aboutsummaryrefslogtreecommitdiff
path: root/lib/libcasper
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove cap_random(3).Mark Johnston2019-07-247-318/+0
| | | | | | | | | | | | | | | | Now that we have a way to obtain entropy in capability mode (getrandom(2)), libcap_random is obsolete. Remove it. Bump __FreeBSD_version in case anything happens to use it, though I've found no consumers. Reviewed by: delphij, emaste, oshogbo Relnotes: yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D21033 Notes: svn path=/head/; revision=350307
* Link fileargs_lstat.3.Mark Johnston2019-07-211-0/+1
| | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=350201
* fileargs: add wrapping/unwrapping functionsMariusz Zaborski2019-06-122-1/+57
| | | | | | | Those function may be useful to pass fileargs connections around. Notes: svn path=/head/; revision=349002
* Extend the libcap_sysctl tests.Mark Johnston2019-05-131-2/+122
| | | | | | | | | | | | | - Add some coverage for cap_sysctl(3). - Add a test for the case where the caller wishes to find the sysctl output length without specifying an output buffer. Reviewed by: oshogbo Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D17856 Notes: svn path=/head/; revision=347536
* Convert the libcap_sysctl test cases to ATF.Mark Johnston2019-05-132-349/+401
| | | | | | | | | Reviewed by: oshogbo Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D17855 Notes: svn path=/head/; revision=347535
* Add cap_sysctl(3) and cap_sysctlnametomib(3).Mark Johnston2019-05-135-738/+1054
| | | | | | | | | | | | | | | | These complement cap_sysctlbyname(3) to provide a drop-in replacement for the corresponding libc functions. Also revise the libcap_sysctl limit interface to provide access to sysctls by MIB, and to avoid direct manipulation of nvlists by the caller. Reviewed by: oshogbo Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D17854 Notes: svn path=/head/; revision=347534
* [casper] fix compilation when casper is disabled.Adrian Chadd2019-04-171-2/+6
| | | | | | | | | | | This triggers an error in gcc-mips 6.4.0 complaining about unused arguments. Tested: * compiled/run on mips32; nothing complained. Notes: svn path=/head/; revision=346322
* cap_fileargs: fix test after r346318Ed Maste2019-04-171-1/+1
| | | | | | | | | | Reported by: danfe, mjg MFC after: 3 weeks MFC with: r346315 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=346321
* cap_fileargs: fix GCC build, don't shadow 'stat'Ed Maste2019-04-171-2/+2
| | | | | | | | | | Reported by: ci.freebsd.org MFC after: 3 weeks MFC with: r346315 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=346318
* cap_fileargs: add fileargs_lstat serviceEd Maste2019-04-173-29/+207
| | | | | | | | | | | | | | | | Add fileargs_lstat function to cap_fileargs casper service to be able to lstat files while in capability mode. It can only lstat files given in fileargs_init. Submitted by: Bora Özarslan <borako.ozarslan@gmail.com> Reviewed by: oshogbo, cem (partial) MFC after: 3 weeks Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D19548 Notes: svn path=/head/; revision=346315
* cap_fileargs.3: typo and markup correctionsEd Maste2019-04-171-6/+6
| | | | | | | | | | Submitted by: Bora Özarslan" <borako.ozarslan@gmail.com> MFC after: 1 week MFC with: r346313 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=346314
* cap_fileargs.3: correct 'filerags' typoEd Maste2019-04-171-3/+3
| | | | | | | | | Submitted by: Bora Özarslan" <borako.ozarslan@gmail.com> MFC after: 1 week Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=346313
* r341692 changed cap_syslog(3) to preserve the stdio descriptors inheritedJason A. Harmening2019-02-061-3/+26
| | | | | | | | | | | | | | | | | | | | from its parent so that LOG_PERROR would work. However, this caused dhclient(8)'s stdio streams to remain open across daemonization, breaking the ability to capture its foreground output as done in netconfig_ipv4. Fix this by reverting r341692 and instead passing the parent's stderr descriptor as an argument to cap_openlog() only when LOG_PERROR is specified in logopt. PR: 234514 Suggested by: markj Reported by: Shawn Webb Reviewed by: markj, oshogbo MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D18989 Notes: svn path=/head/; revision=343827
* libcasper: do not run registered exit functionsMariusz Zaborski2019-01-263-13/+13
| | | | | | | | | | | | Casper library should not use exit(3) function because before setting it up applications may register it. Casper doesn't depend on any registered exit function, so it safe to change this. Reported by: jceel MFC after: 2 weeks Notes: svn path=/head/; revision=343471
* Let the cap_syslog capability inherit stdio descriptors.Mark Johnston2018-12-071-1/+1
| | | | | | | | | | | | Otherwise cap_openlog(LOG_PERROR) doesn't work. Reviewed by: oshogbo MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D18457 Notes: svn path=/head/; revision=341692
* libcasper: do not fail if Capsicum is not avilableMariusz Zaborski2018-11-301-1/+1
| | | | | | | | | | Casper service can be also used on the kernels without Capsicum support. Reported by: sbruno Tested by: sbruno Notes: svn path=/head/; revision=341347
* libcasper: provide compatibility with the old version of serviceMariusz Zaborski2018-11-191-5/+11
| | | | | | | | | | Some external tools like tcpdump(1) have upstream the changes with old limits name. Because of that provide compatibility with the old names. Reported by: emaste Notes: svn path=/head/; revision=340638
* Update the names in the LIMITS and EXAMPLES sections after r340363.Mariusz Zaborski2018-11-181-4/+4
| | | | | | | Reported by: markj Notes: svn path=/head/; revision=340564
* Fix typo in the comparison.Mariusz Zaborski2018-11-121-2/+2
| | | | | | | | | This fix build with gcc. Reported by: jenkins Notes: svn path=/head/; revision=340381
* libcasper: introduce cap_fileargs serviceMariusz Zaborski2018-11-125-0/+890
| | | | | | | | | | | | | | | | cap_fileargs is a Casper service which helps to sandbox applications that need access to the filesystem namespace. The main purpose of the service is to make easy to capsicumize applications that works on multiple files passed in argv. We have a couple example of using it but we still treat this service as an experimental one. Reviewed by: emsate (previous version), jonathan (partially) Discussed with: many Differential Revision: https://reviews.freebsd.org/D14407 Notes: svn path=/head/; revision=340373
* libcasper: ange the name of limits in cap_dns so the intentions are obvious.Mariusz Zaborski2018-11-124-52/+52
| | | | | | | | Reported by: pjd MFC after: 3 weeks Notes: svn path=/head/; revision=340363
* Document the fact that cap_limit_set() always frees the input nvlist.Mark Johnston2018-11-051-2/+4
| | | | | | | | MFC after: 1 week Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=340160
* libcasper: using explicit_bzero in cap_grp serviceMariusz Zaborski2018-11-041-1/+1
| | | | | | | | | | Please notice that we still don't clean information in nvlist structures. Submitted by: David CARLIER <devnexen@gmail.com> Differential Revision: https://reviews.freebsd.org/D16777 Notes: svn path=/head/; revision=340142
* libcasper: fix limitations in dns serviceMariusz Zaborski2018-11-043-21/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | The getaddrinfo(3) and gethostbyname(3) are used to return the address for a given hostname. The getnameinfo(3) and gethostbyaddr(3) are used to return hostname for a given address. Right now in casper, we have two limitations: - NAME which allows resolving DNS names. - ADDR which allows to do revert DNS lookups. Before this change the rights was mixed up: NAME - getnameinfo(3) and gethostbyname(3) ADDR - gethostbyaddr(3) and getaddrinfo(3) Which no matters on limitation allowed us to resolve DNS names and do DNS lookups basically by using a different set of functions. Now the NAME type allows getaddrinfo(3) and gethostbyname (3)functions, and the ADDR names allow to use gethostbyaddr(3) and getnameinfo(3) functions. Reviewed by: pjd, bcr MFC after: 3 weeks Discussed with: hrs Differential Revision: https://reviews.freebsd.org/D16930 Notes: svn path=/head/; revision=340141
* libcasper: Update example in man page to use cap_getnameinfo function.Mariusz Zaborski2018-11-041-16/+25
| | | | | | | | Reviewed by: hrs Differential Revision: https://reviews.freebsd.org/D16931 Notes: svn path=/head/; revision=340140
* libcasper: Document the cap_getaddrinfo and cap_getnameinfo functionsMariusz Zaborski2018-11-042-4/+21
| | | | | | | | Reviewed by: hrs Differential Revision: https://reviews.freebsd.org/D16929 Notes: svn path=/head/; revision=340139
* Fix comments.Mark Johnston2018-10-241-2/+2
| | | | | | | | MFC after: 1 week Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=339675
* Fix typo.Edward Tomasz Napierala2018-08-161-1/+1
| | | | | | | | MFC after: 2 weeks Sponsored by: DARPA, AFRL Notes: svn path=/head/; revision=337907
* With r335636 C++ program use libcasper.h and capsicum_helpers.h.Mariusz Zaborski2018-07-011-0/+4
| | | | | | | Add __BEGIN_DECLS and __END_DECLS to those headers. Notes: svn path=/head/; revision=335848
* [libcasper] Use explicit_bzero instead of memset to clear pwd structMariusz Zaborski2018-06-261-1/+1
| | | | | | | | Submitted by: David Carlier <devnexen@gmail.com> Differential Revision: https://reviews.freebsd.org/D16015 Notes: svn path=/head/; revision=335678
* users(1): Use capsicum helpers for usersEitan Adler2018-06-251-1/+1
| | | | | | | In doing so also fix the libcasper.h header to work in C++. Notes: svn path=/head/; revision=335636
* Document libcasper_service.Mariusz Zaborski2018-06-233-0/+120
| | | | | | | | Reviewed by: bcr@ Differential Revision: https://reviews.freebsd.org/D15766 Notes: svn path=/head/; revision=335588
* Fix typo.Mariusz Zaborski2018-06-191-2/+2
| | | | Notes: svn path=/head/; revision=335389
* The gids argument can be declared as const.Mariusz Zaborski2018-03-183-5/+5
| | | | | | | We don't modified it in this function. Notes: svn path=/head/; revision=331146
* Fix reference to man page in Makefile.Mariusz Zaborski2018-03-181-1/+1
| | | | | | | I broke it in r331120. Notes: svn path=/head/; revision=331137
* Fix similar typos to r331124.Mariusz Zaborski2018-03-183-4/+4
| | | | Notes: svn path=/head/; revision=331125
* Fix typo.Mariusz Zaborski2018-03-181-1/+1
| | | | | | | Submitted by: Trond Endrestøl <Trond.Endrestol@ximalas.info> Notes: svn path=/head/; revision=331124
* Update libcasper references to all new man pages.Mariusz Zaborski2018-03-181-53/+9
| | | | | | | | | | | | Remove obsolete example. All services has they own example. This example also show old type of limiting method which is not recommended to use. Reviewed by: bcr@ Differential Revision: https://reviews.freebsd.org/D14607 Notes: svn path=/head/; revision=331121
* Document the sysctl Casper service.Mariusz Zaborski2018-03-182-0/+148
| | | | | | | | | PR: 226102 Reviewed by: bcr@ Differential Revision: https://reviews.freebsd.org/D14606 Notes: svn path=/head/; revision=331120
* Document the pwd Casper service.Mariusz Zaborski2018-03-182-0/+250
| | | | | | | | | PR: 226102 Reviewed by: bcr@ Differential Revision: https://reviews.freebsd.org/D14605 Notes: svn path=/head/; revision=331119
* nv was moved to the 9 section.Mariusz Zaborski2018-02-265-14/+14
| | | | | | | Fix reference to it. Notes: svn path=/head/; revision=330031
* Fix typo.Mariusz Zaborski2018-02-261-2/+2
| | | | Notes: svn path=/head/; revision=330025
* Fix reference to nvlist in man pages.Mariusz Zaborski2018-02-242-10/+21
| | | | | | | | | Reviewed by: @bcr @brueffer Pointed out by: @brueffer Differential Revision: https://reviews.freebsd.org/D14410 Notes: svn path=/head/; revision=329912
* Introduce channel flags in libcasper.Mariusz Zaborski2018-02-1720-75/+143
| | | | | | | | | | | | | Instead of passing flags (which describe a type of nvlist) every send/recv we remember them in channel. It's enough for use to extract them only during unwrap. This simplify use of Casper. Reviewed by: bruffer@, bcr@ (both man page) Differential Revision: https://reviews.freebsd.org/D14196 (man page) Notes: svn path=/head/; revision=329452
* Document the need for WITH_CASPER.Mark Johnston2018-02-051-1/+2
| | | | | | | | After r325062, consumers need to define WITH_CASPER for libcasper to function as expected. Notes: svn path=/head/; revision=328891
* The name of the library is exactly the same like one of name the name of theMariusz Zaborski2018-01-291-1/+0
| | | | | | | | | | | functions. We should not create MLINKS for that one, because it's break a build. Submitted by: lwhsu@ Notes: svn path=/head/; revision=328532
* Document the syslog Casper service.Mariusz Zaborski2018-01-292-0/+116
| | | | | | | | Reviewed by: bcr@ Differential Revision: https://reviews.freebsd.org/D14084 Notes: svn path=/head/; revision=328531
* Add cap_random.3 to build system.Mariusz Zaborski2018-01-271-0/+5
| | | | | | | This should be done with r328494. Notes: svn path=/head/; revision=328498
* Fix caspermock - the cap_recv_nvlist should return nvlist.Mariusz Zaborski2018-01-271-1/+1
| | | | Notes: svn path=/head/; revision=328496
* Document the random Casper service.Mariusz Zaborski2018-01-271-0/+98
| | | | | | | | Reviewed by: bcr@ Differential Revision: https://reviews.freebsd.org/D14072 Notes: svn path=/head/; revision=328494
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-28 17:16:19 +0000