Changeset View
Changeset View
Standalone View
Standalone View
sys/kern/capabilities.conf
| Show All 23 Lines | |||||
| ## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
| ## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
| ## OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ## OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
| ## SUCH DAMAGE. | ## SUCH DAMAGE. | ||||
| ## | ## | ||||
| ## List of system calls enabled in capability mode, one name per line. | ## List of system calls enabled in capability mode, one name per line. | ||||
| ## | ## | ||||
| ## Notes: | ## Notes: | ||||
| ## - sys_exit(2), abort2(2) and close(2) are very important. | ## - exit(2), abort2(2) and close(2) are very important. | ||||
kib: What about compat/freebsd32/capabilities.conf ? | |||||
| ## - Sorted alphabetically, please keep it that way. | ## - Sorted alphabetically, please keep it that way. | ||||
| ## | ## | ||||
| ## $FreeBSD$ | ## $FreeBSD$ | ||||
| ## | ## | ||||
| ## | ## | ||||
| ## Allow ACL and MAC label operations by file descriptor, subject to | ## Allow ACL and MAC label operations by file descriptor, subject to | ||||
| ## capability rights. Allow MAC label operations on the current process but | ## capability rights. Allow MAC label operations on the current process but | ||||
| ▲ Show 20 Lines • Show All 645 Lines • ▼ Show 20 Lines | |||||
| sstk | sstk | ||||
| ## | ## | ||||
| ## Do allow sync(2) for now, but possibly shouldn't. | ## Do allow sync(2) for now, but possibly shouldn't. | ||||
| ## | ## | ||||
| sync | sync | ||||
| ## | ## | ||||
| ## Always allow process termination with sys_exit(2). | ## Always allow process termination with exit(2). | ||||
| ## | ## | ||||
| sys_exit | exit | ||||
| ## | ## | ||||
| ## sysarch(2) does rather diverse things, but is required on at least i386 | ## sysarch(2) does rather diverse things, but is required on at least i386 | ||||
| ## in order to configure per-thread data. As such, it's scoped on each | ## in order to configure per-thread data. As such, it's scoped on each | ||||
| ## architecture. | ## architecture. | ||||
| ## | ## | ||||
| sysarch | sysarch | ||||
| ▲ Show 20 Lines • Show All 48 Lines • Show Last 20 Lines | |||||
What about compat/freebsd32/capabilities.conf ?