svn commit: r262566 - in stable/10: crypto/openssh crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-comp...
Pawel Jakub Dawidek
pjd at FreeBSD.org
Tue Mar 4 19:47:21 UTC 2014
On Tue, Mar 04, 2014 at 11:46:57AM -0500, John Baldwin wrote:
> On Tuesday, March 04, 2014 3:40:47 am Dag-Erling Smørgrav wrote:
> > Pawel Jakub Dawidek <pjd at FreeBSD.org> writes:
> > > Dimitry Andric <dimitry at andric.com> writes:
> > > > Wouldn't it be enough to merge r261499 ("Fix installations that use
> > > > kernels without CAPABILITIES support") by pjd?
> > > Yes, my change should be definiately merged with OpenSSH merge. If
> > > nobody beats me to it, I should be able to merge it tomorrow.
> >
> > Please do. I thought I had included it in the MFC since it was already
> > in head, but I'd forgotten that it had been committed separately.
Xin already did it.
> > BTW, IWBNI there were a cap_available() predicate or something like that
> > which we could check up front, and short-circuit the entire Capsicum
> > part of ssh_sandbox_child() if it failed.
>
> If the capsicum code adds a FEATURE(capsicum) macro in the kernel bits, you
> can use 'if (feature_present("capsicum"))' in userland to check.
It does add the following:
FEATURE(security_capability_mode, "Capsicum Capability Mode");
FEATURE(security_capabilities, "Capsicum Capabilities");
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://mobter.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-stable/attachments/20140304/00c8838f/attachment.sig>
More information about the svn-src-stable
mailing list