Remove "capability mode sandbox enabled" messages.
ClosedPublic
Actions

Authored by brooks on May 4 2015, 3:55 PM.

Details

Reviewers

pjd
rwatson

Commits

rS283122: MFC r282436 (the portion that makes sense):
rS282436: Remove "capability mode sandbox enabled" messages.

Summary

These messages serve little purpose and break some scripts:

PR: 199855
Sponsored by: DARPA, AFRL

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

brooks updated this revision to Diff 5177.May 4 2015, 3:55 PM

brooks retitled this revision from to Remove "capability mode sandbox enabled" messages..

brooks updated this object.

brooks edited the test plan for this revision. (Show Details)

brooks added reviewers: pjd, rwatson.

Herald added a subscriber: imp. · View Herald TranscriptMay 4 2015, 3:55 PM

I'll submit the tcpdump change upstream after this goes in.

Seems reasonable to me. I'd rather take sandboxing for granted and not have output. An interesting question, of course, is whether we want a more mature policy than "Is Capsicum compiled into the kernel?" to control whether to fail stop if sandboxing fails. My intuition is that the status quo is fine there -- i.e., that if Capsicum is present we expect to be in a sandbox, and if not, we don't. You could imagine some sort of assert_cap_sandboxed() but I'm also not convinced that adds anything over the current check on the cap_enter() return value.

This revision is now accepted and ready to land.May 4 2015, 4:08 PM

Closed by commit rS282436: Remove "capability mode sandbox enabled" messages. (authored by brooks). · Explain WhyMay 4 2015, 9:45 PM

This revision was automatically updated to reflect the committed changes.