Author: jonathan
Date: Sat Jul 2 15:41:22 2011
New Revision: 223723
URL: http://svn.freebsd.org/changeset/base/223723
Log:
Define the CAPABILITIES kernel option.
This option will enable Capsicum capabilities, which provide a fine-grained
mask on operations that can be performed on file descriptors.
Approved by: mentor (rwatson), re (Capsicum blanket ok)
Sponsored by: Google Inc
Modified:
head/sys/conf/NOTES
head/sys/conf/options
Modified: head/sys/conf/NOTES
==============================================================================
--- head/sys/conf/NOTES Sat Jul 2 13:54:20 2011 (r223722)
+++ head/sys/conf/NOTES Sat Jul 2 15:41:22 2011 (r223723)
@@ -1162,7 +1162,8 @@ options MAC_STUB
options MAC_TEST
# Support for Capsicum
-options CAPABILITY_MODE
+options CAPABILITIES # fine-grained rights on file descriptors
+options CAPABILITY_MODE # sandboxes with no global namespace access
�
#####################################################################
Modified: head/sys/conf/options
==============================================================================
--- head/sys/conf/options Sat Jul 2 13:54:20 2011 (r223722)
+++ head/sys/conf/options Sat Jul 2 15:41:22 2011 (r223723)
@@ -63,6 +63,7 @@ SYSCTL_DEBUG opt_sysctl.h
ADAPTIVE_LOCKMGRS
ALQ
AUDIT opt_global.h
+CAPABILITIES opt_capsicum.h
CAPABILITY_MODE opt_capsicum.h
CODA_COMPAT_5 opt_coda.h
COMPAT_43 opt_compat.h
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "[email protected]"
