Capsicum not enabled by default on ARM

eldaemon

New Member


Messages: 6

I submitted this a while back, but never heard back: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204008

What concerns me about this is that cap_enter() doesn't kill the program if it's disabled. I don't think any compiler warnings are sent, nor anything at run time. It just silently doesn't work, which I don't like as Capsicum is being utilized more and more, and if it's not working, it should be thoroughly known and documented.

To be clear, I can compile a program that calls cap_enter() on ARM, it will build and run, but never "work" if you actually test for the functionality. It just silently doesn't work.

Of course if it can be enabled, that would also be great. But making it more obvious when it's not working and enabling it on ARM, seems the most ideal to me.

Not really sure where/how to pursue this further.

Thanks!
 

Juha Nurmela

Well-Known Member

Reaction score: 121
Messages: 401

Funny how things happen bunched up. I just added cap_enter() in some program, and it did nothing, except return -1. (After adding the options and rebooting, it returned 0, and things broke here and there as expected).

Shouldn't you be testing it yourself? if (cap_enter()) abort(); ?

Juha

Couldn't help checking, syscall(out_of_range); results in SIGSYS, around 550.
 
Top