svn commit: r223584 - head/sbin/hastd
Pawel Jakub Dawidek
pjd at FreeBSD.org
Mon Jun 27 09:10:48 UTC 2011
Author: pjd
Date: Mon Jun 27 09:10:48 2011
New Revision: 223584
URL: http://svn.freebsd.org/changeset/base/223584
Log:
Log a warning if we cannot sandbox using capsicum, but only under debug level 1.
It would be too noisy to log it as a proper warning as CAPABILITIES are not
compiled into GENERIC by default.
MFC after: 3 days
Modified:
head/sbin/hastd/subr.c
Modified: head/sbin/hastd/subr.c
==============================================================================
--- head/sbin/hastd/subr.c Mon Jun 27 05:57:14 2011 (r223583)
+++ head/sbin/hastd/subr.c Mon Jun 27 09:10:48 2011 (r223584)
@@ -230,9 +230,13 @@ drop_privs(struct hast_resource *res)
* ioctls and secondary uses ioctls to handle BIO_DELETE and BIO_FLUSH.
* For now capsicum is only used to sandbox hastctl.
*/
- if (res == NULL)
+ if (res == NULL) {
capsicum = (cap_enter() == 0);
- else
+ if (!capsicum) {
+ pjdlog_common(LOG_DEBUG, 1, errno,
+ "Unable to sandbox using capsicum");
+ }
+ } else
capsicum = false;
/*
More information about the svn-src-all
mailing list