From owner-svn-src-all@FreeBSD.ORG Tue Mar 4 19:47:21 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 34F0D276; Tue, 4 Mar 2014 19:47:21 +0000 (UTC) Received: from mail.dawidek.net (garage.dawidek.net [91.121.88.72]) by mx1.freebsd.org (Postfix) with ESMTP id E7B4DF1C; Tue, 4 Mar 2014 19:47:20 +0000 (UTC) Received: from localhost (89-73-195-149.dynamic.chello.pl [89.73.195.149]) by mail.dawidek.net (Postfix) with ESMTPSA id A9C4585C; Tue, 4 Mar 2014 20:47:18 +0100 (CET) Date: Tue, 4 Mar 2014 20:49:09 +0100 From: Pawel Jakub Dawidek To: John Baldwin Subject: Re: svn commit: r262566 - in stable/10: crypto/openssh crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-comp... Message-ID: <20140304194908.GA1672@garage.freebsd.pl> References: <201402271729.s1RHT2rx075258@svn.freebsd.org> <20140303233839.GD1659@garage.freebsd.pl> <86vbvutkz4.fsf@nine.des.no> <201403041146.57895.jhb@freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="9amGYk9869ThD9tj" Content-Disposition: inline In-Reply-To: <201403041146.57895.jhb@freebsd.org> X-OS: FreeBSD 11.0-CURRENT amd64 User-Agent: Mutt/1.5.22 (2013-10-16) Cc: src-committers@freebsd.org, svn-src-stable-10@freebsd.org, svn-src-stable@freebsd.org, svn-src-all@freebsd.org, Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= , Dimitry Andric X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Mar 2014 19:47:21 -0000 --9amGYk9869ThD9tj Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 04, 2014 at 11:46:57AM -0500, John Baldwin wrote: > On Tuesday, March 04, 2014 3:40:47 am Dag-Erling Sm=F8rgrav wrote: > > Pawel Jakub Dawidek writes: > > > Dimitry Andric writes: > > > > Wouldn't it be enough to merge r261499 ("Fix installations that use > > > > kernels without CAPABILITIES support") by pjd? > > > Yes, my change should be definiately merged with OpenSSH merge. If > > > nobody beats me to it, I should be able to merge it tomorrow. > >=20 > > Please do. I thought I had included it in the MFC since it was already > > in head, but I'd forgotten that it had been committed separately. Xin already did it. > > BTW, IWBNI there were a cap_available() predicate or something like that > > which we could check up front, and short-circuit the entire Capsicum > > part of ssh_sandbox_child() if it failed. >=20 > If the capsicum code adds a FEATURE(capsicum) macro in the kernel bits, y= ou=20 > can use 'if (feature_present("capsicum"))' in userland to check. It does add the following: FEATURE(security_capability_mode, "Capsicum Capability Mode"); FEATURE(security_capabilities, "Capsicum Capabilities"); --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com --9amGYk9869ThD9tj Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iEYEARECAAYFAlMWLjQACgkQForvXbEpPzSeuwCfXQE1fHx1MJmmI12wY7dvSJnX U54AmgKj4YJzti5n+fF2/64Yc8f49gwv =Jd19 -----END PGP SIGNATURE----- --9amGYk9869ThD9tj--