File Manager

003 File Manager

Current Path: /usr/src/sys/kern

📁 ..
📄 Make.tags.inc(2.13 KB)
📄 Makefile(302 B)
📄 bus_if.m(26.31 KB)
📄 capabilities.conf(13.67 KB)
📄 clock_if.m(1.7 KB)
📄 cpufreq_if.m(2.27 KB)
📄 device_if.m(10.41 KB)
📄 firmw.S(2.15 KB)
📄 genassym.sh(1.11 KB)
📄 genoffset.c(1.68 KB)
📄 genoffset.sh(3.58 KB)
📄 imgact_aout.c(9.45 KB)
📄 imgact_binmisc.c(18.64 KB)
📄 imgact_elf.c(76.32 KB)
📄 imgact_elf32.c(1.47 KB)
📄 imgact_elf64.c(1.47 KB)
📄 imgact_shell.c(8.41 KB)
📄 init_main.c(24.31 KB)
📄 init_sysent.c(95.3 KB)
📄 kern_acct.c(19.03 KB)
📄 kern_alq.c(24.97 KB)
📄 kern_clock.c(21.12 KB)
📄 kern_clocksource.c(23.34 KB)
📄 kern_condvar.c(11.28 KB)
📄 kern_conf.c(36.14 KB)
📄 kern_cons.c(15.75 KB)
📄 kern_context.c(3.59 KB)
📄 kern_cpu.c(30.77 KB)
📄 kern_cpuset.c(59.78 KB)
📄 kern_ctf.c(8.73 KB)
📄 kern_descrip.c(112.87 KB)
📄 kern_dtrace.c(2.94 KB)
📄 kern_dump.c(8.51 KB)
📄 kern_environment.c(22.75 KB)
📄 kern_et.c(7.1 KB)
📄 kern_event.c(62.49 KB)
📄 kern_exec.c(46.67 KB)
📄 kern_exit.c(34.61 KB)
📄 kern_fail.c(29.32 KB)
📄 kern_ffclock.c(12.66 KB)
📄 kern_fork.c(28.29 KB)
📄 kern_hhook.c(13.58 KB)
📄 kern_idle.c(2.74 KB)
📄 kern_intr.c(40.44 KB)
📄 kern_jail.c(112.67 KB)
📄 kern_kcov.c(15.32 KB)
📄 kern_khelp.c(9.45 KB)
📄 kern_kthread.c(11.8 KB)
📄 kern_ktr.c(11.93 KB)
📄 kern_ktrace.c(31.41 KB)
📄 kern_linker.c(54.3 KB)
📄 kern_lock.c(46.99 KB)
📄 kern_lockf.c(64.46 KB)
📄 kern_lockstat.c(3.8 KB)
📄 kern_loginclass.c(6.69 KB)
📄 kern_malloc.c(37.09 KB)
📄 kern_mbuf.c(43.16 KB)
📄 kern_mib.c(24.26 KB)
📄 kern_module.c(11.05 KB)
📄 kern_mtxpool.c(5.82 KB)
📄 kern_mutex.c(33.62 KB)
📄 kern_ntptime.c(32.49 KB)
📄 kern_osd.c(12.37 KB)
📄 kern_physio.c(5.74 KB)
📄 kern_pmc.c(8.89 KB)
📄 kern_poll.c(15.86 KB)
📄 kern_priv.c(9.14 KB)
📄 kern_proc.c(80.01 KB)
📄 kern_procctl.c(19.48 KB)
📄 kern_prot.c(57.94 KB)
📄 kern_racct.c(34.01 KB)
📄 kern_rangelock.c(8.67 KB)
📄 kern_rctl.c(53.87 KB)
📄 kern_resource.c(36.66 KB)
📄 kern_rmlock.c(28.27 KB)
📄 kern_rwlock.c(40.72 KB)
📄 kern_sdt.c(2.05 KB)
📄 kern_sema.c(4.85 KB)
📄 kern_sendfile.c(33.97 KB)
📄 kern_sharedpage.c(10.37 KB)
📄 kern_shutdown.c(43.34 KB)
📄 kern_sig.c(101.89 KB)
📄 kern_switch.c(13.85 KB)
📄 kern_sx.c(40.27 KB)
📄 kern_synch.c(18.17 KB)
📄 kern_syscalls.c(6.74 KB)
📄 kern_sysctl.c(67.24 KB)
📄 kern_tc.c(55.73 KB)
📄 kern_thr.c(14.14 KB)
📄 kern_thread.c(41.75 KB)
📄 kern_time.c(40.89 KB)
📄 kern_timeout.c(43.08 KB)
📄 kern_tslog.c(3.44 KB)
📄 kern_ubsan.c(50.74 KB)
📄 kern_umtx.c(107.14 KB)
📄 kern_uuid.c(11.68 KB)
📄 kern_xxx.c(10.44 KB)
📄 ksched.c(6.56 KB)
📄 link_elf.c(47.99 KB)
📄 link_elf_obj.c(44.41 KB)
📄 linker_if.m(3.96 KB)
📄 makesyscalls.sh(23.57 KB)
📄 md4c.c(7.89 KB)
📄 md5c.c(9.56 KB)
📄 msi_if.m(2.48 KB)
📄 p1003_1b.c(8.84 KB)
📄 pic_if.m(3.9 KB)
📄 posix4_mib.c(5.59 KB)
📄 sched_4bsd.c(45.03 KB)
📄 sched_ule.c(82.65 KB)
📄 serdev_if.m(3.49 KB)
📄 stack_protector.c(613 B)
📄 subr_acl_nfs4.c(37.42 KB)
📄 subr_acl_posix1e.c(17.71 KB)
📄 subr_atomic64.c(3.97 KB)
📄 subr_autoconf.c(7.7 KB)
📄 subr_blist.c(31.88 KB)
📄 subr_boot.c(5.8 KB)
📄 subr_bufring.c(2.21 KB)
📄 subr_bus.c(145.4 KB)
📄 subr_bus_dma.c(19.67 KB)
📄 subr_busdma_bufalloc.c(5.24 KB)
📄 subr_capability.c(11.93 KB)
📄 subr_clock.c(10.61 KB)
📄 subr_compressor.c(13.11 KB)
📄 subr_counter.c(4.44 KB)
📄 subr_coverage.c(6.17 KB)
📄 subr_csan.c(25.39 KB)
📄 subr_devmap.c(9.8 KB)
📄 subr_devstat.c(16.21 KB)
📄 subr_disk.c(8.54 KB)
📄 subr_dummy_vdso_tc.c(1.7 KB)
📄 subr_early.c(2.26 KB)
📄 subr_epoch.c(25.02 KB)
📄 subr_eventhandler.c(9.17 KB)
📄 subr_fattime.c(9.98 KB)
📄 subr_filter.c(12.2 KB)
📄 subr_firmware.c(13.88 KB)
📄 subr_gtaskqueue.c(20.19 KB)
📄 subr_hash.c(4.8 KB)
📄 subr_hints.c(12.87 KB)
📄 subr_intr.c(40.61 KB)
📄 subr_kdb.c(16.13 KB)
📄 subr_kobj.c(7.1 KB)
📄 subr_lock.c(18.81 KB)
📄 subr_log.c(7.64 KB)
📄 subr_mchain.c(11.06 KB)
📄 subr_module.c(12.98 KB)
📄 subr_msgbuf.c(10.6 KB)
📄 subr_param.c(10.93 KB)
📄 subr_pcpu.c(10.18 KB)
📄 subr_pctrie.c(20.99 KB)
📄 subr_physmem.c(11.52 KB)
📄 subr_pidctrl.c(5.43 KB)
📄 subr_power.c(3.13 KB)
📄 subr_prf.c(27.42 KB)
📄 subr_prng.c(3.36 KB)
📄 subr_prof.c(15.43 KB)
📄 subr_rangeset.c(8.5 KB)
📄 subr_rman.c(27.61 KB)
📄 subr_rtc.c(11.42 KB)
📄 subr_sbuf.c(20.53 KB)
📄 subr_scanf.c(15.59 KB)
📄 subr_sfbuf.c(6.17 KB)
📄 subr_sglist.c(22.83 KB)
📄 subr_sleepqueue.c(39.43 KB)
📄 subr_smp.c(31.62 KB)
📄 subr_smr.c(20.17 KB)
📄 subr_stack.c(6.47 KB)
📄 subr_stats.c(103.01 KB)
📄 subr_syscall.c(7.98 KB)
📄 subr_taskqueue.c(21.1 KB)
📄 subr_terminal.c(15.52 KB)
📄 subr_trap.c(10.87 KB)
📄 subr_turnstile.c(35.58 KB)
📄 subr_uio.c(11.38 KB)
📄 subr_unit.c(22.97 KB)
📄 subr_vmem.c(43.25 KB)
📄 subr_witness.c(84.59 KB)
📄 sys_capability.c(15.06 KB)
📄 sys_eventfd.c(8.42 KB)
📄 sys_generic.c(44.22 KB)
📄 sys_getrandom.c(4.21 KB)
📄 sys_pipe.c(45.14 KB)
📄 sys_procdesc.c(14.57 KB)
📄 sys_process.c(30.73 KB)
📄 sys_socket.c(20.11 KB)
📄 syscalls.c(22.73 KB)
📄 syscalls.master(60.26 KB)
📄 systrace_args.c(178.49 KB)
📄 sysv_ipc.c(6.53 KB)
📄 sysv_msg.c(48.65 KB)
📄 sysv_sem.c(49.85 KB)
📄 sysv_shm.c(43.93 KB)
📄 tty.c(55.14 KB)
📄 tty_compat.c(11.46 KB)
📄 tty_info.c(9.93 KB)
📄 tty_inq.c(12.22 KB)
📄 tty_outq.c(8.74 KB)
📄 tty_pts.c(19.74 KB)
📄 tty_tty.c(2.83 KB)
📄 tty_ttydisc.c(28.6 KB)
📄 uipc_accf.c(8.07 KB)
📄 uipc_debug.c(12.42 KB)
📄 uipc_domain.c(13.13 KB)
📄 uipc_ktls.c(55.7 KB)
📄 uipc_mbuf.c(52.45 KB)
📄 uipc_mbuf2.c(12.64 KB)
📄 uipc_mbufhash.c(4.9 KB)
📄 uipc_mqueue.c(64.64 KB)
📄 uipc_sem.c(25.18 KB)
📄 uipc_shm.c(50.47 KB)
📄 uipc_sockbuf.c(42.9 KB)
📄 uipc_socket.c(110.61 KB)
📄 uipc_syscalls.c(35.94 KB)
📄 uipc_usrreq.c(75.11 KB)
📄 vfs_acl.c(14.5 KB)
📄 vfs_aio.c(76.32 KB)
📄 vfs_bio.c(145.39 KB)
📄 vfs_cache.c(143.09 KB)
📄 vfs_cluster.c(28.36 KB)
📄 vfs_default.c(33.16 KB)
📄 vfs_export.c(14.55 KB)
📄 vfs_extattr.c(17.91 KB)
📄 vfs_hash.c(6 KB)
📄 vfs_init.c(15.86 KB)
📄 vfs_lookup.c(45.48 KB)
📄 vfs_mount.c(62.58 KB)
📄 vfs_mountroot.c(26.23 KB)
📄 vfs_subr.c(167.52 KB)
📄 vfs_syscalls.c(106.86 KB)
📄 vfs_vnops.c(86.28 KB)
📄 vnode_if.src(13.66 KB)

Editing: capabilities.conf

##
## Copyright (c) 2008-2010 Robert N. M. Watson
## All rights reserved.
##
## This software was developed at the University of Cambridge Computer
## Laboratory with support from a grant from Google, Inc.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted provided that the following conditions
## are met:
## 1. Redistributions of source code must retain the above copyright
##    notice, this list of conditions and the following disclaimer.
## 2. Redistributions in binary form must reproduce the above copyright
##    notice, this list of conditions and the following disclaimer in the
##    documentation and/or other materials provided with the distribution.
##
## THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
## ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
## ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
## FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
## DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
## OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
## OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
## SUCH DAMAGE.
##
## List of system calls enabled in capability mode, one name per line.
##
## System calls listed here operate either fully or partially in the absence
## of global namespaces or ambient authority.  In capability mode system calls
## that operate only on global namespaces or require ambient authority have no
## utility and thus are not permitted.
##
## Notes:
## - sys_exit(2), abort2(2) and close(2) are very important.
## - Sorted alphabetically, please keep it that way.
##
## $FreeBSD$
##

##
## Allow ACL and MAC label operations by file descriptor, subject to
## capability rights.  Allow MAC label operations on the current process but
## we will need to scope __mac_get_pid(2).
##
__acl_aclcheck_fd
__acl_delete_fd
__acl_get_fd
__acl_set_fd
__mac_get_fd
#__mac_get_pid
__mac_get_proc
__mac_set_fd
__mac_set_proc

##
## Allow creating special file descriptors like eventfd(2).
##
__specialfd

##
## Allow sysctl(2) as we scope internal to the call; this is a global
## namespace, but there are several critical sysctls required for almost
## anything to run, such as hw.pagesize.  For now that policy lives in the
## kernel for performance and simplicity, but perhaps it could move to a
## proxying daemon in userspace.
##
__sysctl
__sysctlbyname

##
## Allow umtx operations as these are scoped by address space.
##
## XXRW: Need to check this very carefully.
##
_umtx_op

##
## Allow process termination using abort2(2).
##
abort2

##
## Allow accept(2) since it doesn't manipulate namespaces directly, rather
## relies on existing bindings on a socket, subject to capability rights.
##
accept
accept4

##
## Allow AIO operations by file descriptor, subject to capability rights.
##
aio_cancel
aio_error
aio_fsync
aio_read
aio_return
aio_suspend
aio_waitcomplete
aio_write
aio_writev
aio_readv

##
## audit(2) is a global operation, submitting to the global trail, but it is
## controlled by privilege, and it might be useful to be able to submit
## records from sandboxes.  For now, disallow, but we may want to think about
## providing some sort of proxy service for this.
##
#audit

##
## Allow bindat(2).
##
bindat

##
## Allow capability mode and capability system calls.
##
cap_enter
cap_fcntls_get
cap_fcntls_limit
cap_getmode
cap_ioctls_get
cap_ioctls_limit
__cap_rights_get
cap_rights_limit

##
## Allow read-only clock operations.
##
clock_getres
clock_gettime

##
## Always allow file descriptor close(2).
##
close
close_range
closefrom

##
## Allow connectat(2).
##
connectat

##
## copy_file_range(2) reads from one descriptor and writes to the other.
##
copy_file_range

##
## cpuset(2) and related calls are limited to caller's own process/thread.
##
#cpuset
cpuset_getaffinity
cpuset_getdomain
#cpuset_getid
cpuset_setaffinity
cpuset_setdomain
#cpuset_setid

##
## Always allow dup(2) and dup2(2) manipulation of the file descriptor table.
##
dup
dup2

##
## Allow extended attribute operations by file descriptor, subject to
## capability rights.
##
extattr_delete_fd
extattr_get_fd
extattr_list_fd
extattr_set_fd

##
## Allow changing file flags, mode, and owner by file descriptor, subject to
## capability rights.
##
fchflags
fchmod
fchown

##
## For now, allow fcntl(2), subject to capability rights, but this probably
## needs additional scoping.
##
fcntl

##
## Allow fexecve(2), subject to capability rights.  We perform some scoping,
## such as disallowing privilege escalation.
##
fexecve

##
## Allow flock(2), subject to capability rights.
##
flock

##
## Allow fork(2), even though it returns pids -- some applications seem to
## prefer this interface.
##
fork

##
## Allow fpathconf(2), subject to capability rights.
##
fpathconf

##
## Allow various file descriptor-based I/O operations, subject to capability
## rights.
##
freebsd11_fstat
freebsd11_fstatat
freebsd11_getdirentries
freebsd11_fstatfs
freebsd11_mknodat
freebsd6_ftruncate
freebsd6_lseek
freebsd6_mmap
freebsd6_pread
freebsd6_pwrite

##
## Allow querying file and file system state with fstat(2) and fstatfs(2),
## subject to capability rights.
##
fstat
fstatfs

##
## Allow further file descriptor-based I/O operations, subject to capability
## rights.
##
fdatasync
fsync
ftruncate

##
## Allow futimens(2) and futimes(2), subject to capability rights.
##
futimens
futimes

##
## Allow querying process audit state, subject to normal access control.
##
getaudit
getaudit_addr
getauid

##
## Allow thread context management with getcontext(2).
##
getcontext

##
## Allow directory I/O on a file descriptor, subject to capability rights.
## Originally we had separate capabilities for directory-specific read
## operations, but on BSD we allow reading the raw directory data, so we just
## rely on CAP_READ now.
##
getdents
getdirentries

##
## Allow querying certain trivial global state.
##
getdomainname

##
## Allow querying certain per-process resource limit state.
##
getdtablesize

##
## Allow querying current process credential state.
##
getegid
geteuid

##
## Allow querying certain trivial global state.
##
gethostid
gethostname

##
## Allow querying per-process timer.
##
getitimer

##
## Allow querying current process credential state.
##
getgid
getgroups
getlogin
getloginclass

##
## Allow querying certain trivial global state.
##
getpagesize
getpeername

##
## Allow querying certain per-process scheduling, resource limit, and
## credential state.
##
## XXXRW: getpgid(2) needs scoping.  It's not clear if it's worth scoping
## getppid(2).  getpriority(2) needs scoping.  getrusage(2) needs scoping.
## getsid(2) needs scoping.
##
getpgid
getpgrp
getpid
getppid
getpriority
getresgid
getresuid
getrlimit
getrusage
getsid

##
## Allow getrandom
##
getrandom

##
## Allow querying socket state, subject to capability rights.
##
## XXXRW: getsockopt(2) may need more attention.
##
getsockname
getsockopt

##
## Allow querying the global clock.
##
gettimeofday

##
## Allow querying current process credential state.
##
getuid

##
## Allow ioctl(2), which hopefully will be limited by applications only to
## required commands with cap_ioctls_limit(2) syscall.
##
ioctl

##
## Allow querying current process credential state.
##
issetugid

##
## Allow kevent(2), as we will authorize based on capability rights on the
## target descriptor.
##
kevent

##
## Allow kill(2), as we allow the process to send signals only to himself.
##
kill

##
## Allow message queue operations on file descriptors, subject to capability
## rights.
## NOTE: Corresponding sysents are initialized in sys/kern/uipc_mqueue.c with
## SYF_CAPENABLED.
##
kmq_notify
kmq_setattr
kmq_timedreceive
kmq_timedsend

##
## Allow kqueue(2), we will control use.
##
kqueue

##
## Allow managing per-process timers.
##
ktimer_create
ktimer_delete
ktimer_getoverrun
ktimer_gettime
ktimer_settime

##
## We can't allow ktrace(2) because it relies on a global namespace, but we
## might want to introduce an fktrace(2) of some sort.
##
#ktrace

##
## Allow AIO operations by file descriptor, subject to capability rights.
##
lio_listio

##
## Allow listen(2), subject to capability rights.
##
## XXXRW: One might argue this manipulates a global namespace.
##
listen

##
## Allow I/O-related file descriptors, subject to capability rights.
##
lseek

##
## Allow simple VM operations on the current process.
##
madvise
mincore
minherit
mlock
mlockall

##
## Allow memory mapping a file descriptor, and updating protections, subject
## to capability rights.
##
mmap
mprotect

##
## Allow simple VM operations on the current process.
##
msync
munlock
munlockall
munmap

##
## Allow the current process to sleep.
##
nanosleep

##
## Allow querying the global clock.
##
ntp_gettime

##
## Allow AIO operations by file descriptor, subject to capability rights.
##
oaio_read
oaio_write

##
## Allow simple VM operations on the current process.
##
break

##
## Allow AIO operations by file descriptor, subject to capability rights.
##
olio_listio

##
## Operations relative to directory capabilities.
##
chflagsat
faccessat
fchmodat
fchownat
fstatat
futimesat
linkat
mkdirat
mkfifoat
mknodat
openat
readlinkat
renameat
symlinkat
unlinkat
funlinkat
utimensat

##
## Process descriptor-related system calls are allowed.
##
pdfork
pdgetpid
pdkill
#pdwait4	# not yet implemented

##
## Allow pipe(2).
##
pipe
pipe2

##
## Allow poll(2), which will be scoped by capability rights.
##
poll
ppoll

##
## Allow I/O-related file descriptors, subject to capability rights.
##
posix_fallocate
pread
preadv

##
## Allow access to profiling state on the current process.
##
profil

##
## Disallow ptrace(2) for now, but we do need debugging facilities in
## capability mode, so we will want to revisit this, possibly by scoping its
## operation.
##
#ptrace

##
## Allow I/O-related file descriptors, subject to capability rights.
##
pwrite
pwritev
read
readv
recv
recvfrom
recvmsg

##
## Allow real-time scheduling primitives to be used.
##
## XXXRW: These require scoping.
##
rtprio
rtprio_thread

##
## Allow simple VM operations on the current process.
##
sbrk

##
## Allow querying trivial global scheduler state.
##
sched_get_priority_max
sched_get_priority_min

##
## Allow various thread/process scheduler operations.
##
## XXXRW: Some of these require further scoping.
##
sched_getparam
sched_getscheduler
sched_rr_get_interval
sched_setparam
sched_setscheduler
sched_yield

##
## Allow I/O-related file descriptors, subject to capability rights.
## NOTE: Corresponding sysents are initialized in sys/netinet/sctp_syscalls.c
## with SYF_CAPENABLED.
##
sctp_generic_recvmsg
sctp_generic_sendmsg
sctp_generic_sendmsg_iov
sctp_peeloff

##
## Allow pselect(2) and select(2), which will be scoped by capability rights.
##
## XXXRW: But is it?
##
pselect
select

##
## Allow I/O-related file descriptors, subject to capability rights.  Use of
## explicit addresses here is restricted by the system calls themselves.
##
send
sendfile
sendmsg
sendto

##
## Allow setting per-process audit state, which is controlled separately by
## privileges.
##
setaudit
setaudit_addr
setauid

##
## Allow setting thread context.
##
setcontext

##
## Allow setting current process credential state, which is controlled
## separately by privilege.
##
setegid
seteuid
setgid

##
## Allow use of the process interval timer.
##
setitimer

##
## Allow setpriority(2).
##
## XXXRW: Requires scoping.
##
setpriority

##
## Allow setting current process credential state, which is controlled
## separately by privilege.
##
setregid
setresgid
setresuid
setreuid

##
## Allow setting process resource limits with setrlimit(2).
##
setrlimit

##
## Allow creating a new session with setsid(2).
##
setsid

##
## Allow setting socket options with setsockopt(2), subject to capability
## rights.
##
## XXXRW: Might require scoping.
##
setsockopt

##
## Allow setting current process credential state, which is controlled
## separately by privilege.
##
setuid

##
## shm_open(2) is scoped so as to allow only access to new anonymous objects.
##
shm_open
shm_open2

##
## Allow I/O-related file descriptors, subject to capability rights.
##
shutdown

##
## Allow signal control on current process.
##
sigaction
sigaltstack
sigblock
sigfastblock
sigpending
sigprocmask
sigqueue
sigreturn
sigsetmask
sigstack
sigsuspend
sigtimedwait
sigvec
sigwaitinfo
sigwait

##
## Allow creating new socket pairs with socket(2) and socketpair(2).
##
socket
socketpair

##
## Allow simple VM operations on the current process.
##
## XXXRW: Kernel doesn't implement this, so drop?
##
sstk

##
## Do allow sync(2) for now, but possibly shouldn't.
##
sync

##
## Always allow process termination with sys_exit(2).
##
sys_exit

##
## sysarch(2) does rather diverse things, but is required on at least i386
## in order to configure per-thread data.  As such, it's scoped on each
## architecture.
##
sysarch

##
## Allow thread operations operating only on current process.
##
thr_create
thr_exit
thr_kill

##
## Disallow thr_kill2(2), as it may operate beyond the current process.
##
## XXXRW: Requires scoping.
##
#thr_kill2

##
## Allow thread operations operating only on current process.
##
thr_new
thr_self
thr_set_name
thr_suspend
thr_wake

##
## Allow manipulation of the current process umask with umask(2).
##
umask

##
## Allow submitting of process trace entries with utrace(2).
##
utrace

##
## Allow generating UUIDs with uuidgen(2).
##
uuidgen

##
## Allow I/O-related file descriptors, subject to capability rights.
##
write
writev

##
## Allow processes to yield(2).
##
yield

003 File Manager

Editing: capabilities.conf

Upload File

Create Folder