Page MenuHomeFreeBSD
Files F136993758

D8023.diff
No OneTemporary
Actions

D8023.diff
View Options

Index: head/lib/libc/sys/cap_enter.2
===================================================================
--- head/lib/libc/sys/cap_enter.2
+++ head/lib/libc/sys/cap_enter.2
@@ -28,7 +28,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd September 22, 2016
+.Dd September 27, 2016
.Dt CAP_ENTER 2
.Os
.Sh NAME
@@ -72,15 +72,15 @@
.Sh RUN-TIME SETTINGS
If the
.Dv kern.trap_enocap
-sysctl MIB is set to non-zero value, then for any process executing in a
+sysctl MIB is set to a non-zero value, then for any process executing in a
capability mode sandbox, any syscall which results in either
.Er ENOTCAPABLE
or
.Er ECAPMODE
-error, also generates the synchronous
+error also generates the synchronous
.Dv SIGTRAP
signal to the thread on the syscall return.
-On the signal delivery, the
+On signal delivery, the
.Va si_errno
member of the
.Fa siginfo
Index: head/lib/libc/sys/procctl.2
===================================================================
--- head/lib/libc/sys/procctl.2
+++ head/lib/libc/sys/procctl.2
@@ -29,7 +29,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd September 22, 2016
+.Dd September 27, 2016
.Dt PROCCTL 2
.Os
.Sh NAME
@@ -328,14 +328,17 @@
.Fa data
is set to the pid of the debugger process.
.It Dv PROC_TRAPCAP_CTL
-Enable or disable, for the specified processes which are executing in a
-capability mode sandbox, the synchronous
-.Dv SIGTRAP
-signal on return from any syscall which gives either
+Controls the capability mode sandbox actions for the specified
+sandboxed processes,
+on a return from any syscall which gives either a
.Er ENOTCAPABLE
or
.Er ECAPMODE
error.
+If the control is enabled, such errors from the syscalls cause
+delivery of the synchronous
+.Dv SIGTRAP
+signal to the thread immediately before returning from the syscalls.
.Pp
Possible values for the
.Fa data
@@ -353,7 +356,8 @@
Disable the signal delivery on capability mode access violations.
Note that the global sysctl
.Dv kern.trap_enocap
-might still cause the signal to be delivered; see
+might still cause the signal to be delivered.
+See
.Xr capsicum 4 .
.El
.Pp
@@ -371,7 +375,7 @@
.Xr capsicum 4
for more information about the capability mode.
.It Dv PROC_TRAPCAP_STATUS
-Returns the current status of signalling capability mode access
+Return the current status of signalling capability mode access
violations for the specified process.
The integer value pointed to by the
.Fa data

File Metadata

Mime Type
text/plain
Expires
Fri, Nov 21, 10:47 PM (45 m, 57 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
25808072
Default Alt Text
D8023.diff (2 KB)

Event Timeline