Author: pjd
Date: Mon Jun 27 09:10:48 2011
New Revision: 223584
URL: http://svn.freebsd.org/changeset/base/223584
Log:
Log a warning if we cannot sandbox using capsicum, but only under debug level
1.
It would be too noisy to log it as a proper warning as CAPABILITIES are not
compiled into GENERIC by default.
MFC after: 3 days
Modified:
head/sbin/hastd/subr.c
Modified: head/sbin/hastd/subr.c
==============================================================================
--- head/sbin/hastd/subr.c Mon Jun 27 05:57:14 2011 (r223583)
+++ head/sbin/hastd/subr.c Mon Jun 27 09:10:48 2011 (r223584)
@@ -230,9 +230,13 @@ drop_privs(struct hast_resource *res)
* ioctls and secondary uses ioctls to handle BIO_DELETE and BIO_FLUSH.
* For now capsicum is only used to sandbox hastctl.
*/
- if (res == NULL)
+ if (res == NULL) {
capsicum = (cap_enter() == 0);
- else
+ if (!capsicum) {
+ pjdlog_common(LOG_DEBUG, 1, errno,
+ "Unable to sandbox using capsicum");
+ }
+ } else
capsicum = false;
/*
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
