--bCsyhTFzCvuiizWE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 21, 2014 at 10:45:11PM +0900, KAMADA Ken'ichi wrote: > Hi, >=20 > What is the intended behavior of sendto() with non-NULL destination > when the capability mode is enabled? >=20 > If the capability mode is *not* enabled, it is checked against > CAP_CONNECT in kern_sendit() @ uipc_syscall.c. > This matches the explanation in the rights(4) manual page. >=20 > However, if the capability mode is enabled, it is always > rejected in sendit(). Is this intended? Yes, this is intended. In capabilty mode all access to namespaces is=20 restricted including the IP address namespace. You must either connect your sockets before entereing capabilty mode or use casper to provide connected sockets. -- Brooks --bCsyhTFzCvuiizWE Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iD8DBQFS3rq8XY6L6fI4GtQRApKfAKDlxqHfgGJL/CLL2q3mIJKHWJclCwCgx46d X4F4WJLKyFnLt7AW2zpSfys= =8J8r -----END PGP SIGNATURE----- --bCsyhTFzCvuiizWE--