specific privilege names to a broad range of privileges. These may
require some future tweaking.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
general cleanup of the API. The entire API now consists of two functions
similar to the pre-KSE API. The suser() function takes a thread pointer
as its only argument. The td_ucred member of this thread must be valid
so the only valid thread pointers are curthread and a few kernel threads
such as thread0. The suser_cred() function takes a pointer to a struct
ucred as its first argument and an integer flag as its second argument.
The flag is currently only used for the PRISON_ROOT flag.
Discussed on: smp@
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.
Sorry john! (your next MFC will be a doosie!)
Reviewed by: peter@freebsd.org, dillon@freebsd.org
X-MFC after: ha ha ha ha
1:
s/suser/suser_xxx/
2:
Add new function: suser(struct proc *), prototyped in <sys/proc.h>.
3:
s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/
The remaining suser_xxx() calls will be scrutinized and dealt with
later.
There may be some unneeded #include <sys/cred.h>, but they are left
as an exercise for Bruce.
More changes to the suser() API will come along with the "jail" code.
it in struct proc instead.
This fixes a boatload of compiler warning, and removes a lot of cruft
from the sources.
I have not removed the /*ARGSUSED*/, they will require some looking at.
libkvm, ps and other userland struct proc frobbing programs will need
recompiled.
when compiled with -DDIAGNOSTIC. Almost all significant SCO binaries
I've run call an unsupported function and run correctly. Given that
they aren't needed, the messages only clutter up the logfiles and
console.
to get the definitions of TRUE and FALSE which happen to be defined in
a deeply nested include.
Added nearby #includes of <sys/conf.h> where appropriate.
Add new files created for emulator.
Modify NetBSD import to work with FreeBSD and add new features and
code. The complete emulator is essentially a combination of work/code
implemented by Sean Eric Fagan, Soren Schmidt, Scott Bartram, and myself,
Steven Wallace.
Features of this new emulator system include:
o "clean" code, including strict prototyping.
o Auto-generation of ibcs2 system calls, xenix system calls, isc system
calls. Generation includes system tables, structure definitions,
and prototyping of function calls.
o ibcs2 emulator does not rely on any COMPAT_43 system calls.
o embedded socksys support
o ibcs2 msgsys, semsys, shmsys calls supported if supported in kernel
o alternate /emul/ibcs2 namespace searched first for files in ibcs2
system. Usefull to keep sysv libraries, binaries in /emul/ibcs2.
o many other finer details and functions fixed or implemented.
This is the main files for the iBCS2 emulator. It can be use
compiled into the kernel by using:
options IBCS2
options COMPAT_IBCS2
or as a lkm module using:
options COMPAT_IBCS2
and then loading it via the ibcs2 script in /usr/bin
REMEMBER: this code is still experimental ! NO WARRENTY !
Submitted by: sef@kithrup.com, mostyn@mrl.com, sos@kmd-ac.dk
