From 009d2032af44e1f71bd17cda89ace46a4df2d2cc Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Thu, 29 Dec 2011 22:48:36 +0000 Subject: [PATCH] Add "options CAPABILITY_MODE" and "options CAPABILITIES" to GENERIC kernel configurations for various architectures in FreeBSD 10.x. This allows basic Capsicum functionality to be used in the default FreeBSD configuration on non-embedded architectures; process descriptors are not yet enabled by default. MFC after: 3 months Sponsored by: Google, Inc --- sys/amd64/conf/GENERIC | 2 ++ sys/i386/conf/GENERIC | 2 ++ sys/ia64/conf/GENERIC | 2 ++ sys/pc98/conf/GENERIC | 2 ++ sys/powerpc/conf/GENERIC | 2 ++ sys/sparc64/conf/GENERIC | 2 ++ 6 files changed, 12 insertions(+) diff --git a/sys/amd64/conf/GENERIC b/sys/amd64/conf/GENERIC index fabdd73617e..059f35fe312 100644 --- a/sys/amd64/conf/GENERIC +++ b/sys/amd64/conf/GENERIC @@ -60,6 +60,8 @@ options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed. options KBD_INSTALL_CDEV # install a CDEV entry in /dev options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) options AUDIT # Security event auditing +options CAPABILITY_MODE # Capsicum capability mode +options CAPABILITIES # Capsicum capabilities options MAC # TrustedBSD MAC Framework #options KDTRACE_FRAME # Ensure frames are compiled in #options KDTRACE_HOOKS # Kernel DTrace hooks diff --git a/sys/i386/conf/GENERIC b/sys/i386/conf/GENERIC index c9b6a185a7a..569b9e1285a 100644 --- a/sys/i386/conf/GENERIC +++ b/sys/i386/conf/GENERIC @@ -61,6 +61,8 @@ options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed. options KBD_INSTALL_CDEV # install a CDEV entry in /dev options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) options AUDIT # Security event auditing +options CAPABILITY_MODE # Capsicum capability mode +options CAPABILITIES # Capsicum capabilities options MAC # TrustedBSD MAC Framework #options KDTRACE_HOOKS # Kernel DTrace hooks options INCLUDE_CONFIG_FILE # Include this file in kernel diff --git a/sys/ia64/conf/GENERIC b/sys/ia64/conf/GENERIC index 542b832a909..a6e0677edb5 100644 --- a/sys/ia64/conf/GENERIC +++ b/sys/ia64/conf/GENERIC @@ -26,6 +26,8 @@ ident GENERIC makeoptions DEBUG=-g # Build kernel with debug information. options AUDIT # Security event auditing +options CAPABILITY_MODE # Capsicum capability mode +options CAPABILITIES # Capsicum capabilities options CD9660 # ISO 9660 Filesystem options COMPAT_FREEBSD7 # Compatible with FreeBSD7 options FFS # Berkeley Fast Filesystem diff --git a/sys/pc98/conf/GENERIC b/sys/pc98/conf/GENERIC index bc2dadb2afd..67f85001c31 100644 --- a/sys/pc98/conf/GENERIC +++ b/sys/pc98/conf/GENERIC @@ -63,6 +63,8 @@ options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions options KBD_INSTALL_CDEV # install a CDEV entry in /dev options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) options AUDIT # Security event auditing +options CAPABILITY_MODE # Capsicum capability mode +options CAPABILITIES # Capsicum capabilities options MAC # TrustedBSD MAC Framework options INCLUDE_CONFIG_FILE # Include this file in kernel diff --git a/sys/powerpc/conf/GENERIC b/sys/powerpc/conf/GENERIC index d0646c3973a..385f7a8b2f9 100644 --- a/sys/powerpc/conf/GENERIC +++ b/sys/powerpc/conf/GENERIC @@ -64,6 +64,8 @@ options SYSVSEM #SYSV-style semaphores options _KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) options AUDIT # Security event auditing +options CAPABILITY_MODE # Capsicum capability mode +options CAPABILITIES # Capsicum capabilities options MAC # TrustedBSD MAC Framework options INCLUDE_CONFIG_FILE # Include this file in kernel diff --git a/sys/sparc64/conf/GENERIC b/sys/sparc64/conf/GENERIC index 667e9e4e13c..5c2a8b4107c 100644 --- a/sys/sparc64/conf/GENERIC +++ b/sys/sparc64/conf/GENERIC @@ -60,6 +60,8 @@ options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed. options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) options AUDIT # Security event auditing +options CAPABILITY_MODE # Capsicum capability mode +options CAPABILITIES # Capsicum capabilities options MAC # TrustedBSD MAC Framework options INCLUDE_CONFIG_FILE # Include this file in kernel