diff options
author | jonathan <jonathan@FreeBSD.org> | 2011-06-29 13:03:05 +0000 |
---|---|---|
committer | jonathan <jonathan@FreeBSD.org> | 2011-06-29 13:03:05 +0000 |
commit | 624e7334676946983cce00d4d4d517038a630635 (patch) | |
tree | 371ec907aac5a99e5f3da86def673b401f58c8da /sys | |
parent | 385c8843b33e10d6ea1f996fb4be1f65994984fb (diff) | |
download | FreeBSD-src-624e7334676946983cce00d4d4d517038a630635.zip FreeBSD-src-624e7334676946983cce00d4d4d517038a630635.tar.gz |
We may split today's CAPABILITIES into CAPABILITY_MODE (which has
to do with global namespaces) and CAPABILITIES (which has to do with
constraining file descriptors). Just in case, and because it's a better
name anyway, let's move CAPABILITIES out of the way.
Also, change opt_capabilities.h to opt_capsicum.h; for now, this will
only hold CAPABILITY_MODE, but it will probably also hold the new
CAPABILITIES (implying constrained file descriptors) in the future.
Approved by: rwatson
Sponsored by: Google UK Ltd
Diffstat (limited to 'sys')
-rw-r--r-- | sys/amd64/amd64/sys_machdep.c | 4 | ||||
-rw-r--r-- | sys/arm/arm/sys_machdep.c | 4 | ||||
-rw-r--r-- | sys/conf/NOTES | 2 | ||||
-rw-r--r-- | sys/conf/options | 2 | ||||
-rw-r--r-- | sys/i386/i386/sys_machdep.c | 4 | ||||
-rw-r--r-- | sys/kern/subr_trap.c | 4 | ||||
-rw-r--r-- | sys/kern/sys_capability.c | 8 |
7 files changed, 14 insertions, 14 deletions
diff --git a/sys/amd64/amd64/sys_machdep.c b/sys/amd64/amd64/sys_machdep.c index fa895f3..beb248c 100644 --- a/sys/amd64/amd64/sys_machdep.c +++ b/sys/amd64/amd64/sys_machdep.c @@ -33,7 +33,7 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); -#include "opt_capabilities.h" +#include "opt_capsicum.h" #include <sys/param.h> #include <sys/systm.h> @@ -180,7 +180,7 @@ sysarch(td, uap) uint64_t a64base; struct i386_ioperm_args iargs; -#ifdef CAPABILITIES +#ifdef CAPABILITY_MODE /* * Whitelist of operations which are safe enough for capability mode. */ diff --git a/sys/arm/arm/sys_machdep.c b/sys/arm/arm/sys_machdep.c index 89e5227..52545d8 100644 --- a/sys/arm/arm/sys_machdep.c +++ b/sys/arm/arm/sys_machdep.c @@ -36,7 +36,7 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); -#include "opt_capabilities.h" +#include "opt_capsicum.h" #include <sys/param.h> #include <sys/systm.h> @@ -107,7 +107,7 @@ sysarch(td, uap) { int error; -#ifdef CAPABILITIES +#ifdef CAPABILITY_MODE /* * Whitelist of operations which are safe enough for capability mode. */ diff --git a/sys/conf/NOTES b/sys/conf/NOTES index b84d0c5..835c30b 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -1162,7 +1162,7 @@ options MAC_STUB options MAC_TEST # Support for Capsicum -options CAPABILITIES +options CAPABILITY_MODE ##################################################################### diff --git a/sys/conf/options b/sys/conf/options index 1ce30b1..35c0dfc 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -63,7 +63,7 @@ SYSCTL_DEBUG opt_sysctl.h ADAPTIVE_LOCKMGRS ALQ AUDIT opt_global.h -CAPABILITIES opt_capabilities.h +CAPABILITY_MODE opt_capsicum.h CODA_COMPAT_5 opt_coda.h COMPAT_43 opt_compat.h COMPAT_43TTY opt_compat.h diff --git a/sys/i386/i386/sys_machdep.c b/sys/i386/i386/sys_machdep.c index 6a761bf..e7b0828 100644 --- a/sys/i386/i386/sys_machdep.c +++ b/sys/i386/i386/sys_machdep.c @@ -32,7 +32,7 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); -#include "opt_capabilities.h" +#include "opt_capsicum.h" #include "opt_kstack_pages.h" #include <sys/param.h> @@ -111,7 +111,7 @@ sysarch(td, uap) AUDIT_ARG_CMD(uap->op); -#ifdef CAPABILITIES +#ifdef CAPABILITY_MODE /* * Whitelist of operations which are safe enough for capability mode. */ diff --git a/sys/kern/subr_trap.c b/sys/kern/subr_trap.c index 0113d7b..3527ed1 100644 --- a/sys/kern/subr_trap.c +++ b/sys/kern/subr_trap.c @@ -44,7 +44,7 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); -#include "opt_capabilities.h" +#include "opt_capsicum.h" #include "opt_ktrace.h" #include "opt_kdtrace.h" #include "opt_sched.h" @@ -313,7 +313,7 @@ syscallenter(struct thread *td, struct syscall_args *sa) goto retval; } -#ifdef CAPABILITIES +#ifdef CAPABILITY_MODE /* * In capability mode, we only allow access to system calls * flagged with SYF_CAPENABLED. diff --git a/sys/kern/sys_capability.c b/sys/kern/sys_capability.c index c6d9826..a19e881 100644 --- a/sys/kern/sys_capability.c +++ b/sys/kern/sys_capability.c @@ -36,7 +36,7 @@ * */ -#include "opt_capabilities.h" +#include "opt_capsicum.h" #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); @@ -59,7 +59,7 @@ __FBSDID("$FreeBSD$"); #include <vm/uma.h> #include <vm/vm.h> -#ifdef CAPABILITIES +#ifdef CAPABILITY_MODE FEATURE(security_capabilities, "Capsicum Capability Mode"); @@ -99,7 +99,7 @@ cap_getmode(struct thread *td, struct cap_getmode_args *uap) return (copyout(&i, uap->modep, sizeof(i))); } -#else /* !CAPABILITIES */ +#else /* !CAPABILITY_MODE */ int cap_enter(struct thread *td, struct cap_enter_args *uap) @@ -115,4 +115,4 @@ cap_getmode(struct thread *td, struct cap_getmode_args *uap) return (ENOSYS); } -#endif /* CAPABILITIES */ +#endif /* CAPABILITY_MODE */ |