PERFORCE change 164538 for review
Robert Watson
rwatson at FreeBSD.org
Tue Jun 16 21:48:43 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=164538
Change 164538 by rwatson at rwatson_freebsd_capabilities on 2009/06/16 21:47:52
libcapabilitym is no longer required.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/lib/Makefile#8 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/Makefile#14 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#20 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapabilitym/Makefile#3 delete
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/lib/Makefile#8 (text+ko) ====
@@ -32,7 +32,7 @@
ncurses ${_libnetgraph} libradius librpcsvc libsbuf \
libtacplus libutil ${_libypclnt} libalias libarchive ${_libatm} \
libbegemot ${_libbluetooth} ${_libbsnmp} libbz2 \
- libcalendar libcam libcapability libcapabilitym libcompat \
+ libcalendar libcam libcapability libcompat \
libdevinfo libdevstat \
libdisk \
libdwarf libedit libexpat libfetch libftpio libgeom ${_libgpib} \
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/Makefile#14 (text+ko) ====
@@ -20,8 +20,7 @@
MAN= libcapability.3
MAN+= libcapability_host.3
MAN+= libcapability_sandbox.3
-MLINKS= libcapability.3 libcapabilitym.3 \
- libcapability.3 lc_limitfd.3 \
+MLINKS= libcapability.3 lc_limitfd.3 \
libcapability_host.3 lch_autosandbox_isenabled.3 \
libcapability_host.3 lch_start.3 \
libcapability_host.3 lch_start_flags.3 \
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#20 (text+ko) ====
@@ -78,20 +78,6 @@
.Xr libcapability_sandbox 3 .
Sandboxed processes themselves may launch software components in further
sandboxes, so a single program may use both host and sandbox APIs.
-.Pp
-Applications will link against one of two versions of the library:
-.Pp
-.Nm libcapability
-is intended to run in an unsandboxed environment, and is appropriate for use
-by application running with full user privileges.
-It relies on the UNIX file system namespace to load software components that
-will be executed in sandboxes.
-.Pp
-.Nm libcapabilitym
-is intended to run in a sandboxed environment, and loads binaries and
-supporting libraries for sandboxes from the library descriptor cache
-maintained by
-.Xr rtld-elf-cap 1 .
.Sh CAPABILITY API
.Fn lc_limitfd
is a wrapper around
More information about the p4-projects
mailing list