aboutsummaryrefslogtreecommitdiff
path: root/lib/libcasper
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix reference to man page in Makefile.Mariusz Zaborski2018-03-181-1/+1
| | | | | | | I broke it in r331120. Notes: svn path=/head/; revision=331137
* Fix similar typos to r331124.Mariusz Zaborski2018-03-183-4/+4
| | | | Notes: svn path=/head/; revision=331125
* Fix typo.Mariusz Zaborski2018-03-181-1/+1
| | | | | | | Submitted by: Trond Endrestøl <Trond.Endrestol@ximalas.info> Notes: svn path=/head/; revision=331124
* Update libcasper references to all new man pages.Mariusz Zaborski2018-03-181-53/+9
| | | | | | | | | | | | Remove obsolete example. All services has they own example. This example also show old type of limiting method which is not recommended to use. Reviewed by: bcr@ Differential Revision: https://reviews.freebsd.org/D14607 Notes: svn path=/head/; revision=331121
* Document the sysctl Casper service.Mariusz Zaborski2018-03-182-0/+148
| | | | | | | | | PR: 226102 Reviewed by: bcr@ Differential Revision: https://reviews.freebsd.org/D14606 Notes: svn path=/head/; revision=331120
* Document the pwd Casper service.Mariusz Zaborski2018-03-182-0/+250
| | | | | | | | | PR: 226102 Reviewed by: bcr@ Differential Revision: https://reviews.freebsd.org/D14605 Notes: svn path=/head/; revision=331119
* nv was moved to the 9 section.Mariusz Zaborski2018-02-265-14/+14
| | | | | | | Fix reference to it. Notes: svn path=/head/; revision=330031
* Fix typo.Mariusz Zaborski2018-02-261-2/+2
| | | | Notes: svn path=/head/; revision=330025
* Fix reference to nvlist in man pages.Mariusz Zaborski2018-02-242-10/+21
| | | | | | | | | Reviewed by: @bcr @brueffer Pointed out by: @brueffer Differential Revision: https://reviews.freebsd.org/D14410 Notes: svn path=/head/; revision=329912
* Introduce channel flags in libcasper.Mariusz Zaborski2018-02-1720-75/+143
| | | | | | | | | | | | | Instead of passing flags (which describe a type of nvlist) every send/recv we remember them in channel. It's enough for use to extract them only during unwrap. This simplify use of Casper. Reviewed by: bruffer@, bcr@ (both man page) Differential Revision: https://reviews.freebsd.org/D14196 (man page) Notes: svn path=/head/; revision=329452
* Document the need for WITH_CASPER.Mark Johnston2018-02-051-1/+2
| | | | | | | | After r325062, consumers need to define WITH_CASPER for libcasper to function as expected. Notes: svn path=/head/; revision=328891
* The name of the library is exactly the same like one of name the name of theMariusz Zaborski2018-01-291-1/+0
| | | | | | | | | | | functions. We should not create MLINKS for that one, because it's break a build. Submitted by: lwhsu@ Notes: svn path=/head/; revision=328532
* Document the syslog Casper service.Mariusz Zaborski2018-01-292-0/+116
| | | | | | | | Reviewed by: bcr@ Differential Revision: https://reviews.freebsd.org/D14084 Notes: svn path=/head/; revision=328531
* Add cap_random.3 to build system.Mariusz Zaborski2018-01-271-0/+5
| | | | | | | This should be done with r328494. Notes: svn path=/head/; revision=328498
* Fix caspermock - the cap_recv_nvlist should return nvlist.Mariusz Zaborski2018-01-271-1/+1
| | | | Notes: svn path=/head/; revision=328496
* Document the random Casper service.Mariusz Zaborski2018-01-271-0/+98
| | | | | | | | Reviewed by: bcr@ Differential Revision: https://reviews.freebsd.org/D14072 Notes: svn path=/head/; revision=328494
* Add SPDX tags for libcasper(3) and services.Mariusz Zaborski2018-01-2719-0/+38
| | | | | | | MFC after: 2 weeks Notes: svn path=/head/; revision=328473
* Document the grp Casper service.Mariusz Zaborski2018-01-272-0/+244
| | | | | | | | Reviewed by: brueffer@, bcr@ Differential Revision: https://reviews.freebsd.org/D13821 Notes: svn path=/head/; revision=328471
* Fix markup.Mariusz Zaborski2018-01-101-2/+2
| | | | Notes: svn path=/head/; revision=327759
* Document the DNS Casper service.Mariusz Zaborski2018-01-082-0/+215
| | | | | | | | Reviewed by: brueffer@, bcr@ Differential Revision: https://reviews.freebsd.org/D13762 Notes: svn path=/head/; revision=327689
* Build service tests with Casper support.Mariusz Zaborski2018-01-054-0/+4
| | | | Notes: svn path=/head/; revision=327583
* cap_unwrap should return a descriptor but also free the structure.Mariusz Zaborski2018-01-041-1/+9
| | | | Notes: svn path=/head/; revision=327541
* Add missing macro in man page.Mariusz Zaborski2018-01-041-2/+3
| | | | | | | Reported by: brueffer@ Notes: svn path=/head/; revision=327539
* Document services which we have in libcasper.Mariusz Zaborski2018-01-031-1/+24
| | | | | | | | Reviewed by: bcr@ Differential Revision: https://reviews.freebsd.org/D13734 Notes: svn path=/head/; revision=327511
* Introduce syslog service for Casper.Mariusz Zaborski2017-11-124-0/+278
| | | | | | | | | | | | | | syslog in libc secretly reconnects to the daemon. Another issue is that we don't have any information from openlog(3) if we succeeded to open log or not so we don't know if we are ready to enter cabability mode. Because all of that we decided we need a syslog service for Caspser. Reviewed by: bapt@ Differential Revision: https://reviews.freebsd.org/D12824 Notes: svn path=/head/; revision=325739
* We return a pointer when we are using cap_init() or cap_service_open()Mariusz Zaborski2017-11-121-0/+2
| | | | | | | | | | | | function, so check if cap_chanel_t is NULL is not enough. Casper with a normal libc will still fail in capability mote so let's not enter capability mode without casper support when we need to resolve DNS. Reviewed by: cem Differential Revision: https://reviews.freebsd.org/D12823 Notes: svn path=/head/; revision=325736
* Fix the 'casper' package, following r325062.Glen Barber2017-11-081-1/+1
| | | | | | | | Submitted by: woodsb02 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=325524
* The src.opts.mk sets default value for the SHLIBDIR, so our set was notMariusz Zaborski2017-11-042-4/+5
| | | | | | | | | | | | | | respected. Please notice that libcasper is already in ObsoleteFiles so we don't add it again. Reported by: Herbert J. Skuhra <herbert@mailbox.org> Reviewed by: bdrewery@ Differential Revision: https://reviews.freebsd.org/D12918 Notes: svn path=/head/; revision=325399
* Casper work's only as shared library - disable building static ones.Mariusz Zaborski2017-11-046-6/+6
| | | | | | | | Reviewed by: bdrewery@ Differential Revision: https://reviews.freebsd.org/D12917 Notes: svn path=/head/; revision=325398
* Add `static` to `cap_setgrent` prototype in !WITH_CASPER caseEnji Cooper2017-10-311-1/+1
| | | | | | | This unbreaks the default powerpc/sparc64 build configuration after r325062. Notes: svn path=/head/; revision=325208
* DIRDEPS_BUILD: Update dependencies.Bryan Drewery2017-10-316-6/+0
| | | | | | | Sponsored by: Dell EMC Isilon Notes: svn path=/head/; revision=325188
* DIRDEPS_BUILD: Connect new directories.Bryan Drewery2017-10-315-0/+92
| | | | | | | Sponsored by: Dell EMC Isilon Notes: svn path=/head/; revision=325187
* Fix information about nv.h include.Mariusz Zaborski2017-10-291-2/+2
| | | | | | | MFC after: 1 week Notes: svn path=/head/; revision=325100
* Introduce caspermocks.Mariusz Zaborski2017-10-2821-8/+282
| | | | | | | | | | | | | | | | | | | | The idea behinds mocks is that we don't need to ifdef a lot of code in tools itself but those defines are hidden in the casper library. Right now the mocks are implemented as define/inlines functions. There was a very long discussion how this should be implemented. This approach has some advantages like we don't need to link to any additional libraries. Unfortunately there are also some disadvantages for example it is easy to get library out of sync between two versions of functions or that we need extra define to compile program with casper support. This isn't an ideal solution but it's good enough for now and should simplify capsicumizing programs. This also doesn't close us any other ways to do those mocks and this should evolve in time. Discussed with: pjd, emaste, ed, rwatson, bapt, cem, bdrewery Differential Revision: https://reviews.freebsd.org/D8753 Notes: svn path=/head/; revision=325062
* Add supporting changes for `Add limited sandbox capability to "make check"`Enji Cooper2017-08-144-0/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Non-tests/... changes: - Add HAS_TESTS= to Makefiles with libraries and programs to enable iteration and propagate the appropriate environment down to *.test.mk. tests/... changes: - Add appropriate support Makefile.inc's to set HAS_TESTS in a minimal manner, since tests/... is a special subdirectory tree compared to the others. MFC after: 2 months MFC with: r322511 Reviewed by: arch (silence), testing (silence) Differential Revision: D12014 Notes: svn path=/head/; revision=322515
| * Add HAS_TESTS to all Makefiles that are currently using theEnji Cooper2017-08-024-0/+4
| | | | | | | | | | | | | | | | | | `SUBDIR.${MK_TESTS}+= tests` idiom. This is a follow up to r321912. Notes: svn path=/projects/make-check-sandbox/; revision=321914
* | TESTSDIR isn't required; remove itEnji Cooper2017-08-132-4/+0
| | | | | | | | | | | | | | | | MFC after: 1 week MFC with: r322450 Notes: svn path=/head/; revision=322451
* | Integrate the tests moved in r305626 in to the FreeBSD test suiteEnji Cooper2017-08-134-0/+20
| | | | | | | | | | | | | | | | | | | | | | The reachover Kyuafiles were never added, and thus the tests were installed as standalone tests, and not integrated into the full suite. MFC after: 1 week MFC with: r305626, 305629, r307863, r322447, r322448, r322449 Notes: svn path=/head/; revision=322450
* | Use hardcoded IPv4/IPv6 addresses for google-public-dns-a.google.com insteadEnji Cooper2017-08-131-14/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | of freefall.freebsd.org to unbreak the DNS tests The address allocations for freefall.freebsd.org have changed in the past 4 years. Use a more stable set of hardcoded addresses for now to make the tests succeed reliably. The hostname should be resolved dynamically instead of hardcoding the addresses in the future. This is just a bandaid. MFC after: 1 week Notes: svn path=/head/; revision=322449
* | Make root-privileges a requirement for the testEnji Cooper2017-08-131-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | Some of the testcases try to manipulate sysctls that require root privileges, e.g., "kern.sync_on_panic". Make root-privileges a hard requirement so the tests don't raise false positives due to privilege issues when calling sysctlbyname(3) on writable sysctls. MFC after: 1 week Notes: svn path=/head/; revision=322448
* | Fix result printingEnji Cooper2017-08-134-12/+24
|/ | | | | | | | | | | - Flushing stdout prevents the buffer from being printed twice, fixing issues with stdout printing out the testplan, etc, twice. - Don't print out raw source/line numbers; hide them behind comments. MFC after: 1 week Notes: svn path=/head/; revision=322447
* Convert traditional ${MK_TESTS} conditional idiom for including testEnji Cooper2017-08-024-12/+4
| | | | | | | | | | | | | | directories to SUBDIR.${MK_TESTS} idiom This is being done to pave the way for future work (and homogenity) in ^/projects/make-check-sandbox . No functional change intended. MFC after: 1 weeks Notes: svn path=/head/; revision=321912
* In libcasper, prefer to send a function index or service name over the IPCRobert Watson2017-03-233-12/+51
| | | | | | | | | | | | | | | | | | channel to a zygote process, rather than sending a function pointer or service pointer. This avoids transfering pointers between address spaces, which while robust in this case (due to the zygote being forked() from the parent) is not generally a good idea, especially in the presence of increasingly popular control-flow integrity and pointer protection mitigation schemes. With this change, ping(8) and other sandboxed tools using libcasper for DNS resolution now work on architectures with tagged memory again. Reviewed by: oshogbo MFC after: 1 week Sponsored by: DARPA, AFRL Notes: svn path=/head/; revision=315862
* Set SHLIBDIR before .including src.opts.mk in libcapser servicesEd Maste2016-10-244-4/+8
| | | | | | | | | | | bsd.own.mk (included from src.opts.mk) sets SHLIBDIR?=${LIBDIR}, so SHLIBDIR must be set before including either one of them. MFC with: 305626 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=307863
* Fix naming in Casper man page.Mariusz Zaborski2016-10-051-2/+2
| | | | Notes: svn path=/head/; revision=306707
* Move libcasper tests from regression/capsicum/libcasper/ toMariusz Zaborski2016-09-0812-0/+5366
| | | | | | | | | | lib/libcasper/service/${service_name}/tests. Reviewed by: emaste, ngie Differential Revision: https://reviews.freebsd.org/D7759 Notes: svn path=/head/; revision=305626
* Don't close fd if it's lower then stderr, otherwise we can closeMariusz Zaborski2016-06-131-1/+2
| | | | | | | | | | one of the descriptor which we just set. Pointed out by: jilles Approved by: re (hrs) Notes: svn path=/head/; revision=301844
* Add flags to the Casper services.Mariusz Zaborski2016-06-0810-47/+79
| | | | | | | | | | CASPER_SERVICE_STDIO - Casper will not close the first three descriptors (stdin, stdout and stderr) this can be helpful for debugging. CASPER_SERVICE_FD - Capser will not close all other descriptors, this can be useful for a filesystem service. Notes: svn path=/head/; revision=301572
* Don't call setgrent() in an unportable way.Ed Schouten2016-06-011-1/+3
| | | | | | | | | | | | | | | | For FreeBSD 12, I'm considering updating setgrent() to have a function prototype that conforms to POSIX. FreeBSD seems to be the only operating system that lets setgrent() return an integer. It's also inconsistent with setpwent(). It looks like our libcasper depends on setgrent() returning an integer. Get rid of that. Reviewed by: oshogbo Differential Revision: https://reviews.freebsd.org/D6659 Notes: svn path=/head/; revision=301167
* MFHGlen Barber2016-04-161-0/+1
|\ | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=298092
generated by cgit v1.3 (git 2.53.0) at 2026-05-26 22:50:13 +0000