Date: Mon, 27 Jun 2011 09:10:48 +0000 (UTC) From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r223584 - head/sbin/hastd Message-ID: <201106270910.p5R9Am0l089752@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pjd Date: Mon Jun 27 09:10:48 2011 New Revision: 223584 URL: http://svn.freebsd.org/changeset/base/223584 Log: Log a warning if we cannot sandbox using capsicum, but only under debug level 1. It would be too noisy to log it as a proper warning as CAPABILITIES are not compiled into GENERIC by default. MFC after: 3 days Modified: head/sbin/hastd/subr.c Modified: head/sbin/hastd/subr.c ============================================================================== --- head/sbin/hastd/subr.c Mon Jun 27 05:57:14 2011 (r223583) +++ head/sbin/hastd/subr.c Mon Jun 27 09:10:48 2011 (r223584) @@ -230,9 +230,13 @@ drop_privs(struct hast_resource *res) * ioctls and secondary uses ioctls to handle BIO_DELETE and BIO_FLUSH. * For now capsicum is only used to sandbox hastctl. */ - if (res == NULL) + if (res == NULL) { capsicum = (cap_enter() == 0); - else + if (!capsicum) { + pjdlog_common(LOG_DEBUG, 1, errno, + "Unable to sandbox using capsicum"); + } + } else capsicum = false; /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201106270910.p5R9Am0l089752>