Commit Graph

44 Commits

Author SHA1 Message Date
Edward Tomasz Napierala
0634390572 chroot: fix typo in usage
While here also fix typo in a variable name.

Reported By:	oshogbo
2021-07-21 10:16:11 +01:00
Edward Tomasz Napierala
a40cf4175c Implement unprivileged chroot
This builds on recently introduced NO_NEW_PRIVS flag to implement
unprivileged chroot, enabled by `security.bsd.unprivileged_chroot`.
It allows non-root processes to chroot(2), provided they have the
NO_NEW_PRIVS flag set.

The chroot(8) utility gets a new flag, -n, which sets NO_NEW_PRIVS
before chrooting.

Reviewed By:	kib
Sponsored By:	EPSRC
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D30130
2021-07-20 08:57:53 +00:00
Warner Losh
643d5ca3d6 Chroot first appeared in 4.3-Reno, not in 4.4 in the BSD world,
but in System III in the AT&T world.

Examination of the TUHS archives shows this was present in 4.3-Reno
and System III.

Reviewed by: 0mp@, allanjude@
MFC After: 3 days
Differential Revision: https://reviews.freebsd.org/D25479
2020-06-26 22:23:15 +00:00
Mateusz Piotrowski
f0181db72e chroot.8: Add examples & clean up
- Sort arguments in synopsis.
- Clarify that it is possible to specify arguments to the command (and that
  they could be passed as further arguments to chroot(1)).
- Standardize the description of the flags.
- Improve formatting (e.g., do not use macros in strings specifying width).
- Add examples.

Reviewed by:	bcr
Approved by:	bcr (doc)
Approved by:	krion (mentor, implicit), mat (mentor, implicit)
Differential Revision:	https://reviews.freebsd.org/D19582
2019-03-14 14:34:36 +00:00
Pedro F. Giffuni
8a16b7a18f General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
2017-11-20 19:49:47 +00:00
Bryan Drewery
ea825d0274 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
Warner Losh
fbbd9655e5 Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
Simon J. Gerraty
ccfb965433 Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
Simon J. Gerraty
44d314f704 dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
Simon J. Gerraty
fae50821ae Updated dependencies 2014-05-16 14:09:51 +00:00
Simon J. Gerraty
76b28ad6ab Updated dependencies 2014-05-10 05:16:28 +00:00
Simon J. Gerraty
7cf3a1c6b2 Updated dependencies 2013-03-11 17:21:52 +00:00
Simon J. Gerraty
f5f7c05209 Updated dependencies 2013-02-16 01:23:54 +00:00
Simon J. Gerraty
23090366f7 Sync from head 2012-11-04 02:52:03 +00:00
Joel Dahl
4d36343e3a Minor mdoc fixes. 2012-10-07 19:53:04 +00:00
Marcel Moolenaar
7750ad47a9 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
Ed Schouten
4c46bfb6dc Eliminate global variables.
There is no reason why these three variables should be declared as
global variables, while the others aren't. They are only used inside
main().
2011-11-06 16:40:17 +00:00
Ed Schouten
71ccf09269 The last big commit: let usr.sbin/ use WARNS=6 by default. 2010-01-02 11:07:44 +00:00
Ed Schouten
9a958de54c ANSIfy some more tools in usr.sbin/.
Most of these tools build with WARNS=6, except for their use of K&R
function declarations.
2010-01-02 11:05:34 +00:00
Brooks Davis
54404cfb13 In preparation for raising NGROUPS and NGROUPS_MAX, change base
system callers of getgroups(), getgrouplist(), and setgroups() to
allocate buffers dynamically.  Specifically, allocate a buffer of size
sysconf(_SC_NGROUPS_MAX)+1 (+2 in a few cases to allow for overflow).

This (or similar gymnastics) is required for the code to actually follow
the POSIX.1-2008 specification where {NGROUPS_MAX} may differ at runtime
and where getgroups may return {NGROUPS_MAX}+1 results on systems like
FreeBSD which include the primary group.

In id(1), don't pointlessly add the primary group to the list of all
groups, it is always the first result from getgroups().  In principle
the old code was more portable, but this was only done in one of the two
places where getgroups() was called to the overall effect was pointless.

Document the actual POSIX requirements in the getgroups(2) and
setgroups(2) manpages.  We do not yet support a dynamic NGROUPS, but we
may in the future.

MFC after:	2 weeks
2009-06-19 15:58:24 +00:00
Warner Losh
23717fc46a Per letter dated July 22, 1999, delete clause 3 from code directly
from Berkeley.
2004-08-07 04:19:37 +00:00
Mike Makonnen
4fb3a3060c Allow the optional setting of a user, primary group, or grouplist
when chrooting.

Obtained from:	NetBSD
MFC after:	4 weeks
2003-06-07 10:56:12 +00:00
Mike Makonnen
fe6983de4b Explicitly compare the values returned by chdir(2) and chroot(2) to -1. 2003-06-02 05:52:24 +00:00
David E. O'Brien
b728350ee6 Use __FBSDID over rcsid[]. Protect copyright[] where needed. 2003-05-03 21:06:42 +00:00
David E. O'Brien
052238b16c style.Makefile(5) 2003-04-04 17:49:21 +00:00
Philippe Charnier
490d5836b5 The .Nm utility 2002-07-14 14:47:15 +00:00
Alfred Perlstein
d89167b4ea de-__P() 2002-07-11 18:31:16 +00:00
Ruslan Ermilov
c5001dbd09 Pedantry to satisfy the bin/34159 author. 2002-03-15 12:24:44 +00:00
Ruslan Ermilov
6dd5958b99 Finish cleanup in chroot.c CSRG revision 5.6 by Keith Bostic
(never installed setuid, so don't need to reset the uid).

PR:		bin/34159
2002-01-22 10:44:02 +00:00
Mike Pritchard
a2e78261bb Add xref to jail(8)
PR:		docs/33178
Submitted by:	Tom Rhodes <darklogik@pittgoth.com>
2001-12-28 09:24:19 +00:00
Mike Heffner
28644e448a Reorder WARNS line for style.
Pointed out by:	bde
2001-12-10 21:13:36 +00:00
Mike Heffner
408d219e0a WARNS=2 cleanup.
Submitted by:	Maxime Henrion <mux@qualys.com>
MFC after:	2 weeks
2001-12-09 21:56:31 +00:00
Ruslan Ermilov
a4c37c816b mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 15:12:08 +00:00
Brian Somers
7bc6d0158f Fix the type of the NULL arg to execl()
Idea from: Theo de Raadt <deraadt@openbsd.org>
2001-07-09 09:24:06 +00:00
Ruslan Ermilov
345e52e742 - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:42:20 +00:00
Ruslan Ermilov
c73e22c3d4 Set the default manual section for usr.sbin/ to 8. 2001-03-20 18:17:26 +00:00
Ruslan Ermilov
e97407b4f2 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
Peter Wemm
97d92980a9 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
Nik Clayton
414a35e60a Add $Id$, to make it simpler for members of the translation teams to
track.

The Id line is normally at the bottom of the main comment block in the
man page, separated from the rest of the manpage by an empty comment,
like so;

     .\"    $Id$
     .\"

If the immediately preceding comment is a @(#) format ID marker than the
the $Id$ will line up underneath it with no intervening blank lines.
Otherwise, an additional blank line is inserted.

Approved by:            bde
1999-07-12 20:12:29 +00:00
Philippe Charnier
14b374a5c4 Remove unused #include. Statisize usage(). 1997-09-15 06:32:01 +00:00
Warner Losh
6c3f552a31 compare return value from getopt against -1 rather than EOF, per the final
posix standard on the topic.
1997-03-31 05:11:47 +00:00
Mike Pritchard
c0b0bcf4d3 Use the .Bx macro where appropriate. 1996-08-23 20:36:11 +00:00
Garrett Wollman
84e59eb50d Get rid of update. Make man page installation work with our scheme
(and rename a few in the process).
1994-08-05 16:31:05 +00:00
Rodney W. Grimes
dea673e932 BSD 4.4 Lite usr.sbin Sources 1994-05-26 05:23:31 +00:00