libcasper: fix cap_rights_init usageCapability rights passed to cap_rights_* are not simple bitmaks andcannot be ORed together in general (although it will work for certainsubsets of rights).PR
libcasper: fix cap_rights_init usageCapability rights passed to cap_rights_* are not simple bitmaks andcannot be ORed together in general (although it will work for certainsubsets of rights).PR: 277057Fixes: faaf43b2a750 ("fileargs: add tests")Sponsored by: The FreeBSD Foundation(cherry picked from commit 3733d82c4deb49035a39e18744085d1e3e9b8dc5)
show more ...
libcasper: document that most libcasper functions are not thread-safeAnd neither are most libcasper services' functions, because internallythey all use cap_xfer_nvlist. cap_xfer_nvlist sends and
libcasper: document that most libcasper functions are not thread-safeAnd neither are most libcasper services' functions, because internallythey all use cap_xfer_nvlist. cap_xfer_nvlist sends and then receivesdata over a unix domain socket and associated with the cap_channel_targument. So absent synchronization, two threads may not use the samecap_channel_t argument or they risk receiving the other's reply.Sponsored by: AxcientReviewed by: oshogboDifferential Revision: https://reviews.freebsd.org/D42928(cherry picked from commit cf037972ea8863e2bab7461d77345367d2c1e054)
Remove $FreeBSD$: two-line nroff patternRemove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
Remove $FreeBSD$: one-line sh patternRemove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
Remove $FreeBSD$: one-line .c patternRemove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
Remove $FreeBSD$: two-line .h patternRemove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSDThe SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catchup to that fact and revert to their recommended match of
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSDThe SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catchup to that fact and revert to their recommended match of BSD-2-Clause.Discussed with: pfgMFC After: 3 daysSponsored by: Netflix
libcasper: Move helper libraries from /lib/casper to /lib.These libraries are linked to directly by applications rather thanopened at runtime via dlopen().Discussed with: oshogboReviewed by: ma
libcasper: Move helper libraries from /lib/casper to /lib.These libraries are linked to directly by applications rather thanopened at runtime via dlopen().Discussed with: oshogboReviewed by: markj, emasteDifferential Revision: https://reviews.freebsd.org/D39245
cap_fileargs: silence warnings of unused variableWe still want to fetch the variable just to verify that the interfaceis right.Reported by: pstef
libcasper(3): Correct some warnings found by mandoc- inserting missing end of block: Sh breaks Bl- moving content out of list: Pp- missing comma before name: Nm cap_*- comma in function argument
libcasper(3): Correct some warnings found by mandoc- inserting missing end of block: Sh breaks Bl- moving content out of list: Pp- missing comma before name: Nm cap_*- comma in function argument: cap_*- skipping paragraph macro: Pp after Sh- sections out of conventional order: Sh AUTHORSReviewed by: bcrMFC after: 1 weekDifferential Revision: https://reviews.freebsd.org/D31144
fileargs: fix double caching of the same fileIn situations when the current file name wasn't the first element onthe list we were cleaning the current name too early.This might cause us to pre-ca
fileargs: fix double caching of the same fileIn situations when the current file name wasn't the first element onthe list we were cleaning the current name too early.This might cause us to pre-cache the same file twice.
tests: Skip cap_fileargs if build without capsicum capabilitiesApproved by: oshogboSponsored by: NetflixDifferential Revision: https://reviews.freebsd.org/D2834
fileargs: add support for realpath
fileargs: add tests
libcasper(3): Document HISTORY within the manpagesReviewed by: bcr (mentor)Approved by: bcr (mentor)MFC after: 7 daysDifferential Revision: https://reviews.freebsd.org/D24695
cap_fileargs: Fix a descriptor leak in the service process.The service handler for fileargs_open() tries to pre-open multiple filesand pass descriptors for each back to the sandboxed process in a
cap_fileargs: Fix a descriptor leak in the service process.The service handler for fileargs_open() tries to pre-open multiple filesand pass descriptors for each back to the sandboxed process in a singlemessage. This is to amortize the cost of round-trips between the twoprocesses.The service process adds a "cache" nvlist to the reply to "open",containing file descriptors for pre-opened files. However, when addingthat nvlist to the reply, it was making a copy, effectively leaking thecached descriptors.While here, fix spelling in a local variable name.PR: 241226Reviewed by: oshogboMFC after: 3 daysSponsored by: The FreeBSD FoundationDifferential Revision: https://reviews.freebsd.org/D25095
libcasper(3): Export functions to C++We must wrap C declarations in __BEGIN / __END_DECLS to avoid C++ name-manglingof the declaration when including the C header; name-mangling causes the linker
libcasper(3): Export functions to C++We must wrap C declarations in __BEGIN / __END_DECLS to avoid C++ name-manglingof the declaration when including the C header; name-mangling causes the linkerto attempt to locate the wrong (C++ ABI) symbol name.Reviewed by: markj, oshogbo (earlier version both)Differential Revision: https://reviews.freebsd.org/D24323
Update Makefile.depend filesUpdate a bunch of Makefile.depend files asa result of adding Makefile.depend.options filesReviewed by: bdreweryMFC after: 1 weekSponsored by: Juniper NetworksDi
Update Makefile.depend filesUpdate a bunch of Makefile.depend files asa result of adding Makefile.depend.options filesReviewed by: bdreweryMFC after: 1 weekSponsored by: Juniper NetworksDifferential Revision: https://reviews.freebsd.org/D22494
pkgbase: Move libcap_ to FreeBSD-runtimeA lot of binaries present in FreeBSD-runtime depend on it so movethe libs there.Reviewed by: bapt, gjbDifferential Revision: https://reviews.freebsd.org/
pkgbase: Move libcap_ to FreeBSD-runtimeA lot of binaries present in FreeBSD-runtime depend on it so movethe libs there.Reviewed by: bapt, gjbDifferential Revision: https://reviews.freebsd.org/D21501
cap_filergs: limit size of the file nameThe limit of the name in fileargs is twice the size of the MAXPATH.The nvlist will not add an element with the longer name.We can detect at this point that
cap_filergs: limit size of the file nameThe limit of the name in fileargs is twice the size of the MAXPATH.The nvlist will not add an element with the longer name.We can detect at this point that the path is too big, and simple returnthe same error as open(2) would.PR: 239700Reported by: markjTested by: markjMFC after: 2 weeks
fileargs: fix formating in EXAMPLESPR: 239523Submitted by: [email protected]
Link fileargs_lstat.3.Sponsored by: The FreeBSD Foundation
fileargs: add wrapping/unwrapping functionsThose function may be useful to pass fileargs connections around.
[casper] fix compilation when casper is disabled.This triggers an error in gcc-mips 6.4.0 complaining about unused arguments.Tested:* compiled/run on mips32; nothing complained.
cap_fileargs: fix test after r346318Reported by: danfe, mjgMFC after: 3 weeksMFC with: r346315Sponsored by: The FreeBSD Foundation
12