Re: git: f239db4800ee - main - ktrace: Remove CAPFAIL from default trace points
- In reply to: Jake Freeland : "git: f239db4800ee - main - ktrace: Remove CAPFAIL from default trace points"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 24 Apr 2024 11:32:42 UTC
Am 2024-04-24 02:29, schrieb Jake Freeland: > The branch main has been updated by jfree: > > URL: > https://cgit.FreeBSD.org/src/commit/?id=f239db4800ee9e7ff8485f96b7a68e6c38178c3b > > commit f239db4800ee9e7ff8485f96b7a68e6c38178c3b > Author: Jake Freeland <jfree@FreeBSD.org> > AuthorDate: 2024-04-24 00:26:14 +0000 > Commit: Jake Freeland <jfree@FreeBSD.org> > CommitDate: 2024-04-24 00:26:14 +0000 > > ktrace: Remove CAPFAIL from default trace points > > The CAPFAIL tracepoint was recently extended to report ECAPMODE > capability violations for processes that do not enter capability > mode. > This allows developers that are interested in Capsicumizing their > programs to determine where violations are being raised. > > Previously, CAPFAIL only produced output for processes using > Capsicum(4) > capabilties. Thus, most ktrace users never received log output from > the > trace point. With the recent changes, this is no longer the case. > > Having this trace point enabled by default will produce output for > all > processes that use syscalls that are not permitted in capability > mode. > This may lead to confusion for users that are not familiar with the > feature. Remove KTRFAC_CAPFAIL from ktrace's default points to > avoid > this. Thanks for the opt-in instead of the opt-out! I stumbled over this a few hours ago and I can confirm that I was confused at first look... until I remembered a commit message about adding more info in this regard. Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF