d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
199,200 Commits 72 Branches 135 Tags 3.2 GiB
772e66a6fc
Commit Graph

4 Commits

Author SHA1 Message Date
Robert Watson
b881b8be1d Update most userspace consumers of capability.h to use capsicum.h instead. 
auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

MFC after:	3 weeks
 2014-03-16 11:04:44 +00:00
Pawel Jakub Dawidek
796aef8d17 Always create /var/run/casper with correct permissions and don't depend on the 
calling process' umask.

Submitted by:	Mikhail <mp@lenta.ru>
 2014-01-09 09:19:59 +00:00
Pawel Jakub Dawidek
9a2d4197a7 Initialize cookie before use. 
Reported by:	Coverity
Coverity CID:	1135292
 2013-12-03 13:28:05 +00:00
Pawel Jakub Dawidek
42a8595256 Please welcome casperd daemon. It (and its services) will be responsible for 
giving access to functionality that is not available in capability mode
sandbox. The functionality can be precisely restricted.

Start with the following services:
- system.dns - provides API compatible to:
	- gethostbyname(3),
	- gethostbyname2(3),
	- gethostbyaddr(3),
	- getaddrinfo(3),
	- getnameinfo(3),
- system.grp - provides getgrent(3)-compatible API,
- system.pwd - provides getpwent(3)-compatible API,
- system.random - allows to obtain entropy from /dev/random,
- system.sysctl - provides sysctlbyname(3-compatible API.

Sponsored by:	The FreeBSD Foundation
 2013-12-02 08:21:28 +00:00