capsicumUmbrella
ActivePublic

Recent Activity

Thu, May 17

oshogbo requested changes to D15289: sandbox jls(8).
Thu, May 17, 10:01 AM · capsicum

Wed, May 16

sg2342_googlemail.com added inline comments to D15289: sandbox jls(8).
Wed, May 16, 2:17 AM · capsicum
sg2342_googlemail.com added inline comments to D15289: sandbox jls(8).
Wed, May 16, 1:56 AM · capsicum

Sat, May 12

sg2342_googlemail.com updated the diff for D15289: sandbox jls(8).

fix RESCUE: include lib/libjail/jail.c in librescure if necessary

Sat, May 12, 12:57 AM · capsicum

Fri, May 11

sg2342_googlemail.com updated the diff for D15289: sandbox jls(8).

cap_jail.c: improve allocation and error handling in service command

Fri, May 11, 3:14 PM · capsicum
sg2342_googlemail.com updated the diff for D15289: sandbox jls(8).

cap_sysctl.c: resolve names to mibs when limits are set.

Fri, May 11, 3:36 AM · capsicum
sg2342_googlemail.com added inline comments to D15289: sandbox jls(8).
Fri, May 11, 2:12 AM · capsicum
sg2342_googlemail.com updated the diff for D15289: sandbox jls(8).
  • rename cap_jail_get -> cap_jail and system.cap_jail_get -> system.cap_jail
  • cap_jail:
    • fix copyright
    • add man page
  • cap_jail.c:
    • style(9) changes
    • use dnvlist_* in service command
    • split nvlist -> iov function in two: nvl_to_iov_s is used by the service and makes sure there is space before memcpy
  • jls.c: use caph_enter_casper
  • cap_sysctl.c: style
  • cap_sysclt.3: reference sysctl(3)
Fri, May 11, 1:30 AM · capsicum

Thu, May 10

oshogbo added a comment to D15289: sandbox jls(8).

WOW! Thank you for working on that!

Thu, May 10, 7:25 AM · capsicum
sg2342_googlemail.com updated the diff for D15289: sandbox jls(8).

I removed to kernel changes and used libcasper to obtain sysctl and jail_get functionality needed for jls(1).

Thu, May 10, 2:13 AM · capsicum

Sat, May 5

oshogbo requested changes to D15289: sandbox jls(8).

Please use libcasper(3) to obtain valid sysctl.

Sat, May 5, 10:38 AM · capsicum

Fri, May 4

sg2342_googlemail.com updated the diff for D15289: sandbox jls(8).

caph_cache_catpages(3) before cap_enter(2)

Fri, May 4, 2:56 AM · capsicum
allanjude added a reviewer for D15289: sandbox jls(8): capsicum.
Fri, May 4, 1:38 AM · capsicum
sg2342_googlemail.com created D15289: sandbox jls(8).
Fri, May 4, 1:25 AM · capsicum

Thu, May 3

sg2342_googlemail.com added a watcher for capsicum: sg2342_googlemail.com.
Thu, May 3, 9:53 PM

Mon, Apr 30

emaste closed D15221: Disable connectat/bindat with AT_FDCWD parameter in capabilities mode.
Mon, Apr 30, 5:31 PM · capsicum
emaste added a comment to D15221: Disable connectat/bindat with AT_FDCWD parameter in capabilities mode.

connectat/bindat description updated in rS333119

Mon, Apr 30, 5:16 PM · capsicum
domagoj.stolfa_gmail.com accepted D15221: Disable connectat/bindat with AT_FDCWD parameter in capabilities mode.

Had a quick skim, but LGTM.

Mon, Apr 30, 4:05 PM · capsicum

Sat, Apr 28

emaste updated subscribers of D15221: Disable connectat/bindat with AT_FDCWD parameter in capabilities mode.

Thank you, I will try to review soon and have added some other Capsicum folks.

Sat, Apr 28, 12:40 PM · capsicum
jan.kokemueller_gmail.com created D15221: Disable connectat/bindat with AT_FDCWD parameter in capabilities mode.
Sat, Apr 28, 6:09 AM · capsicum

Mar 17 2018

shubhg_iitk.ac.in added a watcher for capsicum: shubhg_iitk.ac.in.
Mar 17 2018, 2:54 PM

Oct 28 2017

oshogbo closed D8754: Convert ping to use libcaspermock when Casper is disabled..
Oct 28 2017, 7:39 PM · capsicum
oshogbo closed D8753: Introduce libcaspermock.
Oct 28 2017, 7:24 PM · capsicum

Oct 12 2017

bdrewery added a comment to D8753: Introduce libcaspermock.

From in-person working group session, a suggestion to rename libcasper.h to libcasper.h.in and run unifdef on it during install.

% cat example.h.in
// example header file
#ifdef WITH_CASPER
// casper version
#else
// non-casper version
#endif

% unifdef -UWITH_CASPER -o example.h example.h.in
% cat example.h                                  
// example header file
// non-casper version

% unifdef -DWITH_CASPER -o example.h example.h.in
% cat example.h                                  
// example header file
// casper version
Oct 12 2017, 8:13 PM · capsicum

Sep 22 2017

emaste added a comment to D8753: Introduce libcaspermock.

From in-person working group session, a suggestion to rename libcasper.h to libcasper.h.in and run unifdef on it during install.

Sep 22 2017, 1:15 PM · capsicum

Sep 21 2017

oshogbo updated the diff for D8753: Introduce libcaspermock.

As discussed with emaste@ I commited the changes regarding the stabilization of the ifdefs name in separate commit (r323866). This should make diff a little bit smaller.

Sep 21 2017, 2:44 PM · capsicum
ed accepted D8754: Convert ping to use libcaspermock when Casper is disabled..
Sep 21 2017, 2:08 PM · capsicum
ed accepted D8753: Introduce libcaspermock.
Sep 21 2017, 2:05 PM · capsicum
emaste accepted D8754: Convert ping to use libcaspermock when Casper is disabled..
Sep 21 2017, 1:43 PM · capsicum

Sep 17 2017

oshogbo added inline comments to D8753: Introduce libcaspermock.
Sep 17 2017, 10:14 AM · capsicum
oshogbo updated the diff for D8753: Introduce libcaspermock.
Sep 17 2017, 10:14 AM · capsicum

Aug 25 2017

emaste added inline comments to D8753: Introduce libcaspermock.
Aug 25 2017, 1:42 PM · capsicum

Aug 16 2017

oshogbo added inline comments to D8753: Introduce libcaspermock.
Aug 16 2017, 6:42 PM · capsicum
oshogbo updated the diff for D8753: Introduce libcaspermock.

Update with -U9999.

Aug 16 2017, 6:40 PM · capsicum

Aug 15 2017

cem accepted D8754: Convert ping to use libcaspermock when Casper is disabled..
Aug 15 2017, 6:21 PM · capsicum
cem added a comment to D8753: Introduce libcaspermock.

Would you please upload a diff with full context (-U9999)? Thanks.

Aug 15 2017, 6:17 PM · capsicum

Aug 10 2017

oshogbo updated the diff for D8754: Convert ping to use libcaspermock when Casper is disabled..

Update to new libcasper version.

Aug 10 2017, 5:42 PM · capsicum
oshogbo updated the diff for D8753: Introduce libcaspermock.

Hi Guys :)

Aug 10 2017, 5:41 PM · capsicum

Jul 8 2017

lwhsu added a watcher for capsicum: lwhsu.
Jul 8 2017, 11:11 PM

Feb 18 2017

bkidney_briankidney.ca added a watcher for capsicum: bkidney_briankidney.ca.
Feb 18 2017, 12:52 AM

Jan 20 2017

tommi.pernila_iki.fi added a watcher for capsicum: tommi.pernila_iki.fi.
Jan 20 2017, 12:08 PM

Dec 16 2016

ed added a comment to D8753: Introduce libcaspermock.

Maybe what I'm about to say is blasphemy in our circles, but it looks like this tries to solve a problem that an object oriented programming language with virtual functions (C++) could easily solve. libcasper's header file would provide declarations for abstract base classes for all sorts of handles. Then there are two implementations of these classes: one that acts as a no-op and one that is actually built on top of Capsicum. That way there is no need to resort to linker tricks.

Dec 16 2016, 9:27 PM · capsicum

Dec 15 2016

bapt added a comment to D8753: Introduce libcaspermock.

I don't really much like this approach, plus there is a high risk to have libcaspermock and libcasper out of sync

Dec 15 2016, 10:29 PM · capsicum

Dec 12 2016

robak closed D8543: Capsicumise dd by committing rS309921: Fix regression when stdin/out/err fds are are overridden by shell..
Dec 12 2016, 6:56 PM · capsicum
kib closed D8746: Enable lookup_cap_dotdot and lookup_cap_dotdot_nonlocal by default. by committing rS309887: Enable lookup_cap_dotdot and lookup_cap_dotdot_nonlocal..
Dec 12 2016, 11:12 AM · capsicum
ngie accepted D8543: Capsicumise dd.

The changes proposed seem ok, in so long as it addresses the regression I reported on svn-src-all@.

Dec 12 2016, 9:18 AM · capsicum
ngie reopened D8543: Capsicumise dd.
Dec 12 2016, 9:17 AM · capsicum
robak added a comment to D8543: Capsicumise dd.

@ngie Thoughts? I'd like to commit this and move on to other things, so review/approval is highly appreciated.

Dec 12 2016, 9:06 AM · capsicum
cem added a comment to D8753: Introduce libcaspermock.

The only situation I can think of where you would like to have two libraries is when you would install something from ports which you don't want to use Casper and your base system is using Casper.

Dec 12 2016, 7:29 AM · capsicum
oshogbo added a comment to D8753: Introduce libcaspermock.

The behavior of few functions are a little bit different libcasper and libcaspermock but this still could be merged somehow.
The only situation I can think of where you would like to have two libraries is when you would install something from ports which you don't want to use Casper and your base system is using Casper.

Dec 12 2016, 7:20 AM · capsicum