Add "options CAPABILITY_MODE" and "options CAPABILITIES" to GENERIC kernel

configurations for various architectures in FreeBSD 10.x. This allows basic Capsicum functionality to be used in the default FreeBSD configuration on non-embedded architectures; process descriptors are not yet enabled by default. MFC after: 3 months Sponsored by: Google, Inc
2011-12-29 22:48:36 +00:00 · 2011-12-29 22:48:36 +00:00 · 009d2032af
commit 009d2032af
parent 8c87e0405a
6 changed files with 12 additions and 0 deletions
--- a/sys/amd64/conf/GENERIC
+++ b/sys/amd64/conf/GENERIC
@ -60,6 +60,8 @@ options 	PRINTF_BUFR_SIZE=128	# Prevent printf output being interspersed.
 options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev
 options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
 options 	AUDIT			# Security event auditing
+options 	CAPABILITY_MODE		# Capsicum capability mode
+options 	CAPABILITIES		# Capsicum capabilities
 options 	MAC			# TrustedBSD MAC Framework
 #options 	KDTRACE_FRAME		# Ensure frames are compiled in
 #options 	KDTRACE_HOOKS		# Kernel DTrace hooks
--- a/sys/i386/conf/GENERIC
+++ b/sys/i386/conf/GENERIC
@ -61,6 +61,8 @@ options 	PRINTF_BUFR_SIZE=128	# Prevent printf output being interspersed.
 options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev
 options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
 options 	AUDIT			# Security event auditing
+options 	CAPABILITY_MODE		# Capsicum capability mode
+options 	CAPABILITIES		# Capsicum capabilities
 options 	MAC			# TrustedBSD MAC Framework
 #options 	KDTRACE_HOOKS		# Kernel DTrace hooks
 options 	INCLUDE_CONFIG_FILE     # Include this file in kernel
--- a/sys/ia64/conf/GENERIC
+++ b/sys/ia64/conf/GENERIC
@ -26,6 +26,8 @@ ident		GENERIC
 makeoptions	DEBUG=-g	# Build kernel with debug information.

 options 	AUDIT		# Security event auditing
+options 	CAPABILITY_MODE		# Capsicum capability mode
+options 	CAPABILITIES		# Capsicum capabilities
 options 	CD9660		# ISO 9660 Filesystem
 options 	COMPAT_FREEBSD7	# Compatible with FreeBSD7
 options 	FFS		# Berkeley Fast Filesystem
--- a/sys/pc98/conf/GENERIC
+++ b/sys/pc98/conf/GENERIC
@ -63,6 +63,8 @@ options 	_KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
 options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev
 options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
 options 	AUDIT			# Security event auditing
+options 	CAPABILITY_MODE		# Capsicum capability mode
+options 	CAPABILITIES		# Capsicum capabilities
 options 	MAC			# TrustedBSD MAC Framework
 options 	INCLUDE_CONFIG_FILE     # Include this file in kernel

--- a/sys/powerpc/conf/GENERIC
+++ b/sys/powerpc/conf/GENERIC
@ -64,6 +64,8 @@ options 	SYSVSEM			#SYSV-style semaphores
 options 	_KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions
 options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
 options 	AUDIT			# Security event auditing
+options 	CAPABILITY_MODE		# Capsicum capability mode
+options 	CAPABILITIES		# Capsicum capabilities
 options 	MAC			# TrustedBSD MAC Framework
 options 	INCLUDE_CONFIG_FILE     # Include this file in kernel

--- a/sys/sparc64/conf/GENERIC
+++ b/sys/sparc64/conf/GENERIC
@ -60,6 +60,8 @@ options 	_KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
 options 	PRINTF_BUFR_SIZE=128	# Prevent printf output being interspersed.
 options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
 options 	AUDIT			# Security event auditing
+options 	CAPABILITY_MODE		# Capsicum capability mode
+options 	CAPABILITIES		# Capsicum capabilities
 options 	MAC			# TrustedBSD MAC Framework
 options 	INCLUDE_CONFIG_FILE	# Include this file in kernel