
  
  Revision  Changes    Path
  1.133     +2 -2      src/sys/compat/freebsd32/syscalls.master
  1.1599    +3 -0      src/sys/conf/NOTES
  1.715     +1 -0      src/sys/conf/options
  1.310     +3 -1      src/sys/kern/kern_proc.c
  1.1       +123 -0    src/sys/kern/sys_capability.c (new)
  1.266     +2 -2      src/sys/kern/syscalls.master
  1.62      +5 -0      src/sys/sys/ucred.h
  1.89      +4 -2      src/sys/sys/user.h