#
219131 |
|
01-Mar-2011 |
rwatson |
Continue to introduce Capsicum Capability Mode support:
Add a new system call flag, SYF_CAPENABLED, which indicates that a particular system call is available in capability mode.
Add a new configuration file, kern/capabilities.conf (similar files may be introduced for other ABIs in the future), which enumerates system calls that are available in capability mode. When a new system call is added to syscalls.master, it will also need to be added here (if needed). Teach sysent parts to use this file to set values for SYF_CAPENABLED for the native ABI.
Reviewed by: anderson Discussed with: benl, kris, pjd Obtained from: Capsicum Project MFC after: 3 months
|