diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libc/gen/getvfsbyname.3 | 3 | ||||
| -rw-r--r-- | lib/libc/posix1e/mac_free.3 | 4 | ||||
| -rw-r--r-- | lib/libc/posix1e/mac_text.3 | 8 | ||||
| -rw-r--r-- | lib/libpfctl/libpfctl.c | 3 | ||||
| -rw-r--r-- | lib/libsys/_libsys.h | 3 | ||||
| -rw-r--r-- | lib/libsys/closefrom.2 | 7 | ||||
| -rw-r--r-- | lib/libsys/syscalls.map | 2 | ||||
| -rw-r--r-- | lib/libsys/write.2 | 20 | ||||
| -rw-r--r-- | lib/libutil/login_class.c | 55 | ||||
| -rw-r--r-- | lib/libz/Makefile | 5 |
10 files changed, 74 insertions, 36 deletions
diff --git a/lib/libc/gen/getvfsbyname.3 b/lib/libc/gen/getvfsbyname.3 index 23036429b27e..61fd48624fbd 100644 --- a/lib/libc/gen/getvfsbyname.3 +++ b/lib/libc/gen/getvfsbyname.3 @@ -25,7 +25,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd August 16, 2018 +.Dd October 28, 2025 .Dt GETVFSBYNAME 3 .Os .Sh NAME @@ -102,6 +102,7 @@ argument specifies a file system that is unknown or not configured in the kernel. .El .Sh SEE ALSO +.Xr lsvfs 1 , .Xr jail 2 , .Xr mount 2 , .Xr sysctl 3 , diff --git a/lib/libc/posix1e/mac_free.3 b/lib/libc/posix1e/mac_free.3 index 4ed68b70f3a3..6674ca2e9094 100644 --- a/lib/libc/posix1e/mac_free.3 +++ b/lib/libc/posix1e/mac_free.3 @@ -31,7 +31,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd September 21, 2023 +.Dd October 26, 2025 .Dt MAC_FREE 3 .Os .Sh NAME @@ -85,7 +85,7 @@ is a complex structure in the implementation, .Fn mac_free is specific to -.Vt mac_3 , +.Vt mac_t , and must not be used to free the character strings returned from .Fn mac_to_text . Doing so may result in undefined behavior. diff --git a/lib/libc/posix1e/mac_text.3 b/lib/libc/posix1e/mac_text.3 index 29c1aacca485..7633f4b0da64 100644 --- a/lib/libc/posix1e/mac_text.3 +++ b/lib/libc/posix1e/mac_text.3 @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd September 21, 2023 +.Dd October 26, 2025 .Dt MAC_TEXT 3 .Os .Sh NAME @@ -52,14 +52,16 @@ into the internal policy label format and places it in .Fa *mac , which must later be freed with -.Xr free 3 . +.Xr mac_free 3 . .Pp The .Fn mac_to_text function allocates storage for .Fa *text , which will be set to the text representation of -.Fa label . +.Fa label +and must later be freed with +.Xr free 3 . .Pp Refer to .Xr maclabel 7 diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index 8c4b26b98054..17576066fcfd 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -3202,6 +3202,9 @@ pfctl_get_ruleset(struct pfctl_handle *h, const char *path, uint32_t nr, struct continue; } + rs->nr = nr; + strlcpy(rs->path, path, sizeof(rs->path)); + return (e.error); } diff --git a/lib/libsys/_libsys.h b/lib/libsys/_libsys.h index 6bd768708a78..12417b572a60 100644 --- a/lib/libsys/_libsys.h +++ b/lib/libsys/_libsys.h @@ -32,6 +32,7 @@ struct itimerspec; struct itimerval; struct jail; struct kevent; +struct kexec_segment; struct kld_file_stat; struct mac; struct module_stat; @@ -470,6 +471,7 @@ typedef int (__sys_getgroups_t)(int, gid_t *); typedef int (__sys_setgroups_t)(int, const gid_t *); typedef int (__sys_jail_attach_jd_t)(int); typedef int (__sys_jail_remove_jd_t)(int); +typedef int (__sys_kexec_load_t)(uint64_t, u_long, struct kexec_segment *, u_long); _Noreturn void __sys__exit(int rval); int __sys_fork(void); @@ -876,6 +878,7 @@ int __sys_getgroups(int gidsetsize, gid_t * gidset); int __sys_setgroups(int gidsetsize, const gid_t * gidset); int __sys_jail_attach_jd(int fd); int __sys_jail_remove_jd(int fd); +int __sys_kexec_load(uint64_t entry, u_long nseg, struct kexec_segment * segments, u_long flags); __END_DECLS #endif /* __LIBSYS_H_ */ diff --git a/lib/libsys/closefrom.2 b/lib/libsys/closefrom.2 index 1885a6fdeaa8..e6b4a5a3e9d7 100644 --- a/lib/libsys/closefrom.2 +++ b/lib/libsys/closefrom.2 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd May 17, 2025 +.Dd October 27, 2025 .Dt CLOSEFROM 2 .Os .Sh NAME @@ -94,6 +94,11 @@ function first appeared in .Fx 8.0 . .Pp The +.Fn close_range +function first appeared in +.Fx 12.2 . +.Pp +The .Dv CLOSE_RANGE_CLOFORK flag appeared in .Fx 15.0 . diff --git a/lib/libsys/syscalls.map b/lib/libsys/syscalls.map index b5400b9849b3..d00c862eb462 100644 --- a/lib/libsys/syscalls.map +++ b/lib/libsys/syscalls.map @@ -817,4 +817,6 @@ FBSDprivate_1.0 { __sys_jail_attach_jd; _jail_remove_jd; __sys_jail_remove_jd; + _kexec_load; + __sys_kexec_load; }; diff --git a/lib/libsys/write.2 b/lib/libsys/write.2 index d2ff41ceead9..77067893ab4c 100644 --- a/lib/libsys/write.2 +++ b/lib/libsys/write.2 @@ -132,6 +132,26 @@ and may write fewer bytes than requested; the return value must be noted, and the remainder of the operation should be retried when possible. +.Sh ATOMICITY OF WRITES +When operating on regular files on local file systems, the effects of +.Fn write +are atomic. +As required by the POSIX standard, +the +.Fn read , +.Fn write , +and +.Fn ftruncate +functions and their variations are atomic with respect to +each other on the file data and metadata for regular files. +See for instance +.St -p1003.1-2024 +Volume 2, Section 2.9.7 for more information. +.Pp +.Fx +implements the requirement by taking +a read/write range lock on the file byte range +affected by the corresponding function. .Sh RETURN VALUES Upon successful completion the number of bytes which were written is returned. diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c index c3c1b0ddda27..9478b4dc98ca 100644 --- a/lib/libutil/login_class.c +++ b/lib/libutil/login_class.c @@ -543,7 +543,7 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in /* we need a passwd entry to set these */ if (pwd == NULL) - flags &= ~(LOGIN_SETGROUP | LOGIN_SETLOGIN | LOGIN_SETMAC); + flags &= ~(LOGIN_SETGROUP | LOGIN_SETLOGIN); /* Set the process priority */ if (flags & LOGIN_SETPRIORITY) @@ -564,6 +564,27 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in } } + /* Set the sessions login */ + if ((flags & LOGIN_SETLOGIN) && setlogin(pwd->pw_name) != 0) { + syslog(LOG_ERR, "setlogin(%s): %m", pwd->pw_name); + login_close(llc); + return (-1); + } + + /* Inform the kernel about current login class */ + if (lc != NULL && lc->lc_class != NULL && (flags & LOGIN_SETLOGINCLASS)) { + error = setloginclass(lc->lc_class); + if (error != 0) { + syslog(LOG_ERR, "setloginclass(%s): %m", lc->lc_class); +#ifdef notyet + login_close(llc); + return (-1); +#endif + } + } + + setlogincontext(lc, pwd, flags); + /* Set up the user's MAC label. */ if ((flags & LOGIN_SETMAC) && mac_is_present(NULL) == 1) { const char *label_string; @@ -572,8 +593,10 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in label_string = login_getcapstr(lc, "label", NULL, NULL); if (label_string != NULL) { if (mac_from_text(&label, label_string) == -1) { - syslog(LOG_ERR, "mac_from_text('%s') for %s: %m", - pwd->pw_name, label_string); + syslog(LOG_ERR, "mac_from_text('%s') for %s %s: %m", + label_string, pwd != NULL ? "user" : "class", + pwd != NULL ? pwd->pw_name : lc->lc_class); + login_close(llc); return (-1); } if (mac_set_proc(label) == -1) @@ -582,33 +605,15 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in error = 0; mac_free(label); if (error != 0) { - syslog(LOG_ERR, "mac_set_proc('%s') for %s: %s", - label_string, pwd->pw_name, strerror(error)); + syslog(LOG_ERR, "mac_set_proc('%s') for %s %s: %s", + label_string, pwd != NULL ? "user" : "class", + pwd != NULL ? pwd->pw_name : lc->lc_class, strerror(error)); + login_close(llc); return (-1); } } } - /* Set the sessions login */ - if ((flags & LOGIN_SETLOGIN) && setlogin(pwd->pw_name) != 0) { - syslog(LOG_ERR, "setlogin(%s): %m", pwd->pw_name); - login_close(llc); - return (-1); - } - - /* Inform the kernel about current login class */ - if (lc != NULL && lc->lc_class != NULL && (flags & LOGIN_SETLOGINCLASS)) { - error = setloginclass(lc->lc_class); - if (error != 0) { - syslog(LOG_ERR, "setloginclass(%s): %m", lc->lc_class); -#ifdef notyet - login_close(llc); - return (-1); -#endif - } - } - - setlogincontext(lc, pwd, flags); login_close(llc); /* This needs to be done after anything that needs root privs */ diff --git a/lib/libz/Makefile b/lib/libz/Makefile index 6a135158e134..03204e388674 100644 --- a/lib/libz/Makefile +++ b/lib/libz/Makefile @@ -1,7 +1,4 @@ -# -# - -PACKAGE= runtime +PACKAGE= zlib LIB= z SHLIBDIR?= /lib SHLIB_MAJOR= 6 |