Changeset View
Changeset View
Standalone View
Standalone View
sys/kern/capabilities.conf
| Show All 22 Lines | |||||
| ## OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ## OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
| ## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
| ## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
| ## OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ## OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
| ## SUCH DAMAGE. | ## SUCH DAMAGE. | ||||
| ## | ## | ||||
| ## List of system calls enabled in capability mode, one name per line. | ## List of system calls enabled in capability mode, one name per line. | ||||
| ## | ## | ||||
| ## System calls listed here operate either fully or partially in the absense | |||||
emaste: by "fully or partially" I'm trying to convey that the system call either never accesses gn or… | |||||
jhbUnsubmitted Not Done Inline Actionss/absense/absence/ jhb: s/absense/absence/ | |||||
| ## of global namespaces or ambient authority. In capability mode system calls | |||||
| ## that operate only on global namespaces or require ambient authority have no | |||||
| ## purpose, and are not permitted. | |||||
emasteAuthorUnsubmitted Done Inline Actionsmaybe "no purpose, so they are not listed here and not permitted in capability mode." emaste: maybe "no purpose, so they are not listed here and not permitted in capability mode." | |||||
jhbUnsubmitted Not Done Inline ActionsI would drop the comma after "purpose" and keep the text you have. Maybe add a comma after "In capability mode" jhb: I would drop the comma after "purpose" and keep the text you have. Maybe add a comma after "In… | |||||
| ## | |||||
| ## Notes: | ## Notes: | ||||
| ## - sys_exit(2), abort2(2) and close(2) are very important. | ## - sys_exit(2), abort2(2) and close(2) are very important. | ||||
| ## - Sorted alphabetically, please keep it that way. | ## - Sorted alphabetically, please keep it that way. | ||||
| ## | ## | ||||
| ## $FreeBSD$ | ## $FreeBSD$ | ||||
| ## | ## | ||||
| ## | ## | ||||
| ▲ Show 20 Lines • Show All 725 Lines • Show Last 20 Lines | |||||
by "fully or partially" I'm trying to convey that the system call either never accesses gn or aa (say, close), or internally performs capability mode checks (say, openat). Would be good to have a way to concisely express this.