I submitted this a while back, but never heard back: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204008
What concerns me about this is that cap_enter() doesn't kill the program if it's disabled. I don't think any compiler warnings are sent, nor anything at run time. It just silently doesn't work, which I don't like as Capsicum is being utilized more and more, and if it's not working, it should be thoroughly known and documented.
To be clear, I can compile a program that calls cap_enter() on ARM, it will build and run, but never "work" if you actually test for the functionality. It just silently doesn't work.
Of course if it can be enabled, that would also be great. But making it more obvious when it's not working and enabling it on ARM, seems the most ideal to me.
Not really sure where/how to pursue this further.
Thanks!
What concerns me about this is that cap_enter() doesn't kill the program if it's disabled. I don't think any compiler warnings are sent, nor anything at run time. It just silently doesn't work, which I don't like as Capsicum is being utilized more and more, and if it's not working, it should be thoroughly known and documented.
To be clear, I can compile a program that calls cap_enter() on ARM, it will build and run, but never "work" if you actually test for the functionality. It just silently doesn't work.
Of course if it can be enabled, that would also be great. But making it more obvious when it's not working and enabling it on ARM, seems the most ideal to me.
Not really sure where/how to pursue this further.
Thanks!