pkgbase: Move libcap_ to FreeBSD-runtime

A lot of binaries present in FreeBSD-runtime depend on it so move
the libs there.

Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/

pkgbase: Move libcap_ to FreeBSD-runtime

A lot of binaries present in FreeBSD-runtime depend on it so move
the libs there.

Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/D21501

show more ...

Add cap_sysctl(3) and cap_sysctlnametomib(3).

These complement cap_sysctlbyname(3) to provide a drop-in
replacement for the corresponding libc functions.

Also revise the libcap_sysctl limit interfa

Add cap_sysctl(3) and cap_sysctlnametomib(3).

These complement cap_sysctlbyname(3) to provide a drop-in
replacement for the corresponding libc functions.

Also revise the libcap_sysctl limit interface to provide access
to sysctls by MIB, and to avoid direct manipulation of nvlists
by the caller.

Reviewed by: oshogbo
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17854

show more ...

Fix reference to man page in Makefile.
I broke it in r331120.

Document the sysctl Casper service.

PR: 226102
Reviewed by: bcr@
Differential Revision: https://reviews.freebsd.org/D14606

Introduce channel flags in libcasper.

Instead of passing flags (which describe a type of nvlist)
every send/recv we remember them in channel.
It's enough for use to extract them only during unwrap.

Introduce channel flags in libcasper.

Instead of passing flags (which describe a type of nvlist)
every send/recv we remember them in channel.
It's enough for use to extract them only during unwrap.
This simplify use of Casper.

Reviewed by: bruffer@, bcr@ (both man page)
Differential Revision: https://reviews.freebsd.org/D14196 (man page)

show more ...

Casper work's only as shared library - disable building static ones.

Reviewed by: bdrewery@
Differential Revision: https://reviews.freebsd.org/D12917

Introduce caspermocks.

The idea behinds mocks is that we don't need to ifdef a lot of code in
tools itself but those defines are hidden in the casper library.
Right now the mocks are implemented as

Introduce caspermocks.

The idea behinds mocks is that we don't need to ifdef a lot of code in
tools itself but those defines are hidden in the casper library.
Right now the mocks are implemented as define/inlines functions.
There was a very long discussion how this should be implemented.
This approach has some advantages like we don't need to link to any additional
libraries. Unfortunately there are also some disadvantages for example it is
easy to get library out of sync between two versions of functions or that we
need extra define to compile program with casper support.
This isn't an ideal solution but it's good enough for now and should simplify
capsicumizing programs. This also doesn't close us any other ways to do those
mocks and this should evolve in time.

Discussed with: pjd, emaste, ed, rwatson, bapt, cem, bdrewery
Differential Revision: https://reviews.freebsd.org/D8753

show more ...

Add HAS_TESTS to all Makefiles that are currently using the
`SUBDIR.${MK_TESTS}+= tests` idiom.

This is a follow up to r321912.

Convert traditional ${MK_TESTS} conditional idiom for including test
directories to SUBDIR.${MK_TESTS} idiom

This is being done to pave the way for future work (and homogenity) in
^/projects/make-ch

Convert traditional ${MK_TESTS} conditional idiom for including test
directories to SUBDIR.${MK_TESTS} idiom

This is being done to pave the way for future work (and homogenity) in
^/projects/make-check-sandbox .

No functional change intended.

MFC after: 1 weeks

show more ...

Set SHLIBDIR before .including src.opts.mk in libcapser services

bsd.own.mk (included from src.opts.mk) sets SHLIBDIR?=${LIBDIR}, so
SHLIBDIR must be set before including either one of them.

MFC wi

Set SHLIBDIR before .including src.opts.mk in libcapser services

bsd.own.mk (included from src.opts.mk) sets SHLIBDIR?=${LIBDIR}, so
SHLIBDIR must be set before including either one of them.

MFC with: 305626
Sponsored by: The FreeBSD Foundation

show more ...

Move libcasper tests from regression/capsicum/libcasper/ to
lib/libcasper/service/${service_name}/tests.

Reviewed by: emaste, ngie
Differential Revision: https://reviews.freebsd.org/D7759

Remove unneeded lines.

- WARNS can be inherited from lib/Makefile.inc
- CFLAGS referred to a non-existent directory and this shouldn't be needed
anyhow due to the build picking up includes from WO

Remove unneeded lines.

- WARNS can be inherited from lib/Makefile.inc
- CFLAGS referred to a non-existent directory and this shouldn't be needed
anyhow due to the build picking up includes from WORLDTMP.

Sponsored by: EMC / Isilon Storage Division

show more ...

Convert casperd(8) daemon to the libcasper.
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We

Convert casperd(8) daemon to the libcasper.
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.

Discussed with: pjd, jonathan, ed, [email protected], emaste
Partially reviewed by: [email protected], bdrewery
Approved by: pjd (mentor)
Differential Revision: https://reviews.freebsd.org/D4277

show more ...