Page MenuHomeFreeBSD
Differential D24118

capabilities.conf: try to clarify what system calls are in here
ClosedPublic
Actions

Authored by emaste on Mar 18 2020, 7:33 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Feb 10, 3:03 AM
Unknown Object (File)
Sat, Feb 8, 7:27 PM
Unknown Object (File)
Wed, Jan 22, 11:31 AM
Unknown Object (File)
Sun, Jan 19, 1:32 PM
Unknown Object (File)
Sep 30 2024, 5:07 PM
Unknown Object (File)
Sep 30 2024, 1:55 PM
Unknown Object (File)
Sep 25 2024, 3:44 AM
Unknown Object (File)
Sep 22 2024, 7:03 AM
View All 31 Files
Subscribers
imp

Details

Reviewers
brooks
rwatson
jhb
csjp
rstone
Commits
rS359451: capabilities.conf: provide information about capmode permitted syscalls

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste created this revision.Mar 18 2020, 7:33 PM
emaste added a reviewer: rstone.
emaste added inline comments.
sys/kern/capabilities.conf
34 ↗(On Diff #69658)

maybe "no purpose, so they are not listed here and not permitted in capability mode."

emaste added inline comments.Mar 18 2020, 7:38 PM
sys/kern/capabilities.conf
31 ↗(On Diff #69658)

by "fully or partially" I'm trying to convey that the system call either never accesses gn or aa (say, close), or internally performs capability mode checks (say, openat). Would be good to have a way to concisely express this.

jhb accepted this revision.Mar 26 2020, 5:50 PM
jhb added inline comments.
sys/kern/capabilities.conf
31 ↗(On Diff #69658)

s/absense/absence/

34 ↗(On Diff #69658)

I would drop the comma after "purpose" and keep the text you have. Maybe add a comma after "In capability mode"

This revision is now accepted and ready to land.Mar 26 2020, 5:50 PM
Closed by commit rS359451: capabilities.conf: provide information about capmode permitted syscalls (authored by emaste). · Explain WhyMar 30 2020, 6:24 PM
This revision was automatically updated to reflect the committed changes.
emaste added a commit: rS359451: capabilities.conf: provide information about capmode permitted syscalls.
Herald added a subscriber: imp. · View Herald TranscriptMar 30 2020, 6:24 PM

Revision Contents
Changeset List

PathSize
head/
sys/
kern/
5 lines

Diff 70010

View Options

head/sys/kern/capabilities.conf

Loading...