d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5c4b64e66b
freebsd-dev/sbin
History
Mark Johnston 04e9edb544 Capsicumize rtsol(8) and rtsold(8). 
These programs parse ND6 Router Advertisement messages; rtsold(8) has
required an SA, SA-14:20.rtsold, for a bug in this code.  Thus, they
are good candidates for sandboxing.

The approach taken is to run the main executable in capability mode
and use Casper services to provide functionality that cannot be
implemented within the sandbox.  In particular, several custom services
were required.

- A Casper service is used to send Router Solicitation messages on a
  raw ICMP6 socket.  Initially I took the approach of creating a
  socket for each interface upon startup, and connect(2)ing it to
  the all-routers multicast group for the interface.  This permits
  the use of sendmsg(2) in capability mode, but only works if the
  interface's link is up when rtsol(d) starts.  So, instead, the
  rtsold.sendmsg service is used to transmit RS messages on behalf
  of the main process.  One could alternately define a service
  which simply creates and connects a socket for each destination
  address, and returns the socket to the sandboxed process.  However,
  to implement rtsold's -m option we also need to read the ND6 default
  router list, and this cannot be done in capability mode.
- rtsold may execute resolvconf(8) in response to RDNSS and DNSSL
  options in received RA messages.  A Casper service is used to
  fork and exec resolvconf(8), and to reap the child process.
- A service is used to determine whether a given interface's
  link-local address is useable (i.e., not duplicated or undergoing
  DAD).  This information is supplied by getifaddrs(3), which reads
  a sysctl not available in capability mode.  The SIOCGIFCONF socket
  ioctl provides equivalent information and can be used in capability
  mode, but I decided against it for now because of some limitations
  of that interface.

In addition to these new services, cap_syslog(3) is used to send
messages to syslogd.

Reviewed by:	oshogbo
Tested by:	bz (previous versions)
MFC after:	2 months
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D17572
2019-01-05 16:05:39 +00:00
..
adjkerntz various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
bectl bectl: use jail id as the default jail name for a boot environment 2018-12-25 15:18:41 +00:00
bsdlabel Move disktab to sbin/bsdlabel/ 2018-09-18 20:52:24 +00:00
camcontrol NVME support is only for x86 and powerpc64. 2018-06-14 01:15:19 +00:00
ccdconfig ccdconfig: Move VCS tags to be more consistent with our style. 2017-12-30 00:26:42 +00:00
clri In preparation for adding inode check-hashes, clean up and 2018-11-13 21:40:56 +00:00
comcontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
conscontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
ddb Move ddb.conf to sbin/ddb/ and switch to CONFS. 2018-08-11 13:25:39 +00:00
decryptcore Make decryptcore(8) buildable. 2018-09-19 07:07:03 +00:00
devd Further research shows usbdump(8) is what we should point people at 2018-11-02 22:18:02 +00:00
devfs Move all devfs related files to sbin/devfs/ 2018-08-22 15:55:23 +00:00
devmatch Add in a missing newline 2018-08-25 15:47:52 +00:00
dhclient capsicum: use a new capsicum helpers in tools 2018-11-04 19:24:49 +00:00
dmesg General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
dump Normally when an attempt is made to mount a UFS/FFS filesystem whose 2018-12-06 00:09:39 +00:00
dumpfs The goal of this change is to prevent accidental foot shooting by 2018-02-08 23:06:58 +00:00
dumpon Avoid clobbering a user-specified -g value after r340547. 2018-11-20 18:10:56 +00:00
etherswitchcfg Finish removing FDDI and tokenring media support. 2018-04-23 21:10:33 +00:00
fdisk Allow fdisk(8) to deal with sectors larger than 2048 2018-10-25 12:13:13 +00:00
ffsinfo In preparation for adding inode check-hashes, clean up and 2018-11-13 21:40:56 +00:00
fsck various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
fsck_ffs Fsck would find, report, and offer to fix inode check-hash failures. 2018-12-15 17:32:47 +00:00
fsck_msdosfs Detect and handle invalid number of FATs 2018-07-13 02:02:16 +00:00
fsdb In preparation for adding inode check-hashes, change the fsck_ffs 2018-10-31 05:17:53 +00:00
fsirand Continuing efforts to provide hardening of FFS. This change adds a 2018-12-11 22:14:37 +00:00
gbde various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
geom Add the "-t" option to geom(8) utility, to display geoms hierarchy. 2018-09-14 15:29:45 +00:00
ggate ggated: do not expose stack data in sendfail() 2018-12-04 15:25:15 +00:00
growfs Normally when an attempt is made to mount a UFS/FFS filesystem whose 2018-12-06 00:09:39 +00:00
gvinum gvinum: revert WARNS change in Makefile 2018-06-17 01:39:22 +00:00
hastctl various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
hastd Revert 335888 ("Ensure va_list is declared by including stdarg.h.") 2018-07-03 15:48:34 +00:00
ifconfig ifconfig.4, lagg.4: fix documentation bug: -use_flowid needs to be used 2018-12-22 11:38:54 +00:00
init Move the rc framework out of sbin/init into libexec/rc. 2018-10-17 16:49:11 +00:00
ipf rescue ipf: Remove hacks and link in libipf directly. 2017-11-10 07:52:58 +00:00
ipfw Allow use underscores and dots in service names without escaping. 2018-12-21 10:41:45 +00:00
iscontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
kldconfig various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
kldload various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
kldstat Allow three digits of module id without breaking table alignment. 2018-07-02 09:14:00 +00:00
kldunload various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
ldconfig Make ldconfig(8) atomic, by removing an unneccessary call to unlink(2) 2018-08-09 11:46:12 +00:00
md5 capsicum: use a new capsicum helpers in tools 2018-11-04 19:24:49 +00:00
mdconfig Use VOP_ADVISE() with POSIX_FADV_DONTNEED instead of IO_DIRECT to 2018-12-21 08:15:31 +00:00
mdmfs mdmfs(8): Check for other types of helper-program failure 2018-10-20 21:33:00 +00:00
mknod General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
mksnap_ffs various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
mount When getting mount information for all filesystems, mount uses the 2018-08-07 21:17:45 +00:00
mount_cd9660 Advise reader to also see mdconfig(8) in mount_cd9660(8). 2018-08-11 08:34:24 +00:00
mount_fusefs mount_fusefs.8: expand HISTORY section 2018-11-17 21:35:01 +00:00
mount_msdosfs mount_msdosfs: do not fail mounts requiring locale name conversion table 2018-10-27 16:41:34 +00:00
mount_nfs General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
mount_nullfs General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
mount_udf General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
mount_unionfs General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
nandfs various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
natd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
newfs Continuing efforts to provide hardening of FFS. This change adds a 2018-12-11 22:14:37 +00:00
newfs_msdos Added option to cluster-align the start of the root directory. 2018-06-15 06:03:40 +00:00
newfs_nandfs various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
nfsiod General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
nos-tun various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
nvmecontrol Try the first 256 units with nvmecontrol devlist. 2018-12-21 23:22:37 +00:00
pfctl pfctl: Populate ifname in ifa_lookup() 2018-11-08 21:53:09 +00:00
pflogd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
ping Use caph_enter_casper() in ping(8). 2018-12-18 16:47:03 +00:00
ping6 General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
quotacheck Normally when an attempt is made to mount a UFS/FFS filesystem whose 2018-12-06 00:09:39 +00:00
rcorder rcorder(8): add support for /etc/rc.resume, so it calls "rcorder -k resume" 2018-10-27 17:21:13 +00:00
reboot Fix "fasthalt" to halt instead of reboot 2018-09-14 18:12:30 +00:00
recoverdisk SPDX: use the Beerware identifier. 2017-11-30 20:33:45 +00:00
resolvconf sbin: normalize paths using SRCTOP-relative paths or :H when possible 2017-03-04 11:33:01 +00:00
restore Re-enable reading byte swapped NFS_MAGIC dumps. 2018-08-11 16:12:23 +00:00
route route(8): correctly return exit status when "-q" flag is used. 2018-10-27 07:59:19 +00:00
routed When bind fails, make sure we closed the socket we tried to bind the 2017-12-28 05:34:24 +00:00
rtsol Capsicumize rtsol(8) and rtsold(8). 2019-01-05 16:05:39 +00:00
savecore Disable savecore(8)'s libcasper support when WITHOUT_DYNAMICROOT=yes. 2019-01-04 19:20:19 +00:00
sconfig DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
setkey General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
shutdown shutdown: Fix r327476 by adding init 2018-01-02 09:02:42 +00:00
spppcontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
sunlabel General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
swapon General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
sysctl sysctl(8): Add a standard exit status section. 2018-09-24 20:46:45 +00:00
tests Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installed 2016-05-04 23:20:53 +00:00
tunefs In preparation for adding inode check-hashes, clean up and 2018-11-13 21:40:56 +00:00
umount umount: remove sync(2) call when used with -f 2018-09-13 13:57:42 +00:00
zfsbootcfg DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
Makefile Rename be(1) to bectl(8); continues to live in /sbin 2018-07-24 13:21:44 +00:00
Makefile.amd64 NVME support is only for x86 and powerpc64. 2018-06-14 01:15:19 +00:00
Makefile.arm
Makefile.i386 NVME support is only for x86 and powerpc64. 2018-06-14 01:15:19 +00:00
Makefile.inc
Makefile.mips
Makefile.powerpc64 NVME support is only for x86 and powerpc64. 2018-06-14 01:15:19 +00:00
Makefile.sparc64