Date: Sun, 17 Jul 2011 23:05:24 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/kern kern_exec.c kern_mib.c kern_sysctl.c posix4_mib.c subr_smp.c src/sys/sys sysctl.h Message-ID: <201107172305.p6HN5wH5006734@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2011-07-17 23:05:24 UTC
FreeBSD src repository
Modified files:
sys/kern kern_exec.c kern_mib.c kern_sysctl.c
posix4_mib.c subr_smp.c
sys/sys sysctl.h
Log:
SVN rev 224159 on 2011-07-17 23:05:24Z by rwatson
Define two new sysctl node flags: CTLFLAG_CAPRD and CTLFLAG_CAPRW, which
may be jointly referenced via the mask CTLFLAG_CAPRW. Sysctls with these
flags are available in Capsicum's capability mode; other sysctl nodes are
not.
Flag several useful sysctls as available in capability mode, such as memory
layout sysctls required by the run-time linker and malloc(3). Also expose
access to randomness and available kernel features.
A few sysctls are enabled to support name->MIB conversion; these may leak
information to capability mode by virtue of providing resolution on names
not flagged for access in capability mode. This is, generally, not a huge
problem, but might be something to resolve in the future. Flag these cases
with XXX comments.
Submitted by: jonathan
Sponsored by: Google, Inc.
Revision Changes Path
1.363 +3 -2 src/sys/kern/kern_exec.c
1.105 +19 -17 src/sys/kern/kern_mib.c
1.217 +36 -6 src/sys/kern/kern_sysctl.c
1.15 +3 -2 src/sys/kern/posix4_mib.c
1.232 +7 -7 src/sys/kern/subr_smp.c
1.193 +5 -1 src/sys/sys/sysctl.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201107172305.p6HN5wH5006734>