It also turns off dependencies (bsdinstall, bsdconfig, dpv, tzsetup).
Reviewed by: dteske
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7969
1. macOS nor Linux have MAP_NOCORE nor MAP_NOSYNC. Define as 0.
2. macOS doesn't have SEEK_DATA nor SEEK_HOLE. Define as -1
so that lseek will return -1 (with errno set to EINVAL).
3. gcc correctly warns that error is assigned but not used in
image_copyout_region(). Fix by returning on the first error.
Not only is the header unportable, the encoding/decoding functions
are as well. Instead, duplicate the handful of small inlines we
need into a private header called endian.h.
Aside: an alternative approach is to move the encoding/decoding
functions to a separate system header. While the header is still
nonportable, such an approach would make it possible to re-use the
definitions by playing games with include paths. This may be the
preferred approach if more (build) utilities need this. This
change does not preclude that. In fact, it makes it easier.
otherwise format_resize(), which is called right after, isn't
getting the current/actual image size. Rather than rounding up,
format_resize() could end up truncating the size and we don't
allow that by design.
MFC after: 1 week
Closing stdin/stdout/stderr is often a bad idea as a future open()
can end up with its fd. Leave it open and limit it to no rights
instead.
Reviewed by: cem
Differential Revision: https://reviews.freebsd.org/D7984
bspatch previously included sys/capability.h or sys/capsicum.h based
on __FreeBSD_version, as FreeBSD is the upstream for bsdiff and we may
see this file incorporated into other third-party software.
The Capsicum header is now installed as sys/capsicum.h in stable/10 and
FreeBSD 10.3, so we can just use sys/capsicum.h and simplify the logic.
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D7954
This is not actually documented or even implied in style(9). Make the change
to match convention. Someone should document this convention in style(9).
Reported by: jhb
Sponsored by: EMC Dell Isilon
This is a nice and trivial program for sandboxing. One input file, one
output file.
Reviewed by: pfg
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D7920
This is a straightforward single input, single output program for
capsicum.
Reviewed by: bapt
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D7928
stdio uses fstat and the TIOCGETA ioctl. Also collapse the
cap_rights_limit and new cap_ioctls_limit calls into one if statement.
Errors here are not actionable by the user and distinguishing stdout
from stderr doesn't really have value.
Reported by: kib
Reviewed by: allanjude, bapt
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7944
if getcwd fails: just ignore it and do not try to adding to the list of possible
path where to find the files.
if fdopen fails, warn and return NULL the rest of the code knows how to deal
with it
Reported by: oshogbo
As a trick to be able to access all files passed in arguments (readonly) within
the sandbox we first open the root directory, then consider all files as
relative to this file descriptor.
This might be improved once casper add supports for filesystem.
MFC after: 1 month
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D7936
errx() prefixes the error string with argv[0] so including "login: "
in the string is redundant. Also remove a superfluous newline.
Sponsored by: The FreeBSD Foundation
The first argument of calloc(3) should be an ordinal type, and the
second a size: split a multiplication to make better use of calloc(3)
and detect overflows.
Do some other re-ordering and style fixes while here.
MFC after: 3 weeks
Note that this introduces an explicit 2GB limit, but this was already
implicit in variable and function argument types.
This is based on the "non-cryptanalytic attacks against freebsd
update components" anonymous gist. Further refinement is planned.
Reviewed by: allanjude, cem, kib
Obtained from: anonymous gist
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7619
process. We don't *quite* pull that number out of our backside, as
the actual number is difficult to determine without modifying the VM
system to report it, but it's still useful to get an idea of what's
going on when a machine unexpectedly starts swapping.
MFC after: 1 week
(On RISC-V MK_CXX is in BROKEN_OPTIONS, so users remains skipped there.)
Reviewed by: bdrewery
Differential Revision: https://reviews.freebsd.org/D7725
to -32768 when it is used as an argument to mp_itom(), in both libtelnet
and newkey. This code has been wrong since r26238 (!), so after almost
20 years it is rather useless to try to correct it.
MFC after: 1 week
It's not necessarily intuitive that the variables to query contain TRUSTEDBSD
in the prefix. Add non-TRUSTEDBSD prefixed knobs for querying things like
"_PC_ACL_NFS4".
MFC after: 1 week
Relnotes: yes
Reviewed by: wollman
Sponsored by: EMC / Isilon Storage Division
Differential Revision: https://reviews.freebsd.org/D7618
Move all of the fopen() and open() calls to the top of main()
Restrict each FD to least privilege (read/seek only, write only, etc)
cap_enter(), and make all except the output FD read/seek only.
Reviewed by: emaste, ed, oshogbo, delphij
Approved by: so
MFC after: 3 days
Relnotes: yes
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D7358
