Changeset View
Changeset View
Standalone View
Standalone View
head/sys/kern/capabilities.conf
Show First 20 Lines • Show All 457 Lines • ▼ Show 20 Lines | |||||
## Allow entry into open(2). This system call will fail, since access to the | ## Allow entry into open(2). This system call will fail, since access to the | ||||
## global file namespace has been disallowed, but allowing entry into the | ## global file namespace has been disallowed, but allowing entry into the | ||||
## syscall means that an audit trail will be generated (which is also very | ## syscall means that an audit trail will be generated (which is also very | ||||
## useful for debugging). | ## useful for debugging). | ||||
## | ## | ||||
open | open | ||||
## | ## | ||||
## Allow poll(2), which will be scoped by capability rights. | |||||
## | |||||
## XXXRW: Perhaps we don't need the OpenBSD version? | |||||
## XXXRW: We don't yet do that scoping. | |||||
## | |||||
openbsd_poll | |||||
## | |||||
## Process descriptor-related system calls are allowed. | ## Process descriptor-related system calls are allowed. | ||||
## | ## | ||||
pdfork | pdfork | ||||
pdgetpid | pdgetpid | ||||
pdkill | pdkill | ||||
#pdwait4 # not yet implemented | #pdwait4 # not yet implemented | ||||
## | ## | ||||
▲ Show 20 Lines • Show All 268 Lines • Show Last 20 Lines |