We may split today's CAPABILITIES into CAPABILITY_MODE (which has

to do with global namespaces) and CAPABILITIES (which has to do with constraining file descriptors). Just in case, and because it's a better name anyway, let's move CAPABILITIES out of the way. Also, change opt_capabilities.h to opt_capsicum.h; for now, this will only hold CAPABILITY_MODE, but it will probably also hold the new CAPABILITIES (implying constrained file descriptors) in the future. Approved by: rwatson Sponsored by: Google UK Ltd
2011-06-29 13:03:05 +00:00 · 2011-06-29 13:03:05 +00:00 · 24c1c3bf71
commit 24c1c3bf71
parent 2bddeb8538
7 changed files with 14 additions and 14 deletions
--- a/sys/amd64/amd64/sys_machdep.c
+++ b/sys/amd64/amd64/sys_machdep.c
@ -33,7 +33,7 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");

-#include "opt_capabilities.h"
+#include "opt_capsicum.h"

 #include <sys/param.h>
 #include <sys/systm.h>
@ -180,7 +180,7 @@ sysarch(td, uap)
 	uint64_t a64base;
 	struct i386_ioperm_args iargs;

-#ifdef CAPABILITIES
+#ifdef CAPABILITY_MODE
 	/*
 	 * Whitelist of operations which are safe enough for capability mode.
 	 */
--- a/sys/arm/arm/sys_machdep.c
+++ b/sys/arm/arm/sys_machdep.c
@ -36,7 +36,7 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");

-#include "opt_capabilities.h"
+#include "opt_capsicum.h"

 #include <sys/param.h>
 #include <sys/systm.h>
@ -107,7 +107,7 @@ sysarch(td, uap)
 {
 	int error;

-#ifdef CAPABILITIES
+#ifdef CAPABILITY_MODE
 	/*
 	 * Whitelist of operations which are safe enough for capability mode.
 	 */
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@ -1162,7 +1162,7 @@ options 	MAC_STUB
 options 	MAC_TEST

 # Support for Capsicum
-options 	CAPABILITIES
+options 	CAPABILITY_MODE


 #####################################################################
--- a/sys/conf/options
+++ b/sys/conf/options
@ -63,7 +63,7 @@ SYSCTL_DEBUG	opt_sysctl.h
 ADAPTIVE_LOCKMGRS
 ALQ
 AUDIT		opt_global.h
-CAPABILITIES	opt_capabilities.h
+CAPABILITY_MODE	opt_capsicum.h
 CODA_COMPAT_5	opt_coda.h
 COMPAT_43	opt_compat.h
 COMPAT_43TTY	opt_compat.h
--- a/sys/i386/i386/sys_machdep.c
+++ b/sys/i386/i386/sys_machdep.c
@ -32,7 +32,7 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");

-#include "opt_capabilities.h"
+#include "opt_capsicum.h"
 #include "opt_kstack_pages.h"

 #include <sys/param.h>
@ -111,7 +111,7 @@ sysarch(td, uap)

 	AUDIT_ARG_CMD(uap->op);

-#ifdef CAPABILITIES
+#ifdef CAPABILITY_MODE
 	/*
 	 * Whitelist of operations which are safe enough for capability mode.
 	 */
--- a/sys/kern/subr_trap.c
+++ b/sys/kern/subr_trap.c
@ -44,7 +44,7 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");

-#include "opt_capabilities.h"
+#include "opt_capsicum.h"
 #include "opt_ktrace.h"
 #include "opt_kdtrace.h"
 #include "opt_sched.h"
@ -313,7 +313,7 @@ syscallenter(struct thread *td, struct syscall_args *sa)
 				goto retval;
 		}

-#ifdef CAPABILITIES
+#ifdef CAPABILITY_MODE
 		/*
 		 * In capability mode, we only allow access to system calls
 		 * flagged with SYF_CAPENABLED.
--- a/sys/kern/sys_capability.c
+++ b/sys/kern/sys_capability.c
@ -36,7 +36,7 @@
 *
 */

-#include "opt_capabilities.h"
+#include "opt_capsicum.h"

 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
@ -59,7 +59,7 @@ __FBSDID("$FreeBSD$");
 #include <vm/uma.h>
 #include <vm/vm.h>

-#ifdef CAPABILITIES
+#ifdef CAPABILITY_MODE

 FEATURE(security_capabilities, "Capsicum Capability Mode");

@ -99,7 +99,7 @@ cap_getmode(struct thread *td, struct cap_getmode_args *uap)
 	return (copyout(&i, uap->modep, sizeof(i)));
 }

-#else /* !CAPABILITIES */
+#else /* !CAPABILITY_MODE */

 int
 cap_enter(struct thread *td, struct cap_enter_args *uap)
@ -115,4 +115,4 @@ cap_getmode(struct thread *td, struct cap_getmode_args *uap)
 	return (ENOSYS);
 }

-#endif /* CAPABILITIES */
+#endif /* CAPABILITY_MODE */