From owner-cvs-src-old@FreeBSD.ORG  Mon Mar 21 21:32:07 2011
Return-Path: <owner-cvs-src-old@FreeBSD.ORG>
Delivered-To: cvs-src-old@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 75CDB1065746
	for <cvs-src-old@freebsd.org>; Mon, 21 Mar 2011 21:32:07 +0000 (UTC)
	(envelope-from pjd@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 639468FC16
	for <cvs-src-old@freebsd.org>; Mon, 21 Mar 2011 21:32:07 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.4/8.14.4) with ESMTP id p2LLW7rK010712
	for <cvs-src-old@freebsd.org>; Mon, 21 Mar 2011 21:32:07 GMT
	(envelope-from pjd@repoman.freebsd.org)
Received: (from svn2cvs@localhost)
	by repoman.freebsd.org (8.14.4/8.14.4/Submit) id p2LLW7Cv010711
	for cvs-src-old@freebsd.org; Mon, 21 Mar 2011 21:32:07 GMT
	(envelope-from pjd@repoman.freebsd.org)
Message-Id: <201103212132.p2LLW7Cv010711@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to
	pjd@repoman.freebsd.org using -f
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
Date: Mon, 21 Mar 2011 21:31:50 +0000 (UTC)
To: cvs-src-old@freebsd.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sbin/hastctl hastctl.c src/sbin/hastd primary.c
 secondary.c subr.c subr.h
X-BeenThere: cvs-src-old@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the src tree
	<cvs-src-old.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src-old>
List-Post: <mailto:cvs-src-old@freebsd.org>
List-Help: <mailto:cvs-src-old-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2011 21:32:07 -0000

pjd         2011-03-21 21:31:50 UTC

  FreeBSD src repository

  Modified files:
    sbin/hastctl         hastctl.c 
    sbin/hastd           primary.c secondary.c subr.c subr.h 
  Log:
  SVN rev 219847 on 2011-03-21 21:31:50Z by pjd
  
  When dropping privileges prefer capsicum over chroot+setgid+setuid.
  We can use capsicum for secondary worker processes and hastctl.
  When working as primary we drop privileges using chroot+setgid+setuid
  still as we need to send ioctl(2)s to ggate device, for which capsicum
  doesn't allow (yet).
  
  X-MFC after:    capsicum is merged to stable/8
  
  Revision  Changes    Path
  1.10      +1 -2      src/sbin/hastctl/hastctl.c
  1.62      +1 -1      src/sbin/hastd/primary.c
  1.32      +1 -1      src/sbin/hastd/secondary.c
  1.6       +15 -1     src/sbin/hastd/subr.c
  1.4       +1 -1      src/sbin/hastd/subr.h