c501d73c7e
After calling the cap_init(3) function Casper will fork from it's original process, using pdfork(2). Forking from a process has a lot of advantages: 1. We have the same cwd as the original process. 2. The same uid, gid and groups. 3. The same MAC labels. 4. The same descriptor table. 5. The same routing table. 6. The same umask. 7. The same cpuset(1). From now services are also in form of libraries. We also removed libcapsicum at all and converts existing program using Casper to new architecture. Discussed with: pjd, jonathan, ed, drysdale@google.com, emaste Partially reviewed by: drysdale@google.com, bdrewery Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4277
111 lines
1.4 KiB
Plaintext
111 lines
1.4 KiB
Plaintext
# $FreeBSD$
|
|
#
|
|
# Please see the file src/etc/mtree/README before making changes to this file.
|
|
#
|
|
|
|
/set type=dir uname=root gname=wheel mode=0755
|
|
.
|
|
bin
|
|
..
|
|
boot
|
|
defaults
|
|
..
|
|
dtb
|
|
..
|
|
firmware
|
|
..
|
|
kernel
|
|
..
|
|
modules
|
|
..
|
|
zfs
|
|
..
|
|
..
|
|
dev mode=0555
|
|
..
|
|
etc
|
|
X11
|
|
..
|
|
autofs
|
|
..
|
|
bluetooth
|
|
..
|
|
casper
|
|
..
|
|
defaults
|
|
..
|
|
devd
|
|
..
|
|
dma
|
|
..
|
|
gss
|
|
..
|
|
mail
|
|
..
|
|
mtree
|
|
..
|
|
newsyslog.conf.d
|
|
..
|
|
ntp mode=0700
|
|
..
|
|
pam.d
|
|
..
|
|
periodic
|
|
daily
|
|
..
|
|
monthly
|
|
..
|
|
security
|
|
..
|
|
weekly
|
|
..
|
|
..
|
|
pkg
|
|
..
|
|
ppp
|
|
..
|
|
rc.conf.d
|
|
..
|
|
rc.d
|
|
..
|
|
security
|
|
..
|
|
skel
|
|
..
|
|
ssh
|
|
..
|
|
ssl
|
|
..
|
|
zfs
|
|
..
|
|
..
|
|
lib
|
|
casper
|
|
..
|
|
geom
|
|
..
|
|
..
|
|
libexec
|
|
resolvconf
|
|
..
|
|
..
|
|
media
|
|
..
|
|
mnt
|
|
..
|
|
proc mode=0555
|
|
..
|
|
rescue
|
|
..
|
|
root
|
|
..
|
|
sbin
|
|
..
|
|
tmp mode=01777
|
|
..
|
|
usr
|
|
..
|
|
var
|
|
..
|
|
..
|