Allow to use kill(2) in capability mode, but process can send a signal only

to himself. For example abort(3) at first tries to do kill(getpid(), SIGABRT) which was failing in capability mode, so the code was failing back to exit(1). Reviewed by: rwatson Obtained from: WHEEL Systems MFC after: 2 weeks
author: pjd <pjd@FreeBSD.org> 2012-11-27 10:22:40 +0000
committer: pjd <pjd@FreeBSD.org> 2012-11-27 10:22:40 +0000
commit: c079174e145757091a244b3c818aa046d2e6b93e (patch)
tree: f06915591c05c31a4cb30e1119662eddc2c2f658 /sys/kern/capabilities.conf
parent: 02c0badfc1d26f3d714ef3e9a609e883d83e5fff (diff)
download: FreeBSD-src-c079174e145757091a244b3c818aa046d2e6b93e.zip
FreeBSD-src-c079174e145757091a244b3c818aa046d2e6b93e.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/kern/capabilities.conf b/sys/kern/capabilities.conf
index 82eeb07..11aad16 100644
--- a/sys/kern/capabilities.conf
+++ b/sys/kern/capabilities.conf
@@ -337,6 +337,11 @@ issetugid
 kevent
 
 ##
+## Allow kill(2), as we allow the process to send signals only to himself.
+##
+kill
+
+##
 ## Allow message queue operations on file descriptors, subject to capability
 ## rights.
 ##
author	pjd <pjd@FreeBSD.org>	2012-11-27 10:22:40 +0000
committer	pjd <pjd@FreeBSD.org>	2012-11-27 10:22:40 +0000
commit	c079174e145757091a244b3c818aa046d2e6b93e (patch)
tree	f06915591c05c31a4cb30e1119662eddc2c2f658 /sys/kern/capabilities.conf
parent	02c0badfc1d26f3d714ef3e9a609e883d83e5fff (diff)
download	FreeBSD-src-c079174e145757091a244b3c818aa046d2e6b93e.zip FreeBSD-src-c079174e145757091a244b3c818aa046d2e6b93e.tar.gz