libcasper(3): Correct some warnings found by mandoc- inserting missing end of block: Sh breaks Bl- moving content out of list: Pp- missing comma before name: Nm cap_*- comma in function argument
libcasper(3): Correct some warnings found by mandoc- inserting missing end of block: Sh breaks Bl- moving content out of list: Pp- missing comma before name: Nm cap_*- comma in function argument: cap_*- skipping paragraph macro: Pp after Sh- sections out of conventional order: Sh AUTHORSReviewed by: bcrDifferential Revision: https://reviews.freebsd.org/D31144(cherry picked from commit 3251ad29f4295ad73668a46727c5bbf7bbac0cf7)
show more ...
cap_sysctl.3: Fix bugs in the example- Correct the type of the sysctl value.- Initialize the oldsize parameter to cap_sysctlbyname()Sponsored by: The FreeBSD Foundation(cherry picked from comm
cap_sysctl.3: Fix bugs in the example- Correct the type of the sysctl value.- Initialize the oldsize parameter to cap_sysctlbyname()Sponsored by: The FreeBSD Foundation(cherry picked from commit 44bbda649dc6c1cdc5a99641e14c77157967e140)
libcasper/cap_grp tests: Reset the group database handleSome tests verify that the capgrp capability does not permit calls tosetgrent(3), but all tests need to ensure that they reset thecapabilit
libcasper/cap_grp tests: Reset the group database handleSome tests verify that the capgrp capability does not permit calls tosetgrent(3), but all tests need to ensure that they reset thecapability's group database handle, otherwise the local process andcasper process will be out of sync.The cap_pwd tests already handle this.Sponsored by: The FreeBSD FoundationMFC after: 1 month
fileargs: add support for realpath
fileargs: add tests
cap_sysctl: expose structures and variablesExpose structures and variables that may be used on systemsbuild without Casper support.
casper: convert macros to inline functionsIn libcasper, the first argument to the function is a structure thatrepresents a connection to Casper. On systems without Casper, macrosare used to inter
casper: convert macros to inline functionsIn libcasper, the first argument to the function is a structure thatrepresents a connection to Casper. On systems without Casper, macrosare used to interpose the Casper functions to standard libc ones.This may cause errors/warnings that the variable is not used.With the inline function, there is no such problem.
cap_net: CAPNET_CONNECT and CAPNET_CONNECTDNS are not mutually exclusiveFix the for the CAPNET_CONNECT and CAPNET_CONNECTDNS.Add test to ensure that this is possible.
cap_net: allow to use the service without setting the limitsAdd test to ensure that this is possible.
[libcasper] Update cap_dns API to not trigger unused variable warnings when disabledWhen compiling without casper these API calls result in unused variable warnings.Using #defines was lovely in th
[libcasper] Update cap_dns API to not trigger unused variable warnings when disabledWhen compiling without casper these API calls result in unused variable warnings.Using #defines was lovely in the past but unfortunately it triggers warningswhich can cascade into errors.Instead, just inline with some fallthrough functions and keep things happy.Tested:* gcc-6 targeting mips32, with casper disabledReviewed by: emasteDifferential Revision: https://reviews.freebsd.org/D26762
build: provide a default WARNS for all in-tree buildsThe current default is provided in various Makefile.inc in some top-leveldirectories and covers a good portion of the tree, but doesn't cover p
build: provide a default WARNS for all in-tree buildsThe current default is provided in various Makefile.inc in some top-leveldirectories and covers a good portion of the tree, but doesn't cover partsof the build a little deeper (e.g. libcasper).Provide a default in src.sys.mk and set WARNS to it in bsd.sys.mk if thatvariable is defined. This lets us relatively cleanly provide a default WARNSno matter where you're building in the src tree without breaking thingsoutside of the tree.Crunchgen has been updated as a bootstrap tool to work on this changebecause it needs r365605 at a minimum to succeed. The cleanup necessary tosuccessfully walk over this change on WITHOUT_CLEAN builds has been added.There is a supplemental project to this to list all of the warnings that areencountered when the environment has WARNS=6 NO_WERROR=yes:https://warns.kevans.dev -- this project will hopefully eventually go awayin favor of CI doing a much better job than it.Reviewed by: emaste, brooks, ngie (all earlier version)Reviewed by: emaste, arichardson (depend-cleanup.sh change)Differential Revision: https://reviews.freebsd.org/D26455
libcasper: Introduce cap_net a network service for Casper.Reviewed by: emaste, markj (previous version), bcr (man page)Differential Revision: https://reviews.freebsd.org/D24688
libcasper(3): Document HISTORY within the manpagesReviewed by: bcr (mentor)Approved by: bcr (mentor)MFC after: 7 daysDifferential Revision: https://reviews.freebsd.org/D24695
cap_fileargs: Fix a descriptor leak in the service process.The service handler for fileargs_open() tries to pre-open multiple filesand pass descriptors for each back to the sandboxed process in a
cap_fileargs: Fix a descriptor leak in the service process.The service handler for fileargs_open() tries to pre-open multiple filesand pass descriptors for each back to the sandboxed process in a singlemessage. This is to amortize the cost of round-trips between the twoprocesses.The service process adds a "cache" nvlist to the reply to "open",containing file descriptors for pre-opened files. However, when addingthat nvlist to the reply, it was making a copy, effectively leaking thecached descriptors.While here, fix spelling in a local variable name.PR: 241226Reviewed by: oshogboMFC after: 3 daysSponsored by: The FreeBSD FoundationDifferential Revision: https://reviews.freebsd.org/D25095
cap_dns.3: fix some orphan .Xr linksReported by: phkMFC after: 2 weeks
libcasper(3): Export functions to C++We must wrap C declarations in __BEGIN / __END_DECLS to avoid C++ name-manglingof the declaration when including the C header; name-mangling causes the linker
libcasper(3): Export functions to C++We must wrap C declarations in __BEGIN / __END_DECLS to avoid C++ name-manglingof the declaration when including the C header; name-mangling causes the linkerto attempt to locate the wrong (C++ ABI) symbol name.Reviewed by: markj, oshogbo (earlier version both)Differential Revision: https://reviews.freebsd.org/D24323
libcasper: Constify cap_sysctl_limit_mib() mib parameterNo functional change. Minor API change that is nicer for consumers. ABI isidentical; the routine never needed to modify the pointed to value
libcasper: Constify cap_sysctl_limit_mib() mib parameterNo functional change. Minor API change that is nicer for consumers. ABI isidentical; the routine never needed to modify the pointed to value.Reviewed by: emaste, markjDifferential Revision: https://reviews.freebsd.org/D24319
Update Makefile.depend filesUpdate a bunch of Makefile.depend files asa result of adding Makefile.depend.options filesReviewed by: bdreweryMFC after: 1 weekSponsored by: Juniper NetworksDi
Update Makefile.depend filesUpdate a bunch of Makefile.depend files asa result of adding Makefile.depend.options filesReviewed by: bdreweryMFC after: 1 weekSponsored by: Juniper NetworksDifferential Revision: https://reviews.freebsd.org/D22494
cap_sysctl: correct typo from r347534-ishoperation & ~limit where limit is a bool is clearly not what was intended,given the line prior. Correct it to use the calculated mask for validation.The
cap_sysctl: correct typo from r347534-ishoperation & ~limit where limit is a bool is clearly not what was intended,given the line prior. Correct it to use the calculated mask for validation.The cap_sysctl tests should now be functional again.
pkgbase: Move libcap_ to FreeBSD-runtimeA lot of binaries present in FreeBSD-runtime depend on it so movethe libs there.Reviewed by: bapt, gjbDifferential Revision: https://reviews.freebsd.org/
pkgbase: Move libcap_ to FreeBSD-runtimeA lot of binaries present in FreeBSD-runtime depend on it so movethe libs there.Reviewed by: bapt, gjbDifferential Revision: https://reviews.freebsd.org/D21501
cap_filergs: limit size of the file nameThe limit of the name in fileargs is twice the size of the MAXPATH.The nvlist will not add an element with the longer name.We can detect at this point that
cap_filergs: limit size of the file nameThe limit of the name in fileargs is twice the size of the MAXPATH.The nvlist will not add an element with the longer name.We can detect at this point that the path is too big, and simple returnthe same error as open(2) would.PR: 239700Reported by: markjTested by: markjMFC after: 2 weeks
fileargs: fix formating in EXAMPLESPR: 239523Submitted by: [email protected]
Remove cap_random(3).Now that we have a way to obtain entropy in capability mode(getrandom(2)), libcap_random is obsolete. Remove it.Bump __FreeBSD_version in case anything happens to use it, t
Remove cap_random(3).Now that we have a way to obtain entropy in capability mode(getrandom(2)), libcap_random is obsolete. Remove it.Bump __FreeBSD_version in case anything happens to use it, though I'vefound no consumers.Reviewed by: delphij, emaste, oshogboRelnotes: yesSponsored by: The FreeBSD FoundationDifferential Revision: https://reviews.freebsd.org/D21033
Link fileargs_lstat.3.Sponsored by: The FreeBSD Foundation
fileargs: add wrapping/unwrapping functionsThose function may be useful to pass fileargs connections around.
1234