This is a nice and trivial program for sandboxing. One input file, one
output file.
Reviewed by: pfg
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D7920
This is a straightforward single input, single output program for
capsicum.
Reviewed by: bapt
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D7928
uefisign previously included sys/capability.h or sys/capsicum.h based
on __FreeBSD_version in order to facilitate development on the stable
branch. The Capsicum header is now installed as sys/capsicum.h in
stable/10 and FreeBSD 10.3, so there's no need for the backwards
compatibility support.
Reviewed by: trasz
Sponsored by: The FreeBSD Foundation
If BIOS performed hand-off to OS with BSP LAPIC in the x2APIC mode,
system usually consumes such configuration without a notice, since
x2APIC is turned on by OS if possible (nop). But if BIOS
simultaneously requested OS to not use x2APIC, code assumption that
that xAPIC is active breaks.
In my opinion, we cannot safely turn off x2APIC if control is passed
in this mode. Make madt.c ignore user or BIOS requests to turn x2APIC
off, and do not check the x2APIC black list. Just trust the config
and try to continue, giving a warning in dmesg.
Reported and tested by: Slawa Olhovchenkov <slw@zxy.spb.ru> (previous version)
Diagnosed by and discussed with: avg
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Reclaimed vnode type is VBAD, so succesful comparision like
devvp->v_type != VREG does not imply that the devvp references
snapshot, it might be due to a reclaimed vnode. Explicitely check the
vnode type.
In the the most important case of ffs_blkfree(), the devfs vnode is
locked and its type is stable. In other cases, if the vnode is
reclaimed right after the check, hopefully the buffer methods return
right error codes.
Reviewed by: mckusick
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
have been added as some don't seem to be improvements over the libc C
implementation.
Obtained from: ABT Systems Ltd
Sponsored by: The FreeBSD Foundation
- Don't change RNDIS RSS configuration for RSS key sysctl, if the
interface is not capable of RSS yet.
- Don't change RSS indirect table (both cached one and RNDIS RSS
configuration), if the interface is not capable of RSS yet.
MFC after: 1 week
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D7924
And don't allow capability changes during reinitialization, which
breaks too much static configuration.
MFC after: 1 week
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D7922
NVS and NDIS version change would break too much assumption and static
configuration.
MFC after: 1 week
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D7919
it to lib/libc/tests/sys/Makefile [*]
Even though make -VPACKAGE and make -n install seem to do the right thing,
the effects are a bit different, depending on the build host.
MFC after: 1 week
Obtained from: HardenedBSD (af602f0db) [*]
Reported by: Oliver Pinter <oliver.pinter@hardenedbsd.org> [*]
Sponsored by: Dell EMC Isilon
drivers.
The BMIPS32/BMIPS3300 cores use a register layout distinct from the MIPS74K
core, and are only found on siba(4) devices.
Reviewed by: mizhka
Approved by: adrian (mentor)
Differential Revision: https://reviews.freebsd.org/D7791
It turns out that the path normalization that our brand new copy of
dirname(3) does is actually not allowed by the draft version of the
upcoming version of POSIX. It has to behave identically to the
dirname(1) utility.
This change replaces our new dirname(3) implementation by yet another
version that doesn't implement the path normalization logic; it merely
looks for the end of the directory name and overwrites that with a null
byte.
More details: See note #3370 at http://austingroupbugs.net/view.php?id=1073
PR: 212193
Reviewed by: emaste, jilles
Differential Revision: https://reviews.freebsd.org/D7790
stdio uses fstat and the TIOCGETA ioctl. Also collapse the
cap_rights_limit and new cap_ioctls_limit calls into one if statement.
Errors here are not actionable by the user and distinguishing stdout
from stderr doesn't really have value.
Reported by: kib
Reviewed by: allanjude, bapt
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7944
if getcwd fails: just ignore it and do not try to adding to the list of possible
path where to find the files.
if fdopen fails, warn and return NULL the rest of the code knows how to deal
with it
Reported by: oshogbo
trampoline page table. Also do some style cleanup.
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D7934
Bugs in the Python code used to generate this vDSO caused us to
miscompute the register numbers/stack offsets at which addresses of the
system call output arguments were stored.
Together with some other patches, this vDSO allows us to make all of the
cloudlibc unit tests pass.
Obtained from: https://github.com/NuxiNL/cloudabi
As a trick to be able to access all files passed in arguments (readonly) within
the sandbox we first open the root directory, then consider all files as
relative to this file descriptor.
This might be improved once casper add supports for filesystem.
MFC after: 1 month
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D7936
All remaining tools using rcs has been switched to directly use diff3(1):
- etcupdate(8)
- freebsd-update(8)
Note that the ident(1) tool is been already replaced long ago with a BSD
licensed version, as such it remains installed.
GNU rcs is still available from ports:
- rcs: newer GPLv3 version
- rcs57: the latest version from base (GPLv2)
