From: Paul Floyd Date: Thu, 21 Aug 2025 06:44:04 +0000 (+0200) Subject: FreeeBSD readme: add a section on Capsicum mode X-Git-Tag: VALGRIND_3_26_0~222 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=acfcc69db73e1ded855441037ad52674f8ad7288;p=thirdparty%2Fvalgrind.git FreeeBSD readme: add a section on Capsicum mode --- diff --git a/README.freebsd b/README.freebsd index 799543fe3..ef850513e 100644 --- a/README.freebsd +++ b/README.freebsd @@ -186,6 +186,50 @@ git history. You can also look at https://docs.freebsd.org/en/books/porters-handbook/versions/ +Capsicum enabled applications +----------------------------- +Valgrind will not work well with Capsicum enabled applications. As an example, +if you run + +valgrind --tool=massif echo hello + +you will get something like this in the output: + +==66088== +==66088== WARNING: Valgrind may not operate correctly in capability mode. +==66088== Please consider disabling capability by using the RUNNING_ON_VALGRIND mechanism. +==66088== See http://valgrind.org/docs/manual/manual-core-adv.html#manual-core-adv.clientreq +hello +==66088== +==66088== Error: can not open xtree output file `/home/paulf/massif.out.66088' + +Additionally capabilities mode can affect how the kernel uses syscall +parameters. An example of this is the fd argument of the *at() syscall +family. In capability mode fd must not be AT_FDCWD. The consequence +of this is that we ought do adapt the syscall parameter checking depending +on whether the guest is running in capability mode or not. Since we do not +recommend running Capsicum enabled applications under Valgrind the checks +are not adapted to to capability mode. Not to mention that adding checks +for this would add a lot of complexity to these syscall wrappers + +One way that you might conditionally disable capabilities in your code as the +above warning suggests is to do as follows. + +#if !defined(NDEBUG) +#include +#endif + +void do_capsicum_setup(void); // contains capabilities code + +#if !defined(NDEBUG) + if (!RUNNING_ON_VALGRIND) + { +#endif + do_capsicum_setup(); +#if !defined(NDEBUG) + } +#endif + Feedback ~~~~~~~~