Define the CAPABILITIES kernel option.

This option will enable Capsicum capabilities, which provide a fine-grained mask on operations that can be performed on file descriptors. Approved by: mentor (rwatson), re (Capsicum blanket ok) Sponsored by: Google Inc
2011-07-02 15:41:22 +00:00 · 2011-07-02 15:41:22 +00:00 · af3435e197
commit af3435e197
parent 49a6dac46f
2 changed files with 3 additions and 1 deletions
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@ -1162,7 +1162,8 @@ options 	MAC_STUB
 options 	MAC_TEST

 # Support for Capsicum
-options 	CAPABILITY_MODE
+options 	CAPABILITIES	# fine-grained rights on file descriptors
+options 	CAPABILITY_MODE	# sandboxes with no global namespace access


 #####################################################################
--- a/sys/conf/options
+++ b/sys/conf/options
@ -63,6 +63,7 @@ SYSCTL_DEBUG	opt_sysctl.h
 ADAPTIVE_LOCKMGRS
 ALQ
 AUDIT		opt_global.h
+CAPABILITIES	opt_capsicum.h
 CAPABILITY_MODE	opt_capsicum.h
 CODA_COMPAT_5	opt_coda.h
 COMPAT_43	opt_compat.h