These messages serve little purpose and break some scripts:
PR: 199855
Sponsored by: DARPA, AFRL
Differential D2440
Remove "capability mode sandbox enabled" messages. brooks on May 4 2015, 3:55 PM. Authored by Tags None Referenced Files
Subscribers
Details These messages serve little purpose and break some scripts: PR: 199855
Diff Detail
Event TimelineComment Actions Seems reasonable to me. I'd rather take sandboxing for granted and not have output. An interesting question, of course, is whether we want a more mature policy than "Is Capsicum compiled into the kernel?" to control whether to fail stop if sandboxing fails. My intuition is that the status quo is fine there -- i.e., that if Capsicum is present we expect to be in a sandbox, and if not, we don't. You could imagine some sort of assert_cap_sandboxed() but I'm also not convinced that adds anything over the current check on the cap_enter() return value. |