CVSROOT: /cvs
Module name: src
Changes by: d...@cvs.openbsd.org 2011/06/21 19:32:16
Modified files:
sys/dev : systrace.c systrace.h
Log message:
Add a SYSTR_POLICY_KILL per-syscall policy option that sends SIGKILL to
the traced process when the syscall is attempted. This is more useful and
safer for unsupervised sandboxing than returning EPERM (which is the
behaviour of SYSTR_POLICY_NEVER), as this could cause dangerous misbehaviour
in applications that don't expect it.
"I like it" deraadt@ markus@
