Author: kib Date: Tue Sep 27 11:31:53 2016 New Revision: 306366 URL: https://svnweb.freebsd.org/changeset/base/306366
Log: Editing fixes for r306257, documentation for trapcap. Suggested by: wblock Discussed with: jilles Reviewed by: cem (previous version) Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D8023 Modified: head/lib/libc/sys/cap_enter.2 head/lib/libc/sys/procctl.2 Modified: head/lib/libc/sys/cap_enter.2 ============================================================================== --- head/lib/libc/sys/cap_enter.2 Tue Sep 27 10:26:39 2016 (r306365) +++ head/lib/libc/sys/cap_enter.2 Tue Sep 27 11:31:53 2016 (r306366) @@ -28,7 +28,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 22, 2016 +.Dd September 27, 2016 .Dt CAP_ENTER 2 .Os .Sh NAME @@ -72,15 +72,15 @@ sandbox. .Sh RUN-TIME SETTINGS If the .Dv kern.trap_enocap -sysctl MIB is set to non-zero value, then for any process executing in a +sysctl MIB is set to a non-zero value, then for any process executing in a capability mode sandbox, any syscall which results in either .Er ENOTCAPABLE or .Er ECAPMODE -error, also generates the synchronous +error also generates the synchronous .Dv SIGTRAP signal to the thread on the syscall return. -On the signal delivery, the +On signal delivery, the .Va si_errno member of the .Fa siginfo Modified: head/lib/libc/sys/procctl.2 ============================================================================== --- head/lib/libc/sys/procctl.2 Tue Sep 27 10:26:39 2016 (r306365) +++ head/lib/libc/sys/procctl.2 Tue Sep 27 11:31:53 2016 (r306366) @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 22, 2016 +.Dd September 27, 2016 .Dt PROCCTL 2 .Os .Sh NAME @@ -328,14 +328,17 @@ If a debugger is attached, .Fa data is set to the pid of the debugger process. .It Dv PROC_TRAPCAP_CTL -Enable or disable, for the specified processes which are executing in a -capability mode sandbox, the synchronous -.Dv SIGTRAP -signal on return from any syscall which gives either +Controls the capability mode sandbox actions for the specified +sandboxed processes, +on a return from any syscall which gives either a .Er ENOTCAPABLE or .Er ECAPMODE error. +If the control is enabled, such errors from the syscalls cause +delivery of the synchronous +.Dv SIGTRAP +signal to the thread immediately before returning from the syscalls. .Pp Possible values for the .Fa data @@ -353,7 +356,8 @@ calls. Disable the signal delivery on capability mode access violations. Note that the global sysctl .Dv kern.trap_enocap -might still cause the signal to be delivered; see +might still cause the signal to be delivered. +See .Xr capsicum 4 . .El .Pp @@ -371,7 +375,7 @@ See .Xr capsicum 4 for more information about the capability mode. .It Dv PROC_TRAPCAP_STATUS -Returns the current status of signalling capability mode access +Return the current status of signalling capability mode access violations for the specified process. The integer value pointed to by the .Fa data _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
