Date: Mon, 10 Mar 2014 10:46:09 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Robert Watson <rwatson@FreeBSD.org> Cc: svn-src-stable@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-stable-10@freebsd.org, John Baldwin <jhb@freebsd.org> Subject: Re: svn commit: r262566 - in stable/10: crypto/openssh crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-comp... Message-ID: <864n36e68u.fsf@nine.des.no> In-Reply-To: <alpine.BSF.2.00.1403091446330.42045@fledge.watson.org> (Robert Watson's message of "Sun, 9 Mar 2014 14:49:14 %2B0000 (GMT)") References: <201402271729.s1RHT2rx075258@svn.freebsd.org> <201403031536.33679.jhb@freebsd.org> <alpine.BSF.2.00.1403091446330.42045@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson <rwatson@FreeBSD.org> writes: > Most userspace tools that support Capsicum will explicitly test for a > kernel generating ENOSYS due to non-support and 'fail open' by not > using sandboxing. That strategy becomes more complex as applications > become more complex, and in the long term we'll want to move away from > conditional support. In the mean time, I'd generally recommend that > any code being used on 9.x support runtime detection of Capsicum -- > either via feature_is_present(3) or ENOSYS back from cap_enter(). The > ugly bit is whether or not to use other sandboxing techniques (e.g., > chroot()) if Capsicum can't be found, since that stuff tends to be > pretty messy. In this particular case, we fall back to essentially the same mechanism as without Capsicum, i.e. setrlimit(2). And we're talking 10 / 11, not 9... DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?864n36e68u.fsf>