From owner-svn-src-all@FreeBSD.ORG  Wed Jun 29 13:03:05 2011
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 92D80106566B;
	Wed, 29 Jun 2011 13:03:05 +0000 (UTC)
	(envelope-from jonathan@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 817768FC12;
	Wed, 29 Jun 2011 13:03:05 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p5TD358B098446;
	Wed, 29 Jun 2011 13:03:05 GMT
	(envelope-from jonathan@svn.freebsd.org)
Received: (from jonathan@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id p5TD35nf098438;
	Wed, 29 Jun 2011 13:03:05 GMT
	(envelope-from jonathan@svn.freebsd.org)
Message-Id: <201106291303.p5TD35nf098438@svn.freebsd.org>
From: Jonathan Anderson <jonathan@FreeBSD.org>
Date: Wed, 29 Jun 2011 13:03:05 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r223668 - in head/sys: amd64/amd64 arm/arm conf
	i386/i386 kern
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2011 13:03:05 -0000

Author: jonathan
Date: Wed Jun 29 13:03:05 2011
New Revision: 223668
URL: http://svn.freebsd.org/changeset/base/223668

Log:
  We may split today's CAPABILITIES into CAPABILITY_MODE (which has
  to do with global namespaces) and CAPABILITIES (which has to do with
  constraining file descriptors). Just in case, and because it's a better
  name anyway, let's move CAPABILITIES out of the way.
  
  Also, change opt_capabilities.h to opt_capsicum.h; for now, this will
  only hold CAPABILITY_MODE, but it will probably also hold the new
  CAPABILITIES (implying constrained file descriptors) in the future.
  
  Approved by: rwatson
  Sponsored by: Google UK Ltd

Modified:
  head/sys/amd64/amd64/sys_machdep.c
  head/sys/arm/arm/sys_machdep.c
  head/sys/conf/NOTES
  head/sys/conf/options
  head/sys/i386/i386/sys_machdep.c
  head/sys/kern/subr_trap.c
  head/sys/kern/sys_capability.c

Modified: head/sys/amd64/amd64/sys_machdep.c
==============================================================================
--- head/sys/amd64/amd64/sys_machdep.c	Wed Jun 29 13:01:10 2011	(r223667)
+++ head/sys/amd64/amd64/sys_machdep.c	Wed Jun 29 13:03:05 2011	(r223668)
@@ -33,7 +33,7 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
-#include "opt_capabilities.h"
+#include "opt_capsicum.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -180,7 +180,7 @@ sysarch(td, uap)
 	uint64_t a64base;
 	struct i386_ioperm_args iargs;
 
-#ifdef CAPABILITIES
+#ifdef CAPABILITY_MODE
 	/*
 	 * Whitelist of operations which are safe enough for capability mode.
 	 */

Modified: head/sys/arm/arm/sys_machdep.c
==============================================================================
--- head/sys/arm/arm/sys_machdep.c	Wed Jun 29 13:01:10 2011	(r223667)
+++ head/sys/arm/arm/sys_machdep.c	Wed Jun 29 13:03:05 2011	(r223668)
@@ -36,7 +36,7 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
-#include "opt_capabilities.h"
+#include "opt_capsicum.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -107,7 +107,7 @@ sysarch(td, uap)
 {
 	int error;
 
-#ifdef CAPABILITIES
+#ifdef CAPABILITY_MODE
 	/*
 	 * Whitelist of operations which are safe enough for capability mode.
 	 */

Modified: head/sys/conf/NOTES
==============================================================================
--- head/sys/conf/NOTES	Wed Jun 29 13:01:10 2011	(r223667)
+++ head/sys/conf/NOTES	Wed Jun 29 13:03:05 2011	(r223668)
@@ -1162,7 +1162,7 @@ options 	MAC_STUB
 options 	MAC_TEST
 
 # Support for Capsicum
-options 	CAPABILITIES
+options 	CAPABILITY_MODE
 
 
 #####################################################################

Modified: head/sys/conf/options
==============================================================================
--- head/sys/conf/options	Wed Jun 29 13:01:10 2011	(r223667)
+++ head/sys/conf/options	Wed Jun 29 13:03:05 2011	(r223668)
@@ -63,7 +63,7 @@ SYSCTL_DEBUG	opt_sysctl.h
 ADAPTIVE_LOCKMGRS
 ALQ
 AUDIT		opt_global.h
-CAPABILITIES	opt_capabilities.h
+CAPABILITY_MODE	opt_capsicum.h
 CODA_COMPAT_5	opt_coda.h
 COMPAT_43	opt_compat.h
 COMPAT_43TTY	opt_compat.h

Modified: head/sys/i386/i386/sys_machdep.c
==============================================================================
--- head/sys/i386/i386/sys_machdep.c	Wed Jun 29 13:01:10 2011	(r223667)
+++ head/sys/i386/i386/sys_machdep.c	Wed Jun 29 13:03:05 2011	(r223668)
@@ -32,7 +32,7 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
-#include "opt_capabilities.h"
+#include "opt_capsicum.h"
 #include "opt_kstack_pages.h"
 
 #include <sys/param.h>
@@ -111,7 +111,7 @@ sysarch(td, uap)
 
 	AUDIT_ARG_CMD(uap->op);
 
-#ifdef CAPABILITIES
+#ifdef CAPABILITY_MODE
 	/*
 	 * Whitelist of operations which are safe enough for capability mode.
 	 */

Modified: head/sys/kern/subr_trap.c
==============================================================================
--- head/sys/kern/subr_trap.c	Wed Jun 29 13:01:10 2011	(r223667)
+++ head/sys/kern/subr_trap.c	Wed Jun 29 13:03:05 2011	(r223668)
@@ -44,7 +44,7 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
-#include "opt_capabilities.h"
+#include "opt_capsicum.h"
 #include "opt_ktrace.h"
 #include "opt_kdtrace.h"
 #include "opt_sched.h"
@@ -313,7 +313,7 @@ syscallenter(struct thread *td, struct s
 				goto retval;
 		}
 
-#ifdef CAPABILITIES
+#ifdef CAPABILITY_MODE
 		/*
 		 * In capability mode, we only allow access to system calls
 		 * flagged with SYF_CAPENABLED.

Modified: head/sys/kern/sys_capability.c
==============================================================================
--- head/sys/kern/sys_capability.c	Wed Jun 29 13:01:10 2011	(r223667)
+++ head/sys/kern/sys_capability.c	Wed Jun 29 13:03:05 2011	(r223668)
@@ -36,7 +36,7 @@
  *
  */
 
-#include "opt_capabilities.h"
+#include "opt_capsicum.h"
 
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
@@ -59,7 +59,7 @@ __FBSDID("$FreeBSD$");
 #include <vm/uma.h>
 #include <vm/vm.h>
 
-#ifdef CAPABILITIES
+#ifdef CAPABILITY_MODE
 
 FEATURE(security_capabilities, "Capsicum Capability Mode");
 
@@ -99,7 +99,7 @@ cap_getmode(struct thread *td, struct ca
 	return (copyout(&i, uap->modep, sizeof(i)));
 }
 
-#else /* !CAPABILITIES */
+#else /* !CAPABILITY_MODE */
 
 int
 cap_enter(struct thread *td, struct cap_enter_args *uap)
@@ -115,4 +115,4 @@ cap_getmode(struct thread *td, struct ca
 	return (ENOSYS);
 }
 
-#endif /* CAPABILITIES */
+#endif /* CAPABILITY_MODE */