Previously open(2) was allowed in capability mode, with a comment that suggested this was likely the case to facilitate debugging. The system would still fail, but it's better to disallow the syscall altogether. We can now use the kern.trap_enotcap sysctl to aid in debugging.
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Sounds plausible, but I do wonder if the sysctl is currently a sufficient mature way to enable application development. Enabling it requires root, so it's not directly usable by end users on multiuser systems, and it also has global scope rather than just affecting applications that the developer is working on, which could change failure modes for a range of applications (such as desktop applications) that the developer has no interest in debugging and fixing. Is there some other mechanism we can add -- e.g., using ptrace(2) -- or setting an environmental variable that causes rtld to itself twiddle a per-process setting, that might offer a better real-world debugging experience?
proccontrol(2) PROC_TRAPCAP_CTL and proccontrol(8) -m trapcap (the utility does not have a man page still).