Commit Graph

23 Commits

Author SHA1 Message Date
Mariusz Zaborski
59cf368df4 Don't close fd if it's lower then stderr, otherwise we can close
one of the descriptor which we just set.

Pointed out by:		jilles
Approved by:		re (hrs)
2016-06-13 00:03:55 +00:00
Mariusz Zaborski
920be817aa Add flags to the Casper services.
CASPER_SERVICE_STDIO - Casper will not close the first three descriptors (stdin,
		       stdout and stderr) this can be helpful for debugging.
CASPER_SERVICE_FD - Capser will not close all other descriptors, this can
		    be useful for a filesystem service.
2016-06-08 02:03:53 +00:00
Ed Schouten
2ca9ffa9bb Don't call setgrent() in an unportable way.
For FreeBSD 12, I'm considering updating setgrent() to have a function
prototype that conforms to POSIX. FreeBSD seems to be the only operating
system that lets setgrent() return an integer. It's also inconsistent
with setpwent().

It looks like our libcasper depends on setgrent() returning an integer.
Get rid of that.

Reviewed by:	oshogbo
Differential Revision:	https://reviews.freebsd.org/D6659
2016-06-01 20:45:21 +00:00
Glen Barber
0edd2576c0 MFH
Sponsored by:	The FreeBSD Foundation
2016-04-16 02:32:12 +00:00
Mariusz Zaborski
7f6a709bef Set NULL to the ai_next pointer which fix cap_getaddrinfo().
Add regression test case.

PR:		195551
Submitted by:	Mikhail <mp39590@gmail.com>
Approved by:	pjd (mentor)
2016-04-14 18:27:10 +00:00
Glen Barber
52259a98ad MFH
Sponsored by:	The FreeBSD Foundation
2016-03-02 16:14:46 +00:00
Bryan Drewery
3055a28d44 Update dependencies.
Sponsored by:	EMC / Isilon Storage Division
2016-02-26 22:14:15 +00:00
Bryan Drewery
e6f17963a8 Remove unneeded lines.
- WARNS can be inherited from lib/Makefile.inc
- CFLAGS referred to a non-existent directory and this shouldn't be needed
  anyhow due to the build picking up includes from WORLDTMP.

Sponsored by:	EMC / Isilon Storage Division
2016-02-26 22:14:08 +00:00
Bryan Drewery
88ad7d508a These can build in parallel.
Sponsored by:	EMC / Isilon Storage Division
2016-02-26 22:14:04 +00:00
Mariusz Zaborski
c501d73c7e Convert casperd(8) daemon to the libcasper.
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.

Discussed with:		pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by:	drysdale@google.com, bdrewery
Approved by:		pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4277
2016-02-25 18:23:40 +00:00
Glen Barber
a70cba9582 First pass through library packaging.
Sponsored by:	The FreeBSD Foundation
2016-02-04 21:16:35 +00:00
Bryan Drewery
b1f92fa229 META MODE: Update dependencies with 'the-lot' and add missing directories.
This is not properly respecting WITHOUT or ARCH dependencies in target/.
Doing so requires a massive effort to rework targets/ to do so.  A
better approach will be to either include the SUBDIR Makefiles directly
and map to DIRDEPS or just dynamically lookup the SUBDIR.  These lose
the benefit of having a userland/lib, userland/libexec, etc, though and
results in a massive package.  The current implementation of targets/ is
very unmaintainable.

Currently rescue/rescue and sys/modules are still not connected.

Sponsored by:	EMC / Isilon Storage Division
2015-12-01 05:23:19 +00:00
Mariusz Zaborski
c36e54bb32 Let the nv.h and dnv.h includes be only in sys directory.
Change consumers to include those files from sys.
Add duplicated files to ObsoleteFiles.

Approved by:	pjd (mentor)
2015-07-02 21:58:10 +00:00
Baptiste Daroussin
18b2ee82db Revert r284417 it is not necessary anymore 2015-06-15 19:28:07 +00:00
Baptiste Daroussin
4232f82668 Enforce overwritting SHLIBDIR
Since METAMODE has been added, sys.mk loads bsd.mkopt.mk which ends load loading
bsd.own.mk which then defines SHLIBDIR before all the Makefile.inc everywhere.

This makes /lib being populated again.

Reported by:	many
2015-06-15 15:34:20 +00:00
Mariusz Zaborski
bd1da0a002 Approved, oprócz użycie RESTORE_ERRNO() do ustawiania errno.
Change the nvlist_recv() function to take additional argument that
specifies flags expected on the received nvlist. Receiving a nvlist with
different set of flags than the ones we expect might lead to undefined
behaviour, which might be potentially dangerous.

Update consumers of this and related functions and update the tests.

Approved by:	pjd (mentor)

Update man page for nvlist_unpack, nvlist_recv, nvlist_xfer, cap_recv_nvlist
and cap_xfer_nvlist.

Reviewed by:	AllanJude
Approved by:	pjd (mentor)
2015-05-02 17:45:52 +00:00
Baptiste Daroussin
6b129086dc Convert libraries to use LIBADD
While here reduce a bit overlinking
2014-11-25 11:07:26 +00:00
Robert Watson
b881b8be1d Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

MFC after:	3 weeks
2014-03-16 11:04:44 +00:00
Pawel Jakub Dawidek
5564ef953a Fix descriptor leak. 2014-02-09 21:47:46 +00:00
Pawel Jakub Dawidek
93b3fdba4a MFp4 @1189741:
- Add missing nvlist_destroy().
- Don't override nvlout.

Submitted by:	Mariusz Zaborski <oshogbo@FreeBSD.org>
MFC after:	3 days
2014-01-03 09:10:04 +00:00
Pawel Jakub Dawidek
fecba05b97 Fix comparisons in assertions.
Reported by:	Coverity
Coverity CID:	1130048
2013-12-03 13:26:37 +00:00
Pawel Jakub Dawidek
0f984a9260 Both libcasper and libcapsicum libraries have to be installed in /lib/,
as they are used by /sbin/casperd.
2013-12-02 17:07:22 +00:00
Pawel Jakub Dawidek
05af64096c Forgot to 'svn add' lib/libcasper/ directory.
Reported by:	glebius
2013-12-02 10:18:25 +00:00