From owner-cvs-src-old@FreeBSD.ORG  Sun Jul 17 23:05:58 2011
Return-Path: <owner-cvs-src-old@FreeBSD.ORG>
Delivered-To: cvs-src-old@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 695CC106566B
	for <cvs-src-old@freebsd.org>; Sun, 17 Jul 2011 23:05:58 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 55A338FC15
	for <cvs-src-old@freebsd.org>; Sun, 17 Jul 2011 23:05:58 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.4/8.14.4) with ESMTP id p6HN5wYL006735
	for <cvs-src-old@freebsd.org>; Sun, 17 Jul 2011 23:05:58 GMT
	(envelope-from rwatson@repoman.freebsd.org)
Received: (from svn2cvs@localhost)
	by repoman.freebsd.org (8.14.4/8.14.4/Submit) id p6HN5wH5006734
	for cvs-src-old@freebsd.org; Sun, 17 Jul 2011 23:05:58 GMT
	(envelope-from rwatson@repoman.freebsd.org)
Message-Id: <201107172305.p6HN5wH5006734@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to
	rwatson@repoman.freebsd.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Date: Sun, 17 Jul 2011 23:05:24 +0000 (UTC)
To: cvs-src-old@freebsd.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/kern kern_exec.c kern_mib.c kern_sysctl.c
 posix4_mib.c subr_smp.c src/sys/sys sysctl.h
X-BeenThere: cvs-src-old@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the src tree
	<cvs-src-old.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src-old>
List-Post: <mailto:cvs-src-old@freebsd.org>
List-Help: <mailto:cvs-src-old-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jul 2011 23:05:58 -0000

rwatson     2011-07-17 23:05:24 UTC

  FreeBSD src repository

  Modified files:
    sys/kern             kern_exec.c kern_mib.c kern_sysctl.c 
                         posix4_mib.c subr_smp.c 
    sys/sys              sysctl.h 
  Log:
  SVN rev 224159 on 2011-07-17 23:05:24Z by rwatson
  
  Define two new sysctl node flags: CTLFLAG_CAPRD and CTLFLAG_CAPRW, which
  may be jointly referenced via the mask CTLFLAG_CAPRW.  Sysctls with these
  flags are available in Capsicum's capability mode; other sysctl nodes are
  not.
  
  Flag several useful sysctls as available in capability mode, such as memory
  layout sysctls required by the run-time linker and malloc(3).  Also expose
  access to randomness and available kernel features.
  
  A few sysctls are enabled to support name->MIB conversion; these may leak
  information to capability mode by virtue of providing resolution on names
  not flagged for access in capability mode.  This is, generally, not a huge
  problem, but might be something to resolve in the future.  Flag these cases
  with XXX comments.
  
  Submitted by:   jonathan
  Sponsored by:   Google, Inc.
  
  Revision  Changes    Path
  1.363     +3 -2      src/sys/kern/kern_exec.c
  1.105     +19 -17    src/sys/kern/kern_mib.c
  1.217     +36 -6     src/sys/kern/kern_sysctl.c
  1.15      +3 -2      src/sys/kern/posix4_mib.c
  1.232     +7 -7      src/sys/kern/subr_smp.c
  1.193     +5 -1      src/sys/sys/sysctl.h