Date: Mon, 30 Mar 2020 18:24:07 +0000 (UTC) From: Ed Maste <emaste@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r359451 - head/sys/kern Message-ID: <202003301824.02UIO7q6007268@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: emaste Date: Mon Mar 30 18:24:07 2020 New Revision: 359451 URL: https://svnweb.freebsd.org/changeset/base/359451 Log: capabilities.conf: provide information about capmode permitted syscalls Reviewed by: jhb (earlier) MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D24118 Modified: head/sys/kern/capabilities.conf Modified: head/sys/kern/capabilities.conf ============================================================================== --- head/sys/kern/capabilities.conf Mon Mar 30 18:15:36 2020 (r359450) +++ head/sys/kern/capabilities.conf Mon Mar 30 18:24:07 2020 (r359451) @@ -28,6 +28,11 @@ ## ## List of system calls enabled in capability mode, one name per line. ## +## System calls listed here operate either fully or partially in the absence +## of global namespaces or ambient authority. In capability mode system calls +## that operate only on global namespaces or require ambient authority have no +## utility and thus are not permitted. +## ## Notes: ## - sys_exit(2), abort2(2) and close(2) are very important. ## - Sorted alphabetically, please keep it that way.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003301824.02UIO7q6007268>