aboutsummaryrefslogtreecommitdiff
path: root/lib/libcasper/services
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix reference to nvlist in man pages.Mariusz Zaborski2018-02-241-2/+4
| | | | | | | | | Reviewed by: @bcr @brueffer Pointed out by: @brueffer Differential Revision: https://reviews.freebsd.org/D14410 Notes: svn path=/head/; revision=329912
* Introduce channel flags in libcasper.Mariusz Zaborski2018-02-1712-23/+23
| | | | | | | | | | | | | Instead of passing flags (which describe a type of nvlist) every send/recv we remember them in channel. It's enough for use to extract them only during unwrap. This simplify use of Casper. Reviewed by: bruffer@, bcr@ (both man page) Differential Revision: https://reviews.freebsd.org/D14196 (man page) Notes: svn path=/head/; revision=329452
* The name of the library is exactly the same like one of name the name of theMariusz Zaborski2018-01-291-1/+0
| | | | | | | | | | | functions. We should not create MLINKS for that one, because it's break a build. Submitted by: lwhsu@ Notes: svn path=/head/; revision=328532
* Document the syslog Casper service.Mariusz Zaborski2018-01-292-0/+116
| | | | | | | | Reviewed by: bcr@ Differential Revision: https://reviews.freebsd.org/D14084 Notes: svn path=/head/; revision=328531
* Add cap_random.3 to build system.Mariusz Zaborski2018-01-271-0/+5
| | | | | | | This should be done with r328494. Notes: svn path=/head/; revision=328498
* Document the random Casper service.Mariusz Zaborski2018-01-271-0/+98
| | | | | | | | Reviewed by: bcr@ Differential Revision: https://reviews.freebsd.org/D14072 Notes: svn path=/head/; revision=328494
* Add SPDX tags for libcasper(3) and services.Mariusz Zaborski2018-01-2710-0/+20
| | | | | | | MFC after: 2 weeks Notes: svn path=/head/; revision=328473
* Document the grp Casper service.Mariusz Zaborski2018-01-272-0/+244
| | | | | | | | Reviewed by: brueffer@, bcr@ Differential Revision: https://reviews.freebsd.org/D13821 Notes: svn path=/head/; revision=328471
* Fix markup.Mariusz Zaborski2018-01-101-2/+2
| | | | Notes: svn path=/head/; revision=327759
* Document the DNS Casper service.Mariusz Zaborski2018-01-082-0/+215
| | | | | | | | Reviewed by: brueffer@, bcr@ Differential Revision: https://reviews.freebsd.org/D13762 Notes: svn path=/head/; revision=327689
* Build service tests with Casper support.Mariusz Zaborski2018-01-054-0/+4
| | | | Notes: svn path=/head/; revision=327583
* Introduce syslog service for Casper.Mariusz Zaborski2017-11-124-0/+278
| | | | | | | | | | | | | | syslog in libc secretly reconnects to the daemon. Another issue is that we don't have any information from openlog(3) if we succeeded to open log or not so we don't know if we are ready to enter cabability mode. Because all of that we decided we need a syslog service for Caspser. Reviewed by: bapt@ Differential Revision: https://reviews.freebsd.org/D12824 Notes: svn path=/head/; revision=325739
* The src.opts.mk sets default value for the SHLIBDIR, so our set was notMariusz Zaborski2017-11-041-1/+2
| | | | | | | | | | | | | | respected. Please notice that libcasper is already in ObsoleteFiles so we don't add it again. Reported by: Herbert J. Skuhra <herbert@mailbox.org> Reviewed by: bdrewery@ Differential Revision: https://reviews.freebsd.org/D12918 Notes: svn path=/head/; revision=325399
* Casper work's only as shared library - disable building static ones.Mariusz Zaborski2017-11-045-5/+5
| | | | | | | | Reviewed by: bdrewery@ Differential Revision: https://reviews.freebsd.org/D12917 Notes: svn path=/head/; revision=325398
* Add `static` to `cap_setgrent` prototype in !WITH_CASPER caseEnji Cooper2017-10-311-1/+1
| | | | | | | This unbreaks the default powerpc/sparc64 build configuration after r325062. Notes: svn path=/head/; revision=325208
* DIRDEPS_BUILD: Update dependencies.Bryan Drewery2017-10-315-5/+0
| | | | | | | Sponsored by: Dell EMC Isilon Notes: svn path=/head/; revision=325188
* DIRDEPS_BUILD: Connect new directories.Bryan Drewery2017-10-315-0/+92
| | | | | | | Sponsored by: Dell EMC Isilon Notes: svn path=/head/; revision=325187
* Introduce caspermocks.Mariusz Zaborski2017-10-2818-5/+141
| | | | | | | | | | | | | | | | | | | | The idea behinds mocks is that we don't need to ifdef a lot of code in tools itself but those defines are hidden in the casper library. Right now the mocks are implemented as define/inlines functions. There was a very long discussion how this should be implemented. This approach has some advantages like we don't need to link to any additional libraries. Unfortunately there are also some disadvantages for example it is easy to get library out of sync between two versions of functions or that we need extra define to compile program with casper support. This isn't an ideal solution but it's good enough for now and should simplify capsicumizing programs. This also doesn't close us any other ways to do those mocks and this should evolve in time. Discussed with: pjd, emaste, ed, rwatson, bapt, cem, bdrewery Differential Revision: https://reviews.freebsd.org/D8753 Notes: svn path=/head/; revision=325062
* Add supporting changes for `Add limited sandbox capability to "make check"`Enji Cooper2017-08-144-0/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Non-tests/... changes: - Add HAS_TESTS= to Makefiles with libraries and programs to enable iteration and propagate the appropriate environment down to *.test.mk. tests/... changes: - Add appropriate support Makefile.inc's to set HAS_TESTS in a minimal manner, since tests/... is a special subdirectory tree compared to the others. MFC after: 2 months MFC with: r322511 Reviewed by: arch (silence), testing (silence) Differential Revision: D12014 Notes: svn path=/head/; revision=322515
| * Add HAS_TESTS to all Makefiles that are currently using theEnji Cooper2017-08-024-0/+4
| | | | | | | | | | | | | | | | | | `SUBDIR.${MK_TESTS}+= tests` idiom. This is a follow up to r321912. Notes: svn path=/projects/make-check-sandbox/; revision=321914
* | TESTSDIR isn't required; remove itEnji Cooper2017-08-131-2/+0
| | | | | | | | | | | | | | | | MFC after: 1 week MFC with: r322450 Notes: svn path=/head/; revision=322451
* | Integrate the tests moved in r305626 in to the FreeBSD test suiteEnji Cooper2017-08-132-0/+10
| | | | | | | | | | | | | | | | | | | | | | The reachover Kyuafiles were never added, and thus the tests were installed as standalone tests, and not integrated into the full suite. MFC after: 1 week MFC with: r305626, 305629, r307863, r322447, r322448, r322449 Notes: svn path=/head/; revision=322450
* | Use hardcoded IPv4/IPv6 addresses for google-public-dns-a.google.com insteadEnji Cooper2017-08-131-14/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | of freefall.freebsd.org to unbreak the DNS tests The address allocations for freefall.freebsd.org have changed in the past 4 years. Use a more stable set of hardcoded addresses for now to make the tests succeed reliably. The hostname should be resolved dynamically instead of hardcoding the addresses in the future. This is just a bandaid. MFC after: 1 week Notes: svn path=/head/; revision=322449
* | Make root-privileges a requirement for the testEnji Cooper2017-08-131-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | Some of the testcases try to manipulate sysctls that require root privileges, e.g., "kern.sync_on_panic". Make root-privileges a hard requirement so the tests don't raise false positives due to privilege issues when calling sysctlbyname(3) on writable sysctls. MFC after: 1 week Notes: svn path=/head/; revision=322448
* | Fix result printingEnji Cooper2017-08-134-12/+24
|/ | | | | | | | | | | - Flushing stdout prevents the buffer from being printed twice, fixing issues with stdout printing out the testplan, etc, twice. - Don't print out raw source/line numbers; hide them behind comments. MFC after: 1 week Notes: svn path=/head/; revision=322447
* Convert traditional ${MK_TESTS} conditional idiom for including testEnji Cooper2017-08-024-12/+4
| | | | | | | | | | | | | | directories to SUBDIR.${MK_TESTS} idiom This is being done to pave the way for future work (and homogenity) in ^/projects/make-check-sandbox . No functional change intended. MFC after: 1 weeks Notes: svn path=/head/; revision=321912
* Set SHLIBDIR before .including src.opts.mk in libcapser servicesEd Maste2016-10-244-4/+8
| | | | | | | | | | | bsd.own.mk (included from src.opts.mk) sets SHLIBDIR?=${LIBDIR}, so SHLIBDIR must be set before including either one of them. MFC with: 305626 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=307863
* Move libcasper tests from regression/capsicum/libcasper/ toMariusz Zaborski2016-09-0812-0/+5366
| | | | | | | | | | lib/libcasper/service/${service_name}/tests. Reviewed by: emaste, ngie Differential Revision: https://reviews.freebsd.org/D7759 Notes: svn path=/head/; revision=305626
* Add flags to the Casper services.Mariusz Zaborski2016-06-085-5/+5
| | | | | | | | | | CASPER_SERVICE_STDIO - Casper will not close the first three descriptors (stdin, stdout and stderr) this can be helpful for debugging. CASPER_SERVICE_FD - Capser will not close all other descriptors, this can be useful for a filesystem service. Notes: svn path=/head/; revision=301572
* Don't call setgrent() in an unportable way.Ed Schouten2016-06-011-1/+3
| | | | | | | | | | | | | | | | For FreeBSD 12, I'm considering updating setgrent() to have a function prototype that conforms to POSIX. FreeBSD seems to be the only operating system that lets setgrent() return an integer. It's also inconsistent with setpwent(). It looks like our libcasper depends on setgrent() returning an integer. Get rid of that. Reviewed by: oshogbo Differential Revision: https://reviews.freebsd.org/D6659 Notes: svn path=/head/; revision=301167
* MFHGlen Barber2016-04-161-0/+1
|\ | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=298092
| * Set NULL to the ai_next pointer which fix cap_getaddrinfo().Mariusz Zaborski2016-04-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | Add regression test case. PR: 195551 Submitted by: Mikhail <mp39590@gmail.com> Approved by: pjd (mentor) Notes: svn path=/head/; revision=297982
* | MFHGlen Barber2016-03-025-0/+5
|/ | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=296318
* Update dependencies.Bryan Drewery2016-02-265-0/+100
| | | | | | | Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=296127
* Remove unneeded lines.Bryan Drewery2016-02-266-15/+3
| | | | | | | | | | | - WARNS can be inherited from lib/Makefile.inc - CFLAGS referred to a non-existent directory and this shouldn't be needed anyhow due to the build picking up includes from WORLDTMP. Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=296126
* These can build in parallel.Bryan Drewery2016-02-261-0/+2
| | | | | | | Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=296125
* Convert casperd(8) daemon to the libcasper.Mariusz Zaborski2016-02-2516-0/+3101
After calling the cap_init(3) function Casper will fork from it's original process, using pdfork(2). Forking from a process has a lot of advantages: 1. We have the same cwd as the original process. 2. The same uid, gid and groups. 3. The same MAC labels. 4. The same descriptor table. 5. The same routing table. 6. The same umask. 7. The same cpuset(1). From now services are also in form of libraries. We also removed libcapsicum at all and converts existing program using Casper to new architecture. Discussed with: pjd, jonathan, ed, drysdale@google.com, emaste Partially reviewed by: drysdale@google.com, bdrewery Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4277 Notes: svn path=/head/; revision=296047
generated by cgit v1.3 (git 2.53.0) at 2026-04-17 01:52:12 +0000