[Unbound-users] unbound crashing on FreeBSD
Phil Pennock
unbound-users+phil at spodhuis.org
Thu Jan 30 20:08:22 UTC 2014
On 2014-01-30 at 15:52 +0100, W.C.A. Wijngaards wrote:
> From FreeBSD documentation I learned that this errno indicates that
> the capabilities associated with a socket did not permit an operation
> to be performed. One of the capabilities is the capability to use the
> kqueue socket for kqueue polling. But no doubt there are also other
> capabilities. It says capabilities can be reduced but not expanded by
> the program. This is great, but why does a particular fd have its
> capabilities reduced (unbound does not mess with socket capabilities)?
>
> I have no idea why the capability reduction happens. ktrace is
> probably too expensive in its logging fervor?
This is the Capsicum capabilities system; a lot more is available to
read at:
http://www.cl.cam.ac.uk/research/security/capsicum/
Man-pages specific to the new capabilities system are:
http://www.freebsd.org/cgi/man.cgi?query=capsicum&sektion=4
http://www.freebsd.org/cgi/man.cgi?query=rights&sektion=4
and a bunch more linked therefrom. The full list of capabilities in the
rights(4) manpage, URL just above.
(I haven't looked into this specific issue, just know some background
which _might_ be useful).
More information about the Unbound-users
mailing list