Change Details

jls(8) is trivially capsicumized (same as yes(1)). However: libjail uses sysctll(3) on the security.jail.param tree (to discover jail parameters) as well as jail_get(2). - CTLFLAG_CAPRD all security.jail.param sysctls - whitelist jail_get in capabilities.conf need to regen sys/kern/init_sysent.c (make sysent)

- casper service system.sysctl was extended to provide a cap_sysctl() function - new casper service system.jail_get provides cap_jail_get function - libjail changed to use these services

jls(8) is trivially capsicumized (same as yes(1)). However: libjail uses sysctll(3) on the security.jail.param tree (to discover jail parameters) as well as jail_get(2).- casper service system.sysctl was extended to provide a cap_sysctl() function - CTLFLAG_CAPRD all security.- new casper service system.jail_get provides cap_jail.param sysctls_get function - whitelist - libjail_get in capabilities.conf ne changed to regen sys/kern/init_sysent.c (make sysent)use these services