| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These were reported by `mandoc -T lint ...` as errors; this commit only
handles unnecessary .Ed commands.
The rendered output (in ascii and html) is not affected by this commit.
Signed-off-by: Graham Percival <gperciva@tarsnap.com>
Reviewed by: mhorne
MFC after: 3 days
Sponsored by: Tarsnap Backup Inc.
Pull Request: https://github.com/freebsd/freebsd-src/pull/1435
(cherry picked from commit 4f2ef756a404df70272b79c16fa7b1689cb0118b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The functions like gmtime(3) expect to cache a GMT time zone. Some
sandboxed programs (like last(1)) use the gmtime(3) function.
In case of last(1), this function fails to load a proper time zone
because it is called after entering the capability mode.
_open () at _open.S:4
0x00000008011bc5a8 in tzloadbody (name=0x8018b9580 "/usr/share/zoneinfo/Etc/UTC", sp=0x801870140,
tzload (name=<optimized out>, sp=0x801870140, doextend=true)
0x00000008011bb8ba in gmtload (sp=0x801870140) at /usr/src/contrib/tzcode/localtime.c:1456
gmtcheck () at /usr/src/contrib/tzcode/localtime.c:1581
0x000000080111f85a in _libc_once (once_control=0x80127c550, init_routine=0x0)
_once (once_control=0x80127c550, init_routine=0x0) at /usr/src/lib/libc/gen/_once_stub.c:63
0x00000008011bb9d0 in gmtime_r (timep=0x7fffffffe3a8, tmp=0x80127c568)
gmtime (timep=timep@entry=0x7fffffffe3a8) at /usr/src/contrib/tzcode/localtime.c:1865
0x0000000001024cd4 in printentry (bp=bp@entry=0x8018b4800, tt=tt@entry=0x80186a0a0)
0x00000000010245ae in doentry (bp=0x8018b4800)
0x00000000010243a7 in main (argc=1, argv=<optimized out>)
This time zone is not loaded by the tzset(3) function. Because of
that, extend the caph_cache_tzdata(3) function to also include the
GMT time zone. There is no other way to cache this data than
calling gmtime(3) once.
MFC after: 5 days
Reviewed by: emaste, markj
Differential Revision: https://reviews.freebsd.org/D45297
(cherry picked from commit e24ff5c99be080007ff9086398fbe3ef56cd94dc)
|
| |
|
|
| |
Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
|
| |
|
|
| |
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
| |
|
|
| |
Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In most cases this simply builds the file from lib/libc for missing
functions (e.g. strlcpy on Linux etc.). In cases where this is not possible
I've added an implementation to tools/build/cross-build.
The fgetln.c/fgetwln.c/closefrom.c compatibility code was obtained from
https://gitlab.freedesktop.org/libbsd/libbsd, but I'm not sure it makes
sense to import it into to contrib just for these three bootstrap files.
Reviewed By: brooks
Differential Revision: https://reviews.freebsd.org/D25978
Notes:
svn path=/head/; revision=364759
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The goal here is to make it so applications can take the rights one would
normally get by calling caph_limit_stream() on a descriptor and build on
them as needed.
The tentatively planned use-case is an application that takes a socket and
hooks it up to std{err,out,in} for a fork()d child. It may be feasible to
apply limitations to such descriptors as long as it's a superset of those
normally applied to stdio.
Reviewed by: markj, oshobo (prior version; sans manpage addition)
Differential Revision: https://reviews.freebsd.org/D22993
Notes:
svn path=/head/; revision=356305
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The default package use to be FreeBSD-runtime but it should only contain
binaries and libs enough to boot to single user and repair the system, it
is also very handy to have a package that can be tranform to a small mfsroot.
So create a new package named FreeBSD-utilities and make it the default one.
Also move a few binaries and lib into this package when it make sense.
Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/D21506
Notes:
svn path=/head/; revision=351858
|
| |
|
|
|
|
|
|
|
|
| |
Fix typos while here.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=343284
|
| |
|
|
|
|
|
| |
Reported by: manu
Notes:
svn path=/head/; revision=342001
|
| |
|
|
| |
Notes:
svn path=/head/; revision=340134
|
| |
|
|
|
|
|
|
|
|
|
| |
The idea behind those functions is not to force consumers to remember that there
is a need to check errno on failure. We already have a caph_enter(3) function
which does the same for cap_enter(2).
MFC after: 2 weeks
Notes:
svn path=/head/; revision=340130
|
| |
|
|
| |
Notes:
svn path=/head/; revision=336462
|
| |
|
|
| |
Notes:
svn path=/head/; revision=336308
|
| |
|
|
|
|
|
| |
Add __BEGIN_DECLS and __END_DECLS to those headers.
Notes:
svn path=/head/; revision=335848
|
| |
|
|
| |
Notes:
svn path=/head/; revision=335313
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The caph_enter function should made it easier to sandbox application
and not force us to remember that we need to check errno on failure.
Another function is also checking if casper is present.
Reviewed by: emaste, cem (partially)
Differential Revision: https://reviews.freebsd.org/D14557
Notes:
svn path=/head/; revision=333330
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Without it, calling caph_limit_stdio(3) breaks Irssi.
Reviewed by: oshogbo
MFC after: 2 weeks
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D12622
Notes:
svn path=/head/; revision=324414
|
| |
|
|
|
|
|
|
| |
PR: 219173
Sponsored by: Dell EMC Isilon
Notes:
svn path=/head/; revision=323990
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
FIODTYPE will be needed by hexdump(1) to speed up the -s flag on devices
that should be able to support fseek(3); specifically, in an attempt to
correct for the fact that most tape drives don't support seeking yet don't
indicate as such when fseeko(3) is invoked. Related: D10939
Reviewed by: cem, emaste, oshogbo
Approved by: emaste (mentor)
Differential Revision: https://reviews.freebsd.org/D10937
Notes:
svn path=/head/; revision=322324
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a helper routine for opening a directory that is restricted to being
used for opening relative files as stdio streams.
I think this will really help basic adaptation of multi-file programs to
Capsicum. Rather than having each program initialize a rights object and
ioctl/fcntl arrays for their root fd for relative opens, consolidate in the
logical place.
Reviewed by: oshogbo@
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D8743
Notes:
svn path=/head/; revision=310135
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Squash EBADF from closed stdin, stdout, or stderr in caph_limit_stdio().
Any program used during special shell scripts may commonly be forked
from a parent process with closed standard stream. Do the common sense
thing for this common use.
Reported by: Iblis Lin <iblis AT hs.ntnu.edu.tw>
Reviewed by: oshogbo@ (earlier version)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D8657
Notes:
svn path=/head/; revision=309366
|
| |
|
|
|
|
|
|
| |
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
Notes:
svn path=/head/; revision=308605
|
| |
|
|
|
|
|
| |
Pointed out by: wblock
Notes:
svn path=/head/; revision=307737
|
| |
|
|
|
|
|
|
| |
Reviewed by: cem
Differential Revision: https://reviews.freebsd.org/D8154
Notes:
svn path=/head/; revision=306726
|
| |
|
|
|
|
|
|
|
| |
Don't limit stdout twice, instead limit stderr.
Pointed out by: rpokala@
Notes:
svn path=/head/; revision=306673
|
| |
|
|
|
|
|
|
|
|
|
| |
Capsicum helpers are a set of inline functions which goal is to reduce
duplicated patterns used to Capsicumize applications.
Reviewed by: cem, AllanJude, bapt, ed, emaste
Differential Revision: https://reviews.freebsd.org/D8013
Notes:
svn path=/head/; revision=306657
|
| |
|
|
|
|
|
|
|
|
| |
part of a merge mishap.
Reported by: junovitch
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=298139
|
| |
|
|
|
|
|
| |
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/projects/release-pkg/; revision=295278
|
| |
|
|
|
|
|
|
|
|
|
| |
This both avoids some dependencies on xinstall.host and allows
bootstrapping on older releases to work due to lack of at least 'install -l'
support.
Sponsored by: EMC / Isilon Storage Division
Notes:
svn path=/head/; revision=291307
|
| |
|
|
|
|
|
|
|
|
| |
Change consumers to include those files from sys.
Add duplicated files to ObsoleteFiles.
Approved by: pjd (mentor)
Notes:
svn path=/head/; revision=285063
|
| |
|
|
| |
Notes:
svn path=/head/; revision=284421
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since METAMODE has been added, sys.mk loads bsd.mkopt.mk which ends load loading
bsd.own.mk which then defines SHLIBDIR before all the Makefile.inc everywhere.
This makes /lib being populated again.
Reported by: many
Notes:
svn path=/head/; revision=284417
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.
Still need to add real targets under targets/ to build packages.
Differential Revision: D2796
Reviewed by: brooks imp
Notes:
svn path=/head/; revision=284345
|
| | |
| |
| |
| | |
Notes:
svn path=/projects/bmake/; revision=284172
|
| | |\
| |/
|/|
| | |
Notes:
svn path=/projects/bmake/; revision=283595
|
| | |\
| | |
| | |
| | | |
Notes:
svn path=/projects/bmake/; revision=270164
|
| | | |
| | |
| | |
| | | |
Notes:
svn path=/projects/bmake/; revision=266219
|
| | | |
| | |
| | |
| | | |
Notes:
svn path=/projects/bmake/; revision=265802
|
| | |\ \
| | | |
| | | |
| | | | |
Notes:
svn path=/projects/bmake/; revision=265720
|
| | | | |
| | | |
| | | |
| | | | |
Notes:
svn path=/projects/bmake/; revision=265381
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Change the nvlist_recv() function to take additional argument that
specifies flags expected on the received nvlist. Receiving a nvlist with
different set of flags than the ones we expect might lead to undefined
behaviour, which might be potentially dangerous.
Update consumers of this and related functions and update the tests.
Approved by: pjd (mentor)
Update man page for nvlist_unpack, nvlist_recv, nvlist_xfer, cap_recv_nvlist
and cap_xfer_nvlist.
Reviewed by: AllanJude
Approved by: pjd (mentor)
Notes:
svn path=/head/; revision=282346
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
with what looks like a copy and paste error.
Sponsored by: DARPA/AFRL
Notes:
svn path=/head/; revision=282298
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
them with snprintf(3). Assert the results of snprintf(3).
Approved by: pjd (mentor)
Notes:
svn path=/head/; revision=282252
|
| | |_|/
|/| |
| | |
| | |
| | |
| | |
| | | |
While here reduce a bit overlinking
Notes:
svn path=/head/; revision=275024
|
| | |/
|/|
| |
| |
| |
| |
| |
| | |
PR: 191174
Submitted by: Franco Fichtner <franco at lastsummer.de>
Notes:
svn path=/head/; revision=267773
|
| |/
|
|
|
|
|
|
|
| |
Reported by: brueffer
Found with: Coverity Prevent(tm)
CID: 1135301
Notes:
svn path=/head/; revision=265145
|
| |
|
|
|
|
|
|
| |
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=264466
|
| |
|
|
|
|
|
| |
as they are used by /sbin/casperd.
Notes:
svn path=/head/; revision=258850
|
|
|
giving access to functionality that is not available in capability mode
sandbox. The functionality can be precisely restricted.
Start with the following services:
- system.dns - provides API compatible to:
- gethostbyname(3),
- gethostbyname2(3),
- gethostbyaddr(3),
- getaddrinfo(3),
- getnameinfo(3),
- system.grp - provides getgrent(3)-compatible API,
- system.pwd - provides getpwent(3)-compatible API,
- system.random - allows to obtain entropy from /dev/random,
- system.sysctl - provides sysctlbyname(3-compatible API.
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=258838
|
