Re: [capsicum] New capability rights api

On Sat, Oct 05, 2013 at 04:46:12PM +0200, Pawel Jakub Dawidek wrote:
> On Wed, Oct 02, 2013 at 10:31:19PM +0200, Joris Giovannangeli wrote:
> > I don't really believe in 2) myself, but it seems to be a concern for
> > the devs I've been talking with. A lot of thing won't scale well, like
> > embedding rights in the filedesc entries, or building a complex rights
> > structure before each call to fget.
> cap_rights_t is extremely simple. The whole cap_rights_init() family of
> functions are designed to never fail, which hugely simplify the code.

Let me back it up with real world example. Take a look at:

And compare page 8 and 9. On page 8 we have code from the time we had
capability rights as simple uint64_t bitmask. On page 9 we have code
using my new API.

Pawel Jakub Dawidek             
FreeBSD committer               
Am I Evil? Yes, I Am!           

Attachment: pgpEMg6dI4nQ2.pgp
Description: PGP signature

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.