|
Revision tags: release/12.4.0, release/13.1.0, release/12.3.0, release/13.0.0, release/12.2.0, release/11.4.0 |
|
| #
990beb03 |
| 02-Jan-2020 |
Kyle Evans <[email protected]> |
capsicum_helpers: split stream cap bits out of caph_limit_stream()
The goal here is to make it so applications can take the rights one would normally get by calling caph_limit_stream() on a descript
capsicum_helpers: split stream cap bits out of caph_limit_stream()
The goal here is to make it so applications can take the rights one would normally get by calling caph_limit_stream() on a descriptor and build on them as needed.
The tentatively planned use-case is an application that takes a socket and hooks it up to std{err,out,in} for a fork()d child. It may be feasible to apply limitations to such descriptors as long as it's a superset of those normally applied to stdio.
Reviewed by: markj, oshobo (prior version; sans manpage addition) Differential Revision: https://reviews.freebsd.org/D22993
show more ...
|
|
Revision tags: release/12.1.0 |
|
| #
4c1a82ce |
| 05-Sep-2019 |
Emmanuel Vadot <[email protected]> |
pkgbase: Create a FreeBSD-utilities package and make it the default one
The default package use to be FreeBSD-runtime but it should only contain binaries and libs enough to boot to single user and r
pkgbase: Create a FreeBSD-utilities package and make it the default one
The default package use to be FreeBSD-runtime but it should only contain binaries and libs enough to boot to single user and repair the system, it is also very handy to have a package that can be tranform to a small mfsroot. So create a new package named FreeBSD-utilities and make it the default one. Also move a few binaries and lib into this package when it make sense. Reviewed by: bapt, gjb Differential Revision: https://reviews.freebsd.org/D21506
show more ...
|
|
Revision tags: release/11.3.0 |
|
| #
e57d2a07 |
| 12-Dec-2018 |
Mariusz Zaborski <[email protected]> |
libcapsicum: add missing links
Reported by: manu
|
|
Revision tags: release/12.0.0 |
|
| #
5a453d5f |
| 04-Nov-2018 |
Mariusz Zaborski <[email protected]> |
libcapsicum: Introduce caph_{rights,ioctls,fcntls}_limit
The idea behind those functions is not to force consumers to remember that there is a need to check errno on failure. We already have a caph_
libcapsicum: Introduce caph_{rights,ioctls,fcntls}_limit
The idea behind those functions is not to force consumers to remember that there is a need to check errno on failure. We already have a caph_enter(3) function which does the same for cap_enter(2).
MFC after: 2 weeks
show more ...
|
|
Revision tags: release/11.2.0 |
|
| #
8a3255c2 |
| 18-Jun-2018 |
Eitan Adler <[email protected]> |
libcapsicum: adding missing man page links
|
|
Revision tags: release/10.4.0, release/11.1.0 |
|
| #
c3eed03d |
| 05-Oct-2016 |
Mariusz Zaborski <[email protected]> |
Add man pages for Capsicum helpers.
Reviewed by: cem Differential Revision: https://reviews.freebsd.org/D8154
|
| #
7a6e3cf8 |
| 03-Oct-2016 |
Mariusz Zaborski <[email protected]> |
libcapsicum: introduce Capsicum helpers
Capsicum helpers are a set of inline functions which goal is to reduce duplicated patterns used to Capsicumize applications.
Reviewed by: cem, AllanJude, bap
libcapsicum: introduce Capsicum helpers
Capsicum helpers are a set of inline functions which goal is to reduce duplicated patterns used to Capsicumize applications.
Reviewed by: cem, AllanJude, bapt, ed, emaste Differential Revision: https://reviews.freebsd.org/D8013
show more ...
|
|
Revision tags: release/11.0.1, release/11.0.0, release/10.3.0 |
|
| #
a70cba95 |
| 04-Feb-2016 |
Glen Barber <[email protected]> |
First pass through library packaging.
Sponsored by: The FreeBSD Foundation
|
|
Revision tags: release/10.2.0 |
|
| #
18b2ee82 |
| 15-Jun-2015 |
Baptiste Daroussin <[email protected]> |
Revert r284417 it is not necessary anymore
|
| #
4232f826 |
| 15-Jun-2015 |
Baptiste Daroussin <[email protected]> |
Enforce overwritting SHLIBDIR
Since METAMODE has been added, sys.mk loads bsd.mkopt.mk which ends load loading bsd.own.mk which then defines SHLIBDIR before all the Makefile.inc everywhere.
This ma
Enforce overwritting SHLIBDIR
Since METAMODE has been added, sys.mk loads bsd.mkopt.mk which ends load loading bsd.own.mk which then defines SHLIBDIR before all the Makefile.inc everywhere.
This makes /lib being populated again.
Reported by: many
show more ...
|
| #
6b129086 |
| 25-Nov-2014 |
Baptiste Daroussin <[email protected]> |
Convert libraries to use LIBADD While here reduce a bit overlinking
|
|
Revision tags: release/10.1.0, release/9.3.0, release/10.0.0 |
|
| #
0f984a92 |
| 02-Dec-2013 |
Pawel Jakub Dawidek <[email protected]> |
Both libcasper and libcapsicum libraries have to be installed in /lib/, as they are used by /sbin/casperd.
|
| #
42a85952 |
| 02-Dec-2013 |
Pawel Jakub Dawidek <[email protected]> |
Please welcome casperd daemon. It (and its services) will be responsible for giving access to functionality that is not available in capability mode sandbox. The functionality can be precisely restri
Please welcome casperd daemon. It (and its services) will be responsible for giving access to functionality that is not available in capability mode sandbox. The functionality can be precisely restricted.
Start with the following services: - system.dns - provides API compatible to: - gethostbyname(3), - gethostbyname2(3), - gethostbyaddr(3), - getaddrinfo(3), - getnameinfo(3), - system.grp - provides getgrent(3)-compatible API, - system.pwd - provides getpwent(3)-compatible API, - system.random - allows to obtain entropy from /dev/random, - system.sysctl - provides sysctlbyname(3-compatible API.
Sponsored by: The FreeBSD Foundation
show more ...
|