PERFORCE change 147988 for review
Robert Watson
rwatson at FreeBSD.org
Thu Aug 21 11:16:20 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=147988
Change 147988 by rwatson at rwatson_freebsd_capabilities on 2008/08/21 11:15:21
Update comment.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#14 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#14 (text+ko) ====
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#13 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#14 $
*/
/*
@@ -120,12 +120,13 @@
/*
* cap_enter(): Cause the process to enter capability mode, which will
* prevent it from directly accessing global namespaces. System calls will
- * be limited to those performed on file descriptors, and subject to the
- * restrictions imposed by the objects referenced and the rights specified in
- * the file descriptor and possibly a protecting capability. If already in
- * the capability mode, a no-op.
+ * be limited to process-local, process-inherited, or file descriptor
+ * operations. If already in capability mode, a no-op.
*
- * XXXRW: This isn't implemented yet.
+ * Currently, process-inherited operations are not properly handled -- in
+ * particular, we're interested in things like waitpid(2), kill(2), etc,
+ * being properly constrained. One possible solution is to introduce process
+ * descriptors.
*/
int cap_enter(void);
More information about the p4-projects
mailing list