Date: Thu, 21 Aug 2008 11:16:19 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 147988 for review Message-ID: <200808211116.m7LBGJtn011876@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=147988 Change 147988 by rwatson@rwatson_freebsd_capabilities on 2008/08/21 11:15:21 Update comment. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#14 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#14 (text+ko) ==== @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#13 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#14 $ */ /* @@ -120,12 +120,13 @@ /* * cap_enter(): Cause the process to enter capability mode, which will * prevent it from directly accessing global namespaces. System calls will - * be limited to those performed on file descriptors, and subject to the - * restrictions imposed by the objects referenced and the rights specified in - * the file descriptor and possibly a protecting capability. If already in - * the capability mode, a no-op. + * be limited to process-local, process-inherited, or file descriptor + * operations. If already in capability mode, a no-op. * - * XXXRW: This isn't implemented yet. + * Currently, process-inherited operations are not properly handled -- in + * particular, we're interested in things like waitpid(2), kill(2), etc, + * being properly constrained. One possible solution is to introduce process + * descriptors. */ int cap_enter(void);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808211116.m7LBGJtn011876>