Date: Tue, 4 Mar 2014 20:49:09 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: John Baldwin <jhb@freebsd.org> Cc: src-committers@freebsd.org, svn-src-stable-10@freebsd.org, svn-src-stable@freebsd.org, svn-src-all@freebsd.org, Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no>, Dimitry Andric <dimitry@andric.com> Subject: Re: svn commit: r262566 - in stable/10: crypto/openssh crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-comp... Message-ID: <20140304194908.GA1672@garage.freebsd.pl> In-Reply-To: <201403041146.57895.jhb@freebsd.org> References: <201402271729.s1RHT2rx075258@svn.freebsd.org> <20140303233839.GD1659@garage.freebsd.pl> <86vbvutkz4.fsf@nine.des.no> <201403041146.57895.jhb@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--9amGYk9869ThD9tj
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Mar 04, 2014 at 11:46:57AM -0500, John Baldwin wrote:
> On Tuesday, March 04, 2014 3:40:47 am Dag-Erling Sm=F8rgrav wrote:
> > Pawel Jakub Dawidek <pjd@FreeBSD.org> writes:
> > > Dimitry Andric <dimitry@andric.com> writes:
> > > > Wouldn't it be enough to merge r261499 ("Fix installations that use
> > > > kernels without CAPABILITIES support") by pjd?
> > > Yes, my change should be definiately merged with OpenSSH merge. If
> > > nobody beats me to it, I should be able to merge it tomorrow.
> >=20
> > Please do. I thought I had included it in the MFC since it was already
> > in head, but I'd forgotten that it had been committed separately.
Xin already did it.
> > BTW, IWBNI there were a cap_available() predicate or something like that
> > which we could check up front, and short-circuit the entire Capsicum
> > part of ssh_sandbox_child() if it failed.
>=20
> If the capsicum code adds a FEATURE(capsicum) macro in the kernel bits, y=
ou=20
> can use 'if (feature_present("capsicum"))' in userland to check.
It does add the following:
FEATURE(security_capability_mode, "Capsicum Capability Mode");
FEATURE(security_capabilities, "Capsicum Capabilities");
--=20
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://mobter.com
--9amGYk9869ThD9tj
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
iEYEARECAAYFAlMWLjQACgkQForvXbEpPzSeuwCfXQE1fHx1MJmmI12wY7dvSJnX
U54AmgKj4YJzti5n+fF2/64Yc8f49gwv
=Jd19
-----END PGP SIGNATURE-----
--9amGYk9869ThD9tj--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140304194908.GA1672>