Capsicum is non-optional as of c24c117b9644 ("Remove
WITHOUT_{CAPSICUM,CASPER} options").
Details
Diff Detail
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
If you don't mind, I'll finally commit some of my move-stuff-to-an-amd64-subdir first, since it's going to be painful to rebase that on top of this.
Mark is going to move some of the files around. Hold off until that happens, since this change is trivial to regenerate.
This is a bit orthogonal to the change I made. I removed the option to build the entire FreeBSD tree without Capsicum, but there could conceivably be a desire to build bhyve without Capsicum. (For example, I think the snapshot code needed Capsicum to be disabled for a while.)
I'm not objecting to the change, just wanted to point out that it's not quite the same thing. BTW I was planning on sweeping the tree to finish the "get rid of MK_CAPSICUM/CASPER" process after 14.0 is released.
For example, I think the snapshot code needed Capsicum to be disabled for a while.
Yes, it did, and that sort of thing is the reason I want to pursue this -- Capsicum is (now) a non-optional part of FreeBSD, and our expectation is that it should be used where appropriate. It's better to think about how to appropriately sandbox new functionality at the time it is being developed, rather than being retrofitted afterwards.