Maintained by: NLnet Labs

[Unbound-users] unbound crashing on FreeBSD

Phil Pennock
Thu Jan 30 21:08:22 CET 2014


On 2014-01-30 at 15:52 +0100, W.C.A. Wijngaards wrote:
> From FreeBSD documentation I learned that this errno indicates that
> the capabilities associated with a socket did not permit an operation
> to be performed.  One of the capabilities is the capability to use the
> kqueue socket for kqueue polling.  But no doubt there are also other
> capabilities.  It says capabilities can be reduced but not expanded by
> the program.  This is great, but why does a particular fd have its
> capabilities reduced (unbound does not mess with socket capabilities)?
> 
> I have no idea why the capability reduction happens.  ktrace is
> probably too expensive in its logging fervor?

This is the Capsicum capabilities system; a lot more is available to
read at:
  http://www.cl.cam.ac.uk/research/security/capsicum/

Man-pages specific to the new capabilities system are:
  http://www.freebsd.org/cgi/man.cgi?query=capsicum&sektion=4
  http://www.freebsd.org/cgi/man.cgi?query=rights&sektion=4
and a bunch more linked therefrom.  The full list of capabilities in the
rights(4) manpage, URL just above.

(I haven't looked into this specific issue, just know some background
which _might_ be useful).