svn commit: r296047 - in head: . contrib/mdocml contrib/tcpdump etc/defaults etc/mtree etc/rc.d gnu/usr.bin/groff/tmac lib lib/libc/posix1e lib/libcapsicum lib/libcasper lib/libcasper/libcasper lib...

[Mariusz Zaborski]

Thank you. I on it.

On 26 February 2016 at 16:55, Shawn Webb <shawn.webb at hardenedbsd.org> wrote:

> On Thu, Feb 25, 2016 at 06:23:40PM +0000, Mariusz Zaborski wrote:
> > Author: oshogbo
> > Date: Thu Feb 25 18:23:40 2016
> > New Revision: 296047
> > URL: https://svnweb.freebsd.org/changeset/base/296047
> >
> > Log:
> >   Convert casperd(8) daemon to the libcasper.
> >   After calling the cap_init(3) function Casper will fork from it's
> original
> >   process, using pdfork(2). Forking from a process has a lot of
> advantages:
> >   1. We have the same cwd as the original process.
> >   2. The same uid, gid and groups.
> >   3. The same MAC labels.
> >   4. The same descriptor table.
> >   5. The same routing table.
> >   6. The same umask.
> >   7. The same cpuset(1).
> >   From now services are also in form of libraries.
> >   We also removed libcapsicum at all and converts existing program using
> Casper
> >   to new architecture.
> >
> >   Discussed with:             pjd, jonathan, ed, drysdale at google.com,
> emaste
> >   Partially reviewed by:      drysdale at google.com, bdrewery
> >   Approved by:                pjd (mentor)
> >   Differential Revision:      https://reviews.freebsd.org/D4277
>
> This commit breaks `cd /usr/src/release; make real-release`.
>
> Log of failed build here:
>
>
> http://jenkins.hardenedbsd.org:8180/jenkins/job/HardenedBSD-CURRENT-amd64/lastFailedBuild/console
>
> Reverting this commit makes everything happy again.
>
> Thanks,
>
> --
> Shawn Webb
> HardenedBSD
>
> GPG Key ID:          0x6A84658F52456EEE
> GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE
>