On 2014-01-30 at 15:52 +0100, W.C.A. Wijngaards wrote: > From FreeBSD documentation I learned that this errno indicates that > the capabilities associated with a socket did not permit an operation > to be performed. One of the capabilities is the capability to use the > kqueue socket for kqueue polling. But no doubt there are also other > capabilities. It says capabilities can be reduced but not expanded by > the program. This is great, but why does a particular fd have its > capabilities reduced (unbound does not mess with socket capabilities)? > > I have no idea why the capability reduction happens. ktrace is > probably too expensive in its logging fervor?
This is the Capsicum capabilities system; a lot more is available to read at: http://www.cl.cam.ac.uk/research/security/capsicum/ Man-pages specific to the new capabilities system are: http://www.freebsd.org/cgi/man.cgi?query=capsicum&sektion=4 http://www.freebsd.org/cgi/man.cgi?query=rights&sektion=4 and a bunch more linked therefrom. The full list of capabilities in the rights(4) manpage, URL just above. (I haven't looked into this specific issue, just know some background which _might_ be useful). _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
