From owner-svn-src-all@FreeBSD.ORG Wed Mar 5 19:43:27 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1E7305F2; Wed, 5 Mar 2014 19:43:27 +0000 (UTC) Received: from bigwig.baldwin.cx (bigwig.baldwin.cx [IPv6:2001:470:1f11:75::1]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id E2D8B3D5; Wed, 5 Mar 2014 19:43:26 +0000 (UTC) Received: from jhbbsd.localnet (unknown [209.249.190.124]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id B963CB917; Wed, 5 Mar 2014 14:43:25 -0500 (EST) From: John Baldwin To: Pawel Jakub Dawidek Subject: Re: svn commit: r262566 - in stable/10: crypto/openssh crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-comp... Date: Wed, 5 Mar 2014 14:13:47 -0500 User-Agent: KMail/1.13.5 (FreeBSD/8.4-CBSD-20130906; KDE/4.5.5; amd64; ; ) References: <201402271729.s1RHT2rx075258@svn.freebsd.org> <201403041146.57895.jhb@freebsd.org> <20140304194908.GA1672@garage.freebsd.pl> In-Reply-To: <20140304194908.GA1672@garage.freebsd.pl> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Message-Id: <201403051413.48049.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (bigwig.baldwin.cx); Wed, 05 Mar 2014 14:43:25 -0500 (EST) Cc: src-committers@freebsd.org, svn-src-stable-10@freebsd.org, svn-src-stable@freebsd.org, svn-src-all@freebsd.org, Dag-Erling =?iso-8859-15?q?Sm=F8rgrav?= , Dimitry Andric X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Mar 2014 19:43:27 -0000 On Tuesday, March 04, 2014 2:49:09 pm Pawel Jakub Dawidek wrote: > On Tue, Mar 04, 2014 at 11:46:57AM -0500, John Baldwin wrote: > > On Tuesday, March 04, 2014 3:40:47 am Dag-Erling Sm=F8rgrav wrote: > > > Pawel Jakub Dawidek writes: > > > > Dimitry Andric writes: > > > > > Wouldn't it be enough to merge r261499 ("Fix installations that u= se > > > > > kernels without CAPABILITIES support") by pjd? > > > > Yes, my change should be definiately merged with OpenSSH merge. If > > > > nobody beats me to it, I should be able to merge it tomorrow. > > >=20 > > > Please do. I thought I had included it in the MFC since it was alrea= dy > > > in head, but I'd forgotten that it had been committed separately. >=20 > Xin already did it. >=20 > > > BTW, IWBNI there were a cap_available() predicate or something like t= hat > > > which we could check up front, and short-circuit the entire Capsicum > > > part of ssh_sandbox_child() if it failed. > >=20 > > If the capsicum code adds a FEATURE(capsicum) macro in the kernel bits,= you=20 > > can use 'if (feature_present("capsicum"))' in userland to check. >=20 > It does add the following: >=20 > FEATURE(security_capability_mode, "Capsicum Capability Mode"); > FEATURE(security_capabilities, "Capsicum Capabilities"); Ah, then 'feature_present("security_capabilities")' should suffice. =2D-=20 John Baldwin