Date: Tue, 1 Mar 2011 10:21:02 -0500 From: John Baldwin <jhb@freebsd.org> To: Robert Watson <rwatson@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r219129 - in head/sys: compat/freebsd32 conf kern sys Message-ID: <201103011021.02651.jhb@freebsd.org> In-Reply-To: <201103011323.p21DNbau027743@svn.freebsd.org> References: <201103011323.p21DNbau027743@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday, March 01, 2011 8:23:37 am Robert Watson wrote: > Author: rwatson > Date: Tue Mar 1 13:23:37 2011 > New Revision: 219129 > URL: http://svn.freebsd.org/changeset/base/219129 > > Log: > Add initial support for Capsicum's Capability Mode to the FreeBSD kernel, > compiled conditionally on options CAPABILITIES: > > Add a new credential flag, CRED_FLAG_CAPMODE, which indicates that a > subject (typically a process) is in capability mode. > > Add two new system calls, cap_enter(2) and cap_getmode(2), which allow > setting and querying (but never clearing) the flag. > > Export the capability mode flag via process information sysctls. > > Sponsored by: Google, Inc. > Reviewed by: anderson > Discussed with: benl, kris, pjd > Obtained from: Capsicum Project > MFC after: 3 months > > Added: > head/sys/kern/sys_capability.c (contents, props changed) > Modified: > head/sys/compat/freebsd32/syscalls.master > head/sys/conf/NOTES > head/sys/conf/options > head/sys/kern/kern_proc.c > head/sys/kern/syscalls.master > head/sys/sys/ucred.h > head/sys/sys/user.h Looks like head/sys/sys/capability.h wasn't added by accident? -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201103011021.02651.jhb>