src/lib/libcapsicum, branch releng/11.3

MFC r322324: capsicum_helpers: Add FIODTYPE to default ioctls allowed

2018-04-07T03:51:19Z

FIODTYPE will be needed by hexdump(1) to speed up the -s flag on devices that should be able to support fseek(3); specifically, in an attempt to correct for the fact that most tape drives don't support seeking yet don't indicate as such when fseeko(3) is invoked.

MFC r306657, r306673, r306726, r307737, r309366, r310135, r323990, r324414

2018-03-23T16:15:07Z

r306657: libcapsicum: introduce Capsicum helpers Capsicum helpers are a set of inline functions which goal is to reduce duplicated patterns used to Capsicumize applications. Reviewed by: cem, AllanJude, bapt, ed, emaste Differential Revision: https://reviews.freebsd.org/D8013 r306673: libcapsicum: limit stderr Don't limit stdout twice, instead limit stderr. Pointed out by: rpokala@ r306726: Add man pages for Capsicum helpers. Reviewed by: cem Differential Revision: https://reviews.freebsd.org/D8154 r307737: Fix few sentence in the man page. Pointed out by: wblock r309366: capsicum_helpers: Squash errors from closed fds Squash EBADF from closed stdin, stdout, or stderr in caph_limit_stdio(). Any program used during special shell scripts may commonly be forked from a parent process with closed standard stream. Do the common sense thing for this common use. Reported by: Iblis Lin Reviewed by: oshogbo@ (earlier version) Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D8657 r310135: capsicum_helpers: Add LOOKUP flag Add a helper routine for opening a directory that is restricted to being used for opening relative files as stdio streams. I think this will really help basic adaptation of multi-file programs to Capsicum. Rather than having each program initialize a rights object and ioctl/fcntl arrays for their root fd for relative opens, consolidate in the logical place. Reviewed by: oshogbo@ Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D8743 r323990: capsicum_helpers: Add SEEK to default stdio rights set PR: 219173 Sponsored by: Dell EMC Isilon r324414: capsicum_helpers: Add EVENT to default stdio rights set Without it, calling caph_limit_stdio(3) breaks Irssi. Reviewed by: oshogbo Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D12622

Remove lib/libcapsicum and libexec/casper, brought back as

2016-04-17T02:51:04Z

part of a merge mishap. Reported by: junovitch Sponsored by: The FreeBSD Foundation

First pass through library packaging.

2016-02-04T21:16:35Z

META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host.

2015-11-25T19:10:28Z

This both avoids some dependencies on xinstall.host and allows bootstrapping on older releases to work due to lack of at least 'install -l' support. Sponsored by: EMC / Isilon Storage Division

Let the nv.h and dnv.h includes be only in sys directory.

2015-07-02T21:58:10Z

Change consumers to include those files from sys. Add duplicated files to ObsoleteFiles. Approved by: pjd (mentor)

Revert r284417 it is not necessary anymore

2015-06-15T19:28:07Z

Enforce overwritting SHLIBDIR

2015-06-15T15:34:20Z

Since METAMODE has been added, sys.mk loads bsd.mkopt.mk which ends load loading bsd.own.mk which then defines SHLIBDIR before all the Makefile.inc everywhere. This makes /lib being populated again. Reported by: many

Add META_MODE support.

2015-06-13T19:20:56Z

Off by default, build behaves normally. WITH_META_MODE we get auto objdir creation, the ability to start build from anywhere in the tree. Still need to add real targets under targets/ to build packages. Differential Revision: D2796 Reviewed by: brooks imp

dirdeps.mk now sets DEP_RELDIR

2015-06-08T23:35:17Z