capabilities.conf (247602) | capabilities.conf (247667) |
---|---|
1## 2## Copyright (c) 2008-2010 Robert N. M. Watson 3## All rights reserved. 4## 5## This software was developed at the University of Cambridge Computer 6## Laboratory with support from a grant from Google, Inc. 7## 8## Redistribution and use in source and binary forms, with or without --- 18 unchanged lines hidden (view full) --- 27## SUCH DAMAGE. 28## 29## List of system calls enabled in capability mode, one name per line. 30## 31## Notes: 32## - sys_exit(2), abort2(2) and close(2) are very important. 33## - Sorted alphabetically, please keep it that way. 34## | 1## 2## Copyright (c) 2008-2010 Robert N. M. Watson 3## All rights reserved. 4## 5## This software was developed at the University of Cambridge Computer 6## Laboratory with support from a grant from Google, Inc. 7## 8## Redistribution and use in source and binary forms, with or without --- 18 unchanged lines hidden (view full) --- 27## SUCH DAMAGE. 28## 29## List of system calls enabled in capability mode, one name per line. 30## 31## Notes: 32## - sys_exit(2), abort2(2) and close(2) are very important. 33## - Sorted alphabetically, please keep it that way. 34## |
35## $FreeBSD: head/sys/kern/capabilities.conf 247602 2013-03-02 00:53:12Z pjd $ | 35## $FreeBSD: head/sys/kern/capabilities.conf 247667 2013-03-02 21:11:30Z pjd $ |
36## 37 38## 39## Allow ACL and MAC label operations by file descriptor, subject to 40## capability rights. Allow MAC label operations on the current process but 41## we will need to scope __mac_get_pid(2). 42## 43__acl_aclcheck_fd --- 51 unchanged lines hidden (view full) --- 95## audit(2) is a global operation, submitting to the global trail, but it is 96## controlled by privilege, and it might be useful to be able to submit 97## records from sandboxes. For now, disallow, but we may want to think about 98## providing some sort of proxy service for this. 99## 100#audit 101 102## | 36## 37 38## 39## Allow ACL and MAC label operations by file descriptor, subject to 40## capability rights. Allow MAC label operations on the current process but 41## we will need to scope __mac_get_pid(2). 42## 43__acl_aclcheck_fd --- 51 unchanged lines hidden (view full) --- 95## audit(2) is a global operation, submitting to the global trail, but it is 96## controlled by privilege, and it might be useful to be able to submit 97## records from sandboxes. For now, disallow, but we may want to think about 98## providing some sort of proxy service for this. 99## 100#audit 101 102## |
103## Disllow bind(2) for now, even though we support CAP_BIND. | 103## Allow bindat(2). |
104## | 104## |
105## XXXRW: Revisit this. 106## 107#bind | 105bindat |
108 109## 110## Allow capability mode and capability system calls. 111## 112cap_enter 113cap_fcntls_get 114cap_fcntls_limit 115cap_getmode --- 11 unchanged lines hidden (view full) --- 127 128## 129## Always allow file descriptor close(2). 130## 131close 132closefrom 133 134## | 106 107## 108## Allow capability mode and capability system calls. 109## 110cap_enter 111cap_fcntls_get 112cap_fcntls_limit 113cap_getmode --- 11 unchanged lines hidden (view full) --- 125 126## 127## Always allow file descriptor close(2). 128## 129close 130closefrom 131 132## |
135## Disallow connect(2) for now, despite CAP_CONNECT. | 133## Allow connectat(2). |
136## | 134## |
137## XXXRW: Revisit this. 138## 139#connect | 135connectat |
140 141## 142## cpuset(2) and related calls require scoping by process, but should 143## eventually be allowed, at least in the current process case. 144## 145#cpuset 146#cpuset_getaffinity 147#cpuset_getid --- 609 unchanged lines hidden --- | 136 137## 138## cpuset(2) and related calls require scoping by process, but should 139## eventually be allowed, at least in the current process case. 140## 141#cpuset 142#cpuset_getaffinity 143#cpuset_getid --- 609 unchanged lines hidden --- |