FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F11.3 2018-03-23T16:15:07Z 2018-03-23T16:15:07Z Ian Lepore ian@FreeBSD.org 2018-03-23T16:15:07Z urn:sha1:6af4abb8796235567b09aadcf28b750755f1b7f9 r306657: libcapsicum: introduce Capsicum helpers Capsicum helpers are a set of inline functions which goal is to reduce duplicated patterns used to Capsicumize applications. Reviewed by: cem, AllanJude, bapt, ed, emaste Differential Revision: https://reviews.freebsd.org/D8013 r306673: libcapsicum: limit stderr Don't limit stdout twice, instead limit stderr. Pointed out by: rpokala@ r306726: Add man pages for Capsicum helpers. Reviewed by: cem Differential Revision: https://reviews.freebsd.org/D8154 r307737: Fix few sentence in the man page. Pointed out by: wblock r309366: capsicum_helpers: Squash errors from closed fds Squash EBADF from closed stdin, stdout, or stderr in caph_limit_stdio(). Any program used during special shell scripts may commonly be forked from a parent process with closed standard stream. Do the common sense thing for this common use. Reported by: Iblis Lin <iblis AT hs.ntnu.edu.tw> Reviewed by: oshogbo@ (earlier version) Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D8657 r310135: capsicum_helpers: Add LOOKUP flag Add a helper routine for opening a directory that is restricted to being used for opening relative files as stdio streams. I think this will really help basic adaptation of multi-file programs to Capsicum. Rather than having each program initialize a rights object and ioctl/fcntl arrays for their root fd for relative opens, consolidate in the logical place. Reviewed by: oshogbo@ Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D8743 r323990: capsicum_helpers: Add SEEK to default stdio rights set PR: 219173 Sponsored by: Dell EMC Isilon r324414: capsicum_helpers: Add EVENT to default stdio rights set Without it, calling caph_limit_stdio(3) breaks Irssi. Reviewed by: oshogbo Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D12622 2016-04-17T02:51:04Z Glen Barber gjb@FreeBSD.org 2016-04-17T02:51:04Z urn:sha1:659a0a5d644f71023b0af7d124ca00b87f1947ad part of a merge mishap. Reported by: junovitch Sponsored by: The FreeBSD Foundation 2016-02-04T21:16:35Z Glen Barber gjb@FreeBSD.org 2016-02-04T21:16:35Z urn:sha1:a70cba95822f662d3f9da5119b6a0c433e8f70af Sponsored by: The FreeBSD Foundation 2014-11-25T11:07:26Z Baptiste Daroussin bapt@FreeBSD.org 2014-11-25T11:07:26Z urn:sha1:6b129086dcee14496517fae085b448e3edc69bc7 While here reduce a bit overlinking 2013-12-02T17:07:22Z Pawel Jakub Dawidek pjd@FreeBSD.org 2013-12-02T17:07:22Z urn:sha1:0f984a92603471f9d202d13e397a32cbccabaf03 as they are used by /sbin/casperd. 2013-12-02T08:21:28Z Pawel Jakub Dawidek pjd@FreeBSD.org 2013-12-02T08:21:28Z urn:sha1:42a859525652decb08bba47ffaceb769d394175e giving access to functionality that is not available in capability mode sandbox. The functionality can be precisely restricted. Start with the following services: - system.dns - provides API compatible to: - gethostbyname(3), - gethostbyname2(3), - gethostbyaddr(3), - getaddrinfo(3), - getnameinfo(3), - system.grp - provides getgrent(3)-compatible API, - system.pwd - provides getpwent(3)-compatible API, - system.random - allows to obtain entropy from /dev/random, - system.sysctl - provides sysctlbyname(3-compatible API. Sponsored by: The FreeBSD Foundation