d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
262,557 Commits 4 Branches 49 Tags
Commit Graph

14 Commits

Author SHA1 Message Date
allanjude
56f722576f Allow cpuset_{get,set}affinity in capabilities mode 
bhyve was recently sandboxed with capsicum, and needs to be able to
control the CPU sets of its vcpu threads

Reviewed by:	emaste, oshogbo, rwatson
MFC after:	2 weeks
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D10170
 2017-05-24 00:58:30 +00:00
gjb
a3c1e79a1b Correct a manual page reference. 
Approved by:	re (kib)
Sponsored by:	The FreeBSD Foundation
 2016-07-05 23:03:57 +00:00
brueffer
1d8868777c Fix minor problems caught by mandoc -Tlint. 2016-03-31 15:16:22 +00:00
oshogbo
023f14d65b Convert casperd(8) daemon to the libcasper. 
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.

Discussed with:		pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by:	drysdale@google.com, bdrewery
Approved by:		pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4277
 2016-02-25 18:23:40 +00:00
trasz
bd230b9731 Update Capsicum and Mandatory Access Control manual pages 
to no longer claim they are experimental.

Reviewed by:	rwatson@, wblock@
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D2985
 2015-07-25 15:56:49 +00:00
bapt
5da5395a98 use .Mt to mark up email addresses consistently (final part) 
PR:		191174
Submitted by:	Franco Fichtner <franco at lastsummer.de>
 2014-06-26 21:46:14 +00:00
pjd
7edb88a514 Add cross-references to casperd(8) and libcapsicum(3). 
Suggested by:	rwatson
 2014-02-07 22:15:48 +00:00
pjd
4ac2e7d8d9 Make process descriptors standard part of the kernel. rwhod(8) already 
requires process descriptors to work and having PROCDESC in GENERIC
seems not enough, especially that we hope to have more and more consumers
in the base.

MFC after:	3 days
 2013-11-30 15:08:35 +00:00
pjd
35ca29ffe7 - Add manual pages for capability rights (rights(4)), cap_rights_init(3) 
family of functions and cap_rights_get(3) function.
- Update remaining Capsicum-related manual pages.

Reviewed by:	bdrewery
MFC after:	3 days
 2013-11-04 14:10:22 +00:00
bdrewery
9992c4312f cap_new(2) and cap_getrights2) were replaced with cap_rights_limit(2) 
and cap_rights_get(2) in r247602

Reviewed by:	pjd
Approved by:	gjb
Approved by:	re (rodrigc)
 2013-09-19 10:56:36 +00:00
pjd
36c819441c Remove trailing comma. 2013-09-05 00:38:53 +00:00
rwatson
a9feb8e8b9 Add a simple procdesc(4) man page describing "options PROCDESC" and the 
high-level facility, supplementing pdfork(2) and friends.  Update capsicum.4
to xref.

Suggested by:	sbruno
MFC after:	3 days
 2013-08-28 19:49:32 +00:00
gjb
ed459e330b General mdoc(7) and typo fixes. 
PR:		167776
Submitted by:	Nobuyuki Koganemaru (kogane!jp.freebsd.org)
MFC after:	3 days
 2012-05-12 03:25:46 +00:00
rwatson
b433b3878b Add an introductory Capsicum man page providing a high-level description of 
its mechanisms, pointing at other pertinent man pages, and cautioning about
the experimental status of Capsicum in FreeBSD.

MFC after:	3 days
Sponsored by:	Google, Inc.
 2011-11-27 19:44:15 +00:00