Change Details

This change takes capsicum-test from upstream [1] and applies some local changes to make the openat test pass on FreeBSD, as well as make the test execute using an absolute path. The former local change is under discussion: I favored my solution for the time being [2], but @drysdale_google.com is proposing an alternate solution [3]; the latter change--to make capsicum-test pass when executed via an absolute path--has been submitted upstream [4]. 1. https://github.com/google/capsicum-test 2. https://github.com/google/capsicum-test/pull/35/ 3. https://github.com/google/capsicum-test/pull/40/ 4. https://github.com/google/capsicum-test/pull/41/ TODO: conditionalize running capsicum-test on CAPABILITIES-enabled kernels, as some downstream consumers, e.g., Netflix, don't seem to run CAPABILITIES-enabled kernels. MFC after: 1 month

This change takes capsicum-test from upstream [1] and applies some local changes to make the openat test pass on FreeBSD, as well as make the test execute using an absolute path. The former local change is under discussion: I favored my solution for the time being [2], but @drysdale_google.com is proposing an alternate solution [3]; the latter change--to make capsicum-test pass when executed via an absolute path--has been submitted upstream [4]. 1. https://github.com/google/capsicum-test 2. https://github.com/google/capsicum-test/pull/35/ 3. https://github.com/google/capsicum-test/pull/40/ 4. https://github.com/google/capsicum-test/pull/41/ This change requires D19755 and D19756. TODO: conditionalize running capsicum-test on CAPABILITIES-enabled kernels, as some downstream consumers, e.g., Netflix, don't seem to run CAPABILITIES-enabled kernels. MFC after: 1 month

This change takes capsicum-test from upstream [1] and applies some local changes to make the openat test pass on FreeBSD, as well as make the test execute using an absolute path. The former local change is under discussion: I favored my solution for the time being [2], but @drysdale_google.com is proposing an alternate solution [3]; the latter change--to make capsicum-test pass when executed via an absolute path--has been submitted upstream [4]. 1. https://github.com/google/capsicum-test 2. https://github.com/google/capsicum-test/pull/35/ 3. https://github.com/google/capsicum-test/pull/40/ 4. https://github.com/google/capsicum-test/pull/41/ This change requires D19755 and D19756. TODO: conditionalize running capsicum-test on CAPABILITIES-enabled kernels, as some downstream consumers, e.g., Netflix, don't seem to run CAPABILITIES-enabled kernels. MFC after: 1 month