PERFORCE change 164584 for review
Robert Watson
rwatson at FreeBSD.org
Wed Jun 17 14:20:40 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=164584
Change 164584 by rwatson at rwatson_freebsd_capabilities on 2009/06/17 14:20:16
Mention rtld-elf interactions of libcapability.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#21 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#21 (text+ko) ====
@@ -55,6 +55,11 @@
.Nm
will use one or both of "host" and "sandbox" APIs, depending on whether they
consume or produce sandboxed services.
+.Nm
+will start sandboxed components using a sandbox-specific run-time linker,
+.Xr rtld-elf-cap 1 ,
+rather than the standard
+.Xr rtld-elf 1 .
.Pp
Host processes use the
.Nm
@@ -67,7 +72,6 @@
to communication with the sandboxed service based on socket I/O or remote
procedure call (RPC).
.Pp
-.Pp
Sandbox processes run in capability mode, and are only able to use resources
either assigned to the sandbox during creation, or later explicitly passed to
the process.
@@ -89,6 +93,8 @@
with the requested rights mask.
.Sh SEE ALSO
.Xr rpcgen 1 ,
+.Xr rtld-elf 1 ,
+.Xr rtld-elf-cap 1 ,
.Xr cap_enter 2 ,
.Xr cap_new 2 ,
.Xr close 2 ,
More information about the p4-projects
mailing list