Sat, Oct 28
Oct 12 2017
Sep 22 2017
From in-person working group session, a suggestion to rename libcasper.h to libcasper.h.in and run unifdef on it during install.
Sep 21 2017
As discussed with emaste@ I commited the changes regarding the stabilization of the ifdefs name in separate commit (r323866). This should make diff a little bit smaller.
Sep 17 2017
Aug 25 2017
Aug 16 2017
Update with -U9999.
Aug 15 2017
Would you please upload a diff with full context (-U9999)? Thanks.
Aug 10 2017
Update to new libcasper version.
Hi Guys :)
Jul 8 2017
Feb 18 2017
Jan 20 2017
Dec 16 2016
Maybe what I'm about to say is blasphemy in our circles, but it looks like this tries to solve a problem that an object oriented programming language with virtual functions (C++) could easily solve. libcasper's header file would provide declarations for abstract base classes for all sorts of handles. Then there are two implementations of these classes: one that acts as a no-op and one that is actually built on top of Capsicum. That way there is no need to resort to linker tricks.
Dec 15 2016
I don't really much like this approach, plus there is a high risk to have libcaspermock and libcasper out of sync
Dec 12 2016
The changes proposed seem ok, in so long as it addresses the regression I reported on svn-src-all@.
@ngie Thoughts? I'd like to commit this and move on to other things, so review/approval is highly appreciated.
The behavior of few functions are a little bit different libcasper and libcaspermock but this still could be merged somehow.
The only situation I can think of where you would like to have two libraries is when you would install something from ports which you don't want to use Casper and your base system is using Casper.
Why do we need a separate library for this? Why not just turn MK_CASPER=no into the equivalent of cap_enable() -> false?
Dec 11 2016
Example of usage: https://reviews.freebsd.org/D8754
For local dotdot lookups in capsicum mode, I think it will be very easy to add some unit tests confirming correct behavior.
Dec 10 2016
Fix regression when stdin/out/err fds are are overridden by shell.
Found by Kyua tests.
Dec 9 2016
Guys, are we happy with the state of things? I am keen to commit it, given relevant approval is provided.
Dec 7 2016
Update diff with one that survived building head@r309672:
- buildword && buildkernel on FreeBSD 10.3-R i386
- universe on FreeBSD 11.0-R amd64