Add ECAPMODE, "Not permitted in capability mode", a new kernel errno

constant to indicate that a system call (or perhaps an operation requested via a system call) is not permitted for a capability mode process. Submitted by: anderson Sponsored by: Google, Inc. Obtained from: Capsicum Project MFC after: 1 week
author: rwatson <rwatson@FreeBSD.org> 2011-03-01 13:14:28 +0000
committer: rwatson <rwatson@FreeBSD.org> 2011-03-01 13:14:28 +0000
commit: 0fbd4a42792bb396f7a17bd8ed9eea61339f2d5b (patch)
tree: ac8e862e328893a9b4876962ad7c9362e9bba20d /sys/security
parent: 8d27150a02987492c63fb82670f25f512e3eedbb (diff)
download: FreeBSD-src-0fbd4a42792bb396f7a17bd8ed9eea61339f2d5b.zip
FreeBSD-src-0fbd4a42792bb396f7a17bd8ed9eea61339f2d5b.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/sys/security/audit/audit_bsm_errno.c b/sys/security/audit/audit_bsm_errno.c
index efbc866..c7aa9af 100644
--- a/sys/security/audit/audit_bsm_errno.c
+++ b/sys/security/audit/audit_bsm_errno.c
@@ -686,6 +686,20 @@ static const struct bsm_errno bsm_errnos[] = {
 	ERRNO_NO_LOCAL_MAPPING,
 #endif
 	ES("Key was rejected by service") },
+	{ BSM_ERRNO_ENOTCAPABLE,
+#ifdef ENOTCAPABLE
+	ENOTCAPABLE,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	ES("Capabilities insufficient") },
+	{ BSM_ERRNO_ECAPMODE,
+#ifdef ECAPMODE
+	ECAPMODE,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	ES("Not permitted in capability mode") },
 };
 static const int bsm_errnos_count = sizeof(bsm_errnos) / sizeof(bsm_errnos[0]);
author	rwatson <rwatson@FreeBSD.org>	2011-03-01 13:14:28 +0000
committer	rwatson <rwatson@FreeBSD.org>	2011-03-01 13:14:28 +0000
commit	0fbd4a42792bb396f7a17bd8ed9eea61339f2d5b (patch)
tree	ac8e862e328893a9b4876962ad7c9362e9bba20d /sys/security
parent	8d27150a02987492c63fb82670f25f512e3eedbb (diff)
download	FreeBSD-src-0fbd4a42792bb396f7a17bd8ed9eea61339f2d5b.zip FreeBSD-src-0fbd4a42792bb396f7a17bd8ed9eea61339f2d5b.tar.gz