DF-0165 / run.2.log
jail() ok: jid=12 (now jailed as uid=0)
=== DF-0165 demo: cap-gated actions inside jail ===
(jail default policy: allow_raw_sockets=0,
vfs_mount_{nullfs,tmpfs,devfs,procfs}=0 -> all should EPERM)
socket(AF_INET, SOCK_RAW, IPPROTO_RAW) [SYSCAP_NONET_RAW]
-> OK fd=3 *** BYPASS ***
mount("tmpfs", /tmp/df0165-mnt-tmpfs) [SYSCAP_NOMOUNT_TMPFS]
-> OK *** BYPASS ***
mount("null", /tmp/df0165-mnt-nullfs) [SYSCAP_NOMOUNT_NULLFS]
-> OK *** BYPASS ***
mount("devfs", /tmp/df0165-mnt-devfs) [SYSCAP_NOMOUNT_DEVFS]
-> OK *** BYPASS ***
mount("procfs", /tmp/df0165-mnt-procfs) [SYSCAP_NOMOUNT_PROCFS]
-> OK *** BYPASS ***
=== end: 5 cap-gated action(s) bypassed jail policy ===