1997-03-11 11:35:56 +00:00
|
|
|
# @(#)Makefile.inc 8.3 (Berkeley) 10/24/94
|
1999-08-28 00:22:10 +00:00
|
|
|
# $FreeBSD$
|
1994-05-27 05:00:24 +00:00
|
|
|
|
|
|
|
# sys sources
|
2010-08-24 20:54:43 +00:00
|
|
|
.PATH: ${.CURDIR}/${LIBC_ARCH}/sys ${.CURDIR}/sys
|
Yikes, this is the worst of the lot. Bruce suggested doing this (!).
Include the architecture specific sys makefile like previously, but
what this contains differs. It defines MDASM which list architecture
specific asm code that *replaces* syscalls of the same name defined
in MIASM (which gets defined by the syscall.mk or netbsd_syscall.mk
dependent of NETBSD_SYSCALLS being defined). If a syscall has a
C source implementation or something funny done to it, or just doesn't
need default asm source generated for it, then it is listed in NOASM.
syscall.mk is generated by makesyscalls.sh with other syscall files.
netbsd_syscall.mk is a hand-generated equivalent. So if a new syscall
is added and no other makefiles are edited, it will automatically have
the default asm source generated for it (whether you want it or not).
Anything listed in MDASM gets added to SRCS and gets built. For
each syscall name in MIASM, if it doesn't exist in MDASM or NOASM,
it gets added to the ASM or ASMR lists to have code generated for it.
If the syscall name was listed in HIDDEN_SYSCALLS (intended for use
by libc_r, not libc which has it defined, but empty), then the name
is added to the ASMR list and gets renamed before being built;
otherwise it is added to the ASM list and gets built with the same
name.
I wonder if this is too complicated. But it works on both i386 and alpha.
1998-03-09 07:22:12 +00:00
|
|
|
|
|
|
|
# Include the generated makefile containing the *complete* list
|
|
|
|
# of syscall names in MIASM.
|
|
|
|
.include "${.CURDIR}/../../sys/sys/syscall.mk"
|
|
|
|
|
|
|
|
# Include machine dependent definitions.
|
|
|
|
#
|
|
|
|
# MDASM names override the default syscall names in MIASM.
|
|
|
|
# NOASM will prevent the default syscall code from being generated.
|
|
|
|
#
|
2010-08-24 20:54:43 +00:00
|
|
|
.sinclude "${.CURDIR}/${LIBC_ARCH}/sys/Makefile.inc"
|
Yikes, this is the worst of the lot. Bruce suggested doing this (!).
Include the architecture specific sys makefile like previously, but
what this contains differs. It defines MDASM which list architecture
specific asm code that *replaces* syscalls of the same name defined
in MIASM (which gets defined by the syscall.mk or netbsd_syscall.mk
dependent of NETBSD_SYSCALLS being defined). If a syscall has a
C source implementation or something funny done to it, or just doesn't
need default asm source generated for it, then it is listed in NOASM.
syscall.mk is generated by makesyscalls.sh with other syscall files.
netbsd_syscall.mk is a hand-generated equivalent. So if a new syscall
is added and no other makefiles are edited, it will automatically have
the default asm source generated for it (whether you want it or not).
Anything listed in MDASM gets added to SRCS and gets built. For
each syscall name in MIASM, if it doesn't exist in MDASM or NOASM,
it gets added to the ASM or ASMR lists to have code generated for it.
If the syscall name was listed in HIDDEN_SYSCALLS (intended for use
by libc_r, not libc which has it defined, but empty), then the name
is added to the ASMR list and gets renamed before being built;
otherwise it is added to the ASM list and gets built with the same
name.
I wonder if this is too complicated. But it works on both i386 and alpha.
1998-03-09 07:22:12 +00:00
|
|
|
|
2012-06-22 07:13:30 +00:00
|
|
|
SRCS+= clock_gettime.c gettimeofday.c __vdso_gettimeofday.c
|
|
|
|
NOASM+= clock_gettime.o gettimeofday.o
|
|
|
|
PSEUDO+= _clock_gettime.o _gettimeofday.o
|
|
|
|
|
Yikes, this is the worst of the lot. Bruce suggested doing this (!).
Include the architecture specific sys makefile like previously, but
what this contains differs. It defines MDASM which list architecture
specific asm code that *replaces* syscalls of the same name defined
in MIASM (which gets defined by the syscall.mk or netbsd_syscall.mk
dependent of NETBSD_SYSCALLS being defined). If a syscall has a
C source implementation or something funny done to it, or just doesn't
need default asm source generated for it, then it is listed in NOASM.
syscall.mk is generated by makesyscalls.sh with other syscall files.
netbsd_syscall.mk is a hand-generated equivalent. So if a new syscall
is added and no other makefiles are edited, it will automatically have
the default asm source generated for it (whether you want it or not).
Anything listed in MDASM gets added to SRCS and gets built. For
each syscall name in MIASM, if it doesn't exist in MDASM or NOASM,
it gets added to the ASM or ASMR lists to have code generated for it.
If the syscall name was listed in HIDDEN_SYSCALLS (intended for use
by libc_r, not libc which has it defined, but empty), then the name
is added to the ASMR list and gets renamed before being built;
otherwise it is added to the ASM list and gets built with the same
name.
I wonder if this is too complicated. But it works on both i386 and alpha.
1998-03-09 07:22:12 +00:00
|
|
|
# Sources common to both syscall interfaces:
|
2010-08-24 12:58:54 +00:00
|
|
|
SRCS+= stack_protector.c stack_protector_compat.c __error.c
|
2007-07-04 23:23:01 +00:00
|
|
|
.if !defined(WITHOUT_SYSCALL_COMPAT)
|
2011-03-17 04:40:37 +00:00
|
|
|
SYSCALL_COMPAT_SRCS= fcntl.c ftruncate.c lseek.c mmap.c pread.c \
|
|
|
|
pwrite.c truncate.c
|
|
|
|
SRCS+= ${SYSCALL_COMPAT_SRCS}
|
|
|
|
NOASM+= ${SYSCALL_COMPAT_SRCS:S/.c/.o/}
|
2008-04-04 09:43:03 +00:00
|
|
|
PSEUDO+= _fcntl.o
|
2007-07-04 23:23:01 +00:00
|
|
|
.endif
|
2010-09-10 01:47:37 +00:00
|
|
|
SRCS+= sigwait.c
|
|
|
|
NOASM+= sigwait.o
|
|
|
|
PSEUDO+= _sigwait.o
|
Yikes, this is the worst of the lot. Bruce suggested doing this (!).
Include the architecture specific sys makefile like previously, but
what this contains differs. It defines MDASM which list architecture
specific asm code that *replaces* syscalls of the same name defined
in MIASM (which gets defined by the syscall.mk or netbsd_syscall.mk
dependent of NETBSD_SYSCALLS being defined). If a syscall has a
C source implementation or something funny done to it, or just doesn't
need default asm source generated for it, then it is listed in NOASM.
syscall.mk is generated by makesyscalls.sh with other syscall files.
netbsd_syscall.mk is a hand-generated equivalent. So if a new syscall
is added and no other makefiles are edited, it will automatically have
the default asm source generated for it (whether you want it or not).
Anything listed in MDASM gets added to SRCS and gets built. For
each syscall name in MIASM, if it doesn't exist in MDASM or NOASM,
it gets added to the ASM or ASMR lists to have code generated for it.
If the syscall name was listed in HIDDEN_SYSCALLS (intended for use
by libc_r, not libc which has it defined, but empty), then the name
is added to the ASMR list and gets renamed before being built;
otherwise it is added to the ASM list and gets built with the same
name.
I wonder if this is too complicated. But it works on both i386 and alpha.
1998-03-09 07:22:12 +00:00
|
|
|
|
|
|
|
# Add machine dependent asm sources:
|
|
|
|
SRCS+=${MDASM}
|
|
|
|
|
|
|
|
# Look though the complete list of syscalls (MIASM) for names that are
|
|
|
|
# not defined with machine dependent implementations (MDASM) and are
|
2001-01-29 03:23:46 +00:00
|
|
|
# not declared for no generation of default code (NOASM). Add each
|
|
|
|
# syscall that satisfies these conditions to the ASM list.
|
2000-08-01 18:50:29 +00:00
|
|
|
.for _asm in ${MIASM}
|
Yikes, this is the worst of the lot. Bruce suggested doing this (!).
Include the architecture specific sys makefile like previously, but
what this contains differs. It defines MDASM which list architecture
specific asm code that *replaces* syscalls of the same name defined
in MIASM (which gets defined by the syscall.mk or netbsd_syscall.mk
dependent of NETBSD_SYSCALLS being defined). If a syscall has a
C source implementation or something funny done to it, or just doesn't
need default asm source generated for it, then it is listed in NOASM.
syscall.mk is generated by makesyscalls.sh with other syscall files.
netbsd_syscall.mk is a hand-generated equivalent. So if a new syscall
is added and no other makefiles are edited, it will automatically have
the default asm source generated for it (whether you want it or not).
Anything listed in MDASM gets added to SRCS and gets built. For
each syscall name in MIASM, if it doesn't exist in MDASM or NOASM,
it gets added to the ASM or ASMR lists to have code generated for it.
If the syscall name was listed in HIDDEN_SYSCALLS (intended for use
by libc_r, not libc which has it defined, but empty), then the name
is added to the ASMR list and gets renamed before being built;
otherwise it is added to the ASM list and gets built with the same
name.
I wonder if this is too complicated. But it works on both i386 and alpha.
1998-03-09 07:22:12 +00:00
|
|
|
.if (${MDASM:R:M${_asm:R}} == "")
|
|
|
|
.if (${NOASM:R:M${_asm:R}} == "")
|
|
|
|
ASM+=$(_asm)
|
|
|
|
.endif
|
|
|
|
.endif
|
|
|
|
.endfor
|
|
|
|
|
2001-01-29 03:23:46 +00:00
|
|
|
OBJS+= ${ASM} ${PSEUDO}
|
1997-05-03 03:50:06 +00:00
|
|
|
|
1997-04-23 10:49:54 +00:00
|
|
|
SASM= ${ASM:S/.o/.S/}
|
1994-08-28 17:34:16 +00:00
|
|
|
|
1997-04-23 10:49:54 +00:00
|
|
|
SPSEUDO= ${PSEUDO:S/.o/.S/}
|
1994-08-28 17:34:16 +00:00
|
|
|
|
2001-01-29 03:23:46 +00:00
|
|
|
SRCS+= ${SASM} ${SPSEUDO}
|
1994-05-27 05:00:24 +00:00
|
|
|
|
2006-03-13 01:15:01 +00:00
|
|
|
SYM_MAPS+= ${.CURDIR}/sys/Symbol.map
|
|
|
|
|
1997-05-12 09:59:25 +00:00
|
|
|
# Generated files
|
2001-01-29 03:23:46 +00:00
|
|
|
CLEANFILES+= ${SASM} ${SPSEUDO}
|
1997-05-12 09:59:25 +00:00
|
|
|
|
2011-01-25 21:06:49 +00:00
|
|
|
.if ${MACHINE_CPUARCH} == "amd64" || ${MACHINE_CPUARCH} == "i386" || \
|
|
|
|
${MACHINE_CPUARCH} == "powerpc"
|
|
|
|
NOTE_GNU_STACK='\t.section .note.GNU-stack,"",%%progbits\n'
|
|
|
|
.else
|
|
|
|
NOTE_GNU_STACK=''
|
|
|
|
.endif
|
|
|
|
|
1997-04-23 10:49:54 +00:00
|
|
|
${SASM}:
|
2009-06-24 21:10:52 +00:00
|
|
|
printf '#include "compat.h"\n' > ${.TARGET}
|
|
|
|
printf '#include "SYS.h"\nRSYSCALL(${.PREFIX})\n' >> ${.TARGET}
|
2011-01-25 21:06:49 +00:00
|
|
|
printf ${NOTE_GNU_STACK} >>${.TARGET}
|
1994-08-28 17:34:16 +00:00
|
|
|
|
1997-04-23 10:49:54 +00:00
|
|
|
${SPSEUDO}:
|
2009-06-24 21:10:52 +00:00
|
|
|
printf '#include "compat.h"\n' > ${.TARGET}
|
2001-01-29 03:23:46 +00:00
|
|
|
printf '#include "SYS.h"\nPSEUDO(${.PREFIX:S/_//})\n' \
|
2009-06-24 21:10:52 +00:00
|
|
|
>> ${.TARGET}
|
2011-01-25 21:06:49 +00:00
|
|
|
printf ${NOTE_GNU_STACK} >>${.TARGET}
|
1997-05-03 03:50:06 +00:00
|
|
|
|
2013-02-16 22:21:46 +00:00
|
|
|
MAN+= abort2.2 \
|
|
|
|
accept.2 \
|
|
|
|
access.2 \
|
|
|
|
acct.2 \
|
|
|
|
adjtime.2 \
|
|
|
|
aio_cancel.2 \
|
|
|
|
aio_error.2 \
|
|
|
|
aio_read.2 \
|
|
|
|
aio_return.2 \
|
|
|
|
aio_suspend.2 \
|
|
|
|
aio_waitcomplete.2 \
|
|
|
|
aio_write.2 \
|
|
|
|
bind.2 \
|
|
|
|
brk.2 \
|
|
|
|
cap_enter.2 \
|
Merge Capsicum overhaul:
- Capability is no longer separate descriptor type. Now every descriptor
has set of its own capability rights.
- The cap_new(2) system call is left, but it is no longer documented and
should not be used in new code.
- The new syscall cap_rights_limit(2) should be used instead of
cap_new(2), which limits capability rights of the given descriptor
without creating a new one.
- The cap_getrights(2) syscall is renamed to cap_rights_get(2).
- If CAP_IOCTL capability right is present we can further reduce allowed
ioctls list with the new cap_ioctls_limit(2) syscall. List of allowed
ioctls can be retrived with cap_ioctls_get(2) syscall.
- If CAP_FCNTL capability right is present we can further reduce fcntls
that can be used with the new cap_fcntls_limit(2) syscall and retrive
them with cap_fcntls_get(2).
- To support ioctl and fcntl white-listing the filedesc structure was
heavly modified.
- The audit subsystem, kdump and procstat tools were updated to
recognize new syscalls.
- Capability rights were revised and eventhough I tried hard to provide
backward API and ABI compatibility there are some incompatible changes
that are described in detail below:
CAP_CREATE old behaviour:
- Allow for openat(2)+O_CREAT.
- Allow for linkat(2).
- Allow for symlinkat(2).
CAP_CREATE new behaviour:
- Allow for openat(2)+O_CREAT.
Added CAP_LINKAT:
- Allow for linkat(2). ABI: Reuses CAP_RMDIR bit.
- Allow to be target for renameat(2).
Added CAP_SYMLINKAT:
- Allow for symlinkat(2).
Removed CAP_DELETE. Old behaviour:
- Allow for unlinkat(2) when removing non-directory object.
- Allow to be source for renameat(2).
Removed CAP_RMDIR. Old behaviour:
- Allow for unlinkat(2) when removing directory.
Added CAP_RENAMEAT:
- Required for source directory for the renameat(2) syscall.
Added CAP_UNLINKAT (effectively it replaces CAP_DELETE and CAP_RMDIR):
- Allow for unlinkat(2) on any object.
- Required if target of renameat(2) exists and will be removed by this
call.
Removed CAP_MAPEXEC.
CAP_MMAP old behaviour:
- Allow for mmap(2) with any combination of PROT_NONE, PROT_READ and
PROT_WRITE.
CAP_MMAP new behaviour:
- Allow for mmap(2)+PROT_NONE.
Added CAP_MMAP_R:
- Allow for mmap(PROT_READ).
Added CAP_MMAP_W:
- Allow for mmap(PROT_WRITE).
Added CAP_MMAP_X:
- Allow for mmap(PROT_EXEC).
Added CAP_MMAP_RW:
- Allow for mmap(PROT_READ | PROT_WRITE).
Added CAP_MMAP_RX:
- Allow for mmap(PROT_READ | PROT_EXEC).
Added CAP_MMAP_WX:
- Allow for mmap(PROT_WRITE | PROT_EXEC).
Added CAP_MMAP_RWX:
- Allow for mmap(PROT_READ | PROT_WRITE | PROT_EXEC).
Renamed CAP_MKDIR to CAP_MKDIRAT.
Renamed CAP_MKFIFO to CAP_MKFIFOAT.
Renamed CAP_MKNODE to CAP_MKNODEAT.
CAP_READ old behaviour:
- Allow pread(2).
- Disallow read(2), readv(2) (if there is no CAP_SEEK).
CAP_READ new behaviour:
- Allow read(2), readv(2).
- Disallow pread(2) (CAP_SEEK was also required).
CAP_WRITE old behaviour:
- Allow pwrite(2).
- Disallow write(2), writev(2) (if there is no CAP_SEEK).
CAP_WRITE new behaviour:
- Allow write(2), writev(2).
- Disallow pwrite(2) (CAP_SEEK was also required).
Added convinient defines:
#define CAP_PREAD (CAP_SEEK | CAP_READ)
#define CAP_PWRITE (CAP_SEEK | CAP_WRITE)
#define CAP_MMAP_R (CAP_MMAP | CAP_SEEK | CAP_READ)
#define CAP_MMAP_W (CAP_MMAP | CAP_SEEK | CAP_WRITE)
#define CAP_MMAP_X (CAP_MMAP | CAP_SEEK | 0x0000000000000008ULL)
#define CAP_MMAP_RW (CAP_MMAP_R | CAP_MMAP_W)
#define CAP_MMAP_RX (CAP_MMAP_R | CAP_MMAP_X)
#define CAP_MMAP_WX (CAP_MMAP_W | CAP_MMAP_X)
#define CAP_MMAP_RWX (CAP_MMAP_R | CAP_MMAP_W | CAP_MMAP_X)
#define CAP_RECV CAP_READ
#define CAP_SEND CAP_WRITE
#define CAP_SOCK_CLIENT \
(CAP_CONNECT | CAP_GETPEERNAME | CAP_GETSOCKNAME | CAP_GETSOCKOPT | \
CAP_PEELOFF | CAP_RECV | CAP_SEND | CAP_SETSOCKOPT | CAP_SHUTDOWN)
#define CAP_SOCK_SERVER \
(CAP_ACCEPT | CAP_BIND | CAP_GETPEERNAME | CAP_GETSOCKNAME | \
CAP_GETSOCKOPT | CAP_LISTEN | CAP_PEELOFF | CAP_RECV | CAP_SEND | \
CAP_SETSOCKOPT | CAP_SHUTDOWN)
Added defines for backward API compatibility:
#define CAP_MAPEXEC CAP_MMAP_X
#define CAP_DELETE CAP_UNLINKAT
#define CAP_MKDIR CAP_MKDIRAT
#define CAP_RMDIR CAP_UNLINKAT
#define CAP_MKFIFO CAP_MKFIFOAT
#define CAP_MKNOD CAP_MKNODAT
#define CAP_SOCK_ALL (CAP_SOCK_CLIENT | CAP_SOCK_SERVER)
Sponsored by: The FreeBSD Foundation
Reviewed by: Christoph Mallon <christoph.mallon@gmx.de>
Many aspects discussed with: rwatson, benl, jonathan
ABI compatibility discussed with: kib
2013-03-02 00:53:12 +00:00
|
|
|
cap_fcntls_limit.2 \
|
|
|
|
cap_ioctls_limit.2 \
|
|
|
|
cap_rights_limit.2 \
|
2013-02-16 22:21:46 +00:00
|
|
|
chdir.2 \
|
|
|
|
chflags.2 \
|
|
|
|
chmod.2 \
|
|
|
|
chown.2 \
|
|
|
|
chroot.2 \
|
|
|
|
clock_gettime.2 \
|
|
|
|
close.2 \
|
|
|
|
closefrom.2 \
|
|
|
|
connect.2 \
|
|
|
|
cpuset.2 \
|
|
|
|
cpuset_getaffinity.2 \
|
|
|
|
dup.2 \
|
|
|
|
execve.2 \
|
|
|
|
_exit.2 \
|
|
|
|
extattr_get_file.2 \
|
|
|
|
fcntl.2 \
|
|
|
|
ffclock.2 \
|
|
|
|
fhopen.2 \
|
|
|
|
flock.2 \
|
|
|
|
fork.2 \
|
|
|
|
fsync.2 \
|
|
|
|
getdirentries.2 \
|
|
|
|
getdtablesize.2 \
|
|
|
|
getfh.2 \
|
|
|
|
getfsstat.2 \
|
|
|
|
getgid.2 \
|
|
|
|
getgroups.2 \
|
|
|
|
getitimer.2 \
|
|
|
|
getlogin.2 \
|
|
|
|
getloginclass.2 \
|
|
|
|
getpeername.2 \
|
|
|
|
getpgrp.2 \
|
|
|
|
getpid.2 \
|
|
|
|
getpriority.2 \
|
|
|
|
getrlimit.2 \
|
|
|
|
getrusage.2 \
|
|
|
|
getsid.2 \
|
|
|
|
getsockname.2 \
|
|
|
|
getsockopt.2 \
|
|
|
|
gettimeofday.2 \
|
|
|
|
getuid.2 \
|
|
|
|
intro.2 \
|
|
|
|
ioctl.2 \
|
|
|
|
issetugid.2 \
|
|
|
|
jail.2 \
|
|
|
|
kenv.2 \
|
|
|
|
kill.2 \
|
|
|
|
kldfind.2 \
|
|
|
|
kldfirstmod.2 \
|
|
|
|
kldload.2 \
|
|
|
|
kldnext.2 \
|
|
|
|
kldstat.2 \
|
|
|
|
kldsym.2 \
|
|
|
|
kldunload.2 \
|
|
|
|
kqueue.2 \
|
|
|
|
ktrace.2 \
|
|
|
|
link.2 \
|
|
|
|
lio_listio.2 \
|
|
|
|
listen.2 \
|
2003-01-12 09:28:16 +00:00
|
|
|
lseek.2 \
|
2013-02-16 22:21:46 +00:00
|
|
|
madvise.2 \
|
|
|
|
mincore.2 \
|
|
|
|
minherit.2 \
|
|
|
|
mkdir.2 \
|
|
|
|
mkfifo.2 \
|
|
|
|
mknod.2 \
|
|
|
|
mlock.2 \
|
|
|
|
mlockall.2 \
|
|
|
|
mmap.2 \
|
|
|
|
modfind.2 \
|
|
|
|
modnext.2 \
|
|
|
|
modstat.2 \
|
|
|
|
mount.2 \
|
|
|
|
mprotect.2 \
|
|
|
|
mq_close.2 \
|
|
|
|
mq_getattr.2 \
|
|
|
|
mq_notify.2 \
|
|
|
|
mq_open.2 \
|
|
|
|
mq_receive.2 \
|
|
|
|
mq_send.2 \
|
2005-11-30 04:12:37 +00:00
|
|
|
mq_setattr.2 \
|
2013-02-16 22:21:46 +00:00
|
|
|
msgctl.2 \
|
|
|
|
msgget.2 \
|
|
|
|
msgrcv.2 \
|
|
|
|
msgsnd.2 \
|
|
|
|
msync.2 \
|
|
|
|
munmap.2 \
|
|
|
|
nanosleep.2 \
|
|
|
|
nfssvc.2 \
|
|
|
|
ntp_adjtime.2 \
|
|
|
|
open.2 \
|
|
|
|
pathconf.2 \
|
|
|
|
pdfork.2 \
|
|
|
|
pipe.2 \
|
|
|
|
poll.2 \
|
|
|
|
posix_fadvise.2 \
|
|
|
|
posix_fallocate.2 \
|
|
|
|
posix_openpt.2 \
|
|
|
|
profil.2 \
|
|
|
|
pselect.2 \
|
|
|
|
ptrace.2 \
|
|
|
|
quotactl.2 \
|
|
|
|
read.2 \
|
|
|
|
readlink.2 \
|
|
|
|
reboot.2 \
|
|
|
|
recv.2 \
|
|
|
|
rename.2 \
|
|
|
|
revoke.2 \
|
|
|
|
rfork.2 \
|
|
|
|
rmdir.2 \
|
2008-04-16 14:57:40 +00:00
|
|
|
rtprio.2
|
|
|
|
.if !defined(NO_P1003_1B)
|
2013-02-16 22:21:46 +00:00
|
|
|
MAN+= sched_get_priority_max.2 \
|
|
|
|
sched_setparam.2 \
|
|
|
|
sched_setscheduler.2 \
|
|
|
|
sched_yield.2
|
2008-04-16 14:57:40 +00:00
|
|
|
.endif
|
2013-02-16 22:21:46 +00:00
|
|
|
MAN+= sctp_generic_recvmsg.2 \
|
|
|
|
sctp_generic_sendmsg.2 \
|
|
|
|
sctp_peeloff.2 \
|
|
|
|
select.2 \
|
|
|
|
semctl.2 \
|
|
|
|
semget.2 \
|
|
|
|
semop.2 \
|
|
|
|
send.2 \
|
|
|
|
setfib.2 \
|
|
|
|
sendfile.2 \
|
|
|
|
setgroups.2 \
|
|
|
|
setpgid.2 \
|
|
|
|
setregid.2 \
|
|
|
|
setresuid.2 \
|
|
|
|
setreuid.2 \
|
|
|
|
setsid.2 \
|
|
|
|
setuid.2 \
|
|
|
|
shmat.2 \
|
|
|
|
shmctl.2 \
|
|
|
|
shmget.2 \
|
|
|
|
shm_open.2 \
|
|
|
|
shutdown.2 \
|
|
|
|
sigaction.2 \
|
|
|
|
sigaltstack.2 \
|
|
|
|
sigpending.2 \
|
|
|
|
sigprocmask.2 \
|
|
|
|
sigqueue.2 \
|
|
|
|
sigreturn.2 \
|
|
|
|
sigstack.2 \
|
|
|
|
sigsuspend.2 \
|
|
|
|
sigwait.2 \
|
|
|
|
sigwaitinfo.2 \
|
|
|
|
socket.2 \
|
|
|
|
socketpair.2 \
|
|
|
|
stat.2 \
|
|
|
|
statfs.2 \
|
|
|
|
swapon.2 \
|
|
|
|
symlink.2 \
|
|
|
|
sync.2 \
|
|
|
|
sysarch.2 \
|
|
|
|
syscall.2 \
|
|
|
|
timer_create.2 \
|
|
|
|
timer_delete.2 \
|
|
|
|
timer_settime.2 \
|
|
|
|
truncate.2 \
|
|
|
|
umask.2 \
|
|
|
|
undelete.2 \
|
|
|
|
unlink.2 \
|
|
|
|
utimes.2 \
|
|
|
|
utrace.2 \
|
|
|
|
uuidgen.2 \
|
|
|
|
vfork.2 \
|
|
|
|
wait.2 \
|
|
|
|
write.2
|
|
|
|
|
|
|
|
MLINKS+=access.2 eaccess.2 \
|
|
|
|
access.2 faccessat.2
|
1994-05-27 05:00:24 +00:00
|
|
|
MLINKS+=brk.2 sbrk.2
|
2011-03-03 11:31:08 +00:00
|
|
|
MLINKS+=cap_enter.2 cap_getmode.2
|
Merge Capsicum overhaul:
- Capability is no longer separate descriptor type. Now every descriptor
has set of its own capability rights.
- The cap_new(2) system call is left, but it is no longer documented and
should not be used in new code.
- The new syscall cap_rights_limit(2) should be used instead of
cap_new(2), which limits capability rights of the given descriptor
without creating a new one.
- The cap_getrights(2) syscall is renamed to cap_rights_get(2).
- If CAP_IOCTL capability right is present we can further reduce allowed
ioctls list with the new cap_ioctls_limit(2) syscall. List of allowed
ioctls can be retrived with cap_ioctls_get(2) syscall.
- If CAP_FCNTL capability right is present we can further reduce fcntls
that can be used with the new cap_fcntls_limit(2) syscall and retrive
them with cap_fcntls_get(2).
- To support ioctl and fcntl white-listing the filedesc structure was
heavly modified.
- The audit subsystem, kdump and procstat tools were updated to
recognize new syscalls.
- Capability rights were revised and eventhough I tried hard to provide
backward API and ABI compatibility there are some incompatible changes
that are described in detail below:
CAP_CREATE old behaviour:
- Allow for openat(2)+O_CREAT.
- Allow for linkat(2).
- Allow for symlinkat(2).
CAP_CREATE new behaviour:
- Allow for openat(2)+O_CREAT.
Added CAP_LINKAT:
- Allow for linkat(2). ABI: Reuses CAP_RMDIR bit.
- Allow to be target for renameat(2).
Added CAP_SYMLINKAT:
- Allow for symlinkat(2).
Removed CAP_DELETE. Old behaviour:
- Allow for unlinkat(2) when removing non-directory object.
- Allow to be source for renameat(2).
Removed CAP_RMDIR. Old behaviour:
- Allow for unlinkat(2) when removing directory.
Added CAP_RENAMEAT:
- Required for source directory for the renameat(2) syscall.
Added CAP_UNLINKAT (effectively it replaces CAP_DELETE and CAP_RMDIR):
- Allow for unlinkat(2) on any object.
- Required if target of renameat(2) exists and will be removed by this
call.
Removed CAP_MAPEXEC.
CAP_MMAP old behaviour:
- Allow for mmap(2) with any combination of PROT_NONE, PROT_READ and
PROT_WRITE.
CAP_MMAP new behaviour:
- Allow for mmap(2)+PROT_NONE.
Added CAP_MMAP_R:
- Allow for mmap(PROT_READ).
Added CAP_MMAP_W:
- Allow for mmap(PROT_WRITE).
Added CAP_MMAP_X:
- Allow for mmap(PROT_EXEC).
Added CAP_MMAP_RW:
- Allow for mmap(PROT_READ | PROT_WRITE).
Added CAP_MMAP_RX:
- Allow for mmap(PROT_READ | PROT_EXEC).
Added CAP_MMAP_WX:
- Allow for mmap(PROT_WRITE | PROT_EXEC).
Added CAP_MMAP_RWX:
- Allow for mmap(PROT_READ | PROT_WRITE | PROT_EXEC).
Renamed CAP_MKDIR to CAP_MKDIRAT.
Renamed CAP_MKFIFO to CAP_MKFIFOAT.
Renamed CAP_MKNODE to CAP_MKNODEAT.
CAP_READ old behaviour:
- Allow pread(2).
- Disallow read(2), readv(2) (if there is no CAP_SEEK).
CAP_READ new behaviour:
- Allow read(2), readv(2).
- Disallow pread(2) (CAP_SEEK was also required).
CAP_WRITE old behaviour:
- Allow pwrite(2).
- Disallow write(2), writev(2) (if there is no CAP_SEEK).
CAP_WRITE new behaviour:
- Allow write(2), writev(2).
- Disallow pwrite(2) (CAP_SEEK was also required).
Added convinient defines:
#define CAP_PREAD (CAP_SEEK | CAP_READ)
#define CAP_PWRITE (CAP_SEEK | CAP_WRITE)
#define CAP_MMAP_R (CAP_MMAP | CAP_SEEK | CAP_READ)
#define CAP_MMAP_W (CAP_MMAP | CAP_SEEK | CAP_WRITE)
#define CAP_MMAP_X (CAP_MMAP | CAP_SEEK | 0x0000000000000008ULL)
#define CAP_MMAP_RW (CAP_MMAP_R | CAP_MMAP_W)
#define CAP_MMAP_RX (CAP_MMAP_R | CAP_MMAP_X)
#define CAP_MMAP_WX (CAP_MMAP_W | CAP_MMAP_X)
#define CAP_MMAP_RWX (CAP_MMAP_R | CAP_MMAP_W | CAP_MMAP_X)
#define CAP_RECV CAP_READ
#define CAP_SEND CAP_WRITE
#define CAP_SOCK_CLIENT \
(CAP_CONNECT | CAP_GETPEERNAME | CAP_GETSOCKNAME | CAP_GETSOCKOPT | \
CAP_PEELOFF | CAP_RECV | CAP_SEND | CAP_SETSOCKOPT | CAP_SHUTDOWN)
#define CAP_SOCK_SERVER \
(CAP_ACCEPT | CAP_BIND | CAP_GETPEERNAME | CAP_GETSOCKNAME | \
CAP_GETSOCKOPT | CAP_LISTEN | CAP_PEELOFF | CAP_RECV | CAP_SEND | \
CAP_SETSOCKOPT | CAP_SHUTDOWN)
Added defines for backward API compatibility:
#define CAP_MAPEXEC CAP_MMAP_X
#define CAP_DELETE CAP_UNLINKAT
#define CAP_MKDIR CAP_MKDIRAT
#define CAP_RMDIR CAP_UNLINKAT
#define CAP_MKFIFO CAP_MKFIFOAT
#define CAP_MKNOD CAP_MKNODAT
#define CAP_SOCK_ALL (CAP_SOCK_CLIENT | CAP_SOCK_SERVER)
Sponsored by: The FreeBSD Foundation
Reviewed by: Christoph Mallon <christoph.mallon@gmx.de>
Many aspects discussed with: rwatson, benl, jonathan
ABI compatibility discussed with: kib
2013-03-02 00:53:12 +00:00
|
|
|
MLINKS+=cap_fcntls_limit.2 cap_fcntls_get.2
|
|
|
|
MLINKS+=cap_ioctls_limit.2 cap_ioctls_get.2
|
|
|
|
MLINKS+=cap_rights_limit.2 cap_rights_get.2
|
1994-05-27 05:00:24 +00:00
|
|
|
MLINKS+=chdir.2 fchdir.2
|
2013-02-16 22:21:46 +00:00
|
|
|
MLINKS+=chflags.2 fchflags.2 \
|
|
|
|
chflags.2 lchflags.2
|
|
|
|
MLINKS+=chmod.2 fchmod.2 \
|
|
|
|
chmod.2 fchmodat.2 \
|
|
|
|
chmod.2 lchmod.2
|
|
|
|
MLINKS+=chown.2 fchown.2 \
|
|
|
|
chown.2 fchownat.2 \
|
|
|
|
chown.2 lchown.2
|
|
|
|
MLINKS+=clock_gettime.2 clock_getres.2 \
|
|
|
|
clock_gettime.2 clock_settime.2
|
|
|
|
MLINKS+=cpuset.2 cpuset_getid.2 \
|
|
|
|
cpuset.2 cpuset_setid.2
|
2008-03-29 10:26:29 +00:00
|
|
|
MLINKS+=cpuset_getaffinity.2 cpuset_setaffinity.2
|
1999-07-31 22:00:09 +00:00
|
|
|
MLINKS+=dup.2 dup2.2
|
2008-04-16 14:44:43 +00:00
|
|
|
MLINKS+=execve.2 fexecve.2
|
2007-04-29 21:38:25 +00:00
|
|
|
MLINKS+=extattr_get_file.2 extattr.2 \
|
|
|
|
extattr_get_file.2 extattr_delete_fd.2 \
|
2001-04-08 06:58:48 +00:00
|
|
|
extattr_get_file.2 extattr_delete_file.2 \
|
2007-04-29 21:38:25 +00:00
|
|
|
extattr_get_file.2 extattr_delete_list.2 \
|
2001-04-08 06:58:48 +00:00
|
|
|
extattr_get_file.2 extattr_get_fd.2 \
|
2007-04-29 21:38:25 +00:00
|
|
|
extattr_get_file.2 extattr_get_list.2 \
|
|
|
|
extattr_get_file.2 extattr_list_fd.2 \
|
|
|
|
extattr_get_file.2 extattr_list_file.2 \
|
|
|
|
extattr_get_file.2 extattr_list_link.2 \
|
2001-04-08 06:58:48 +00:00
|
|
|
extattr_get_file.2 extattr_set_fd.2 \
|
2007-04-29 21:38:25 +00:00
|
|
|
extattr_get_file.2 extattr_set_file.2 \
|
|
|
|
extattr_get_file.2 extattr_set_link.2
|
2013-02-16 22:21:46 +00:00
|
|
|
MLINKS+=ffclock.2 ffclock_getcounter.2 \
|
|
|
|
ffclock.2 ffclock_getestimate.2 \
|
2011-11-21 01:26:10 +00:00
|
|
|
ffclock.2 ffclock_setestimate.2
|
1999-09-11 14:20:18 +00:00
|
|
|
MLINKS+=fhopen.2 fhstat.2 fhopen.2 fhstatfs.2
|
1999-07-30 11:32:08 +00:00
|
|
|
MLINKS+=getdirentries.2 getdents.2
|
2004-04-05 10:17:56 +00:00
|
|
|
MLINKS+=getfh.2 lgetfh.2
|
1994-05-27 05:00:24 +00:00
|
|
|
MLINKS+=getgid.2 getegid.2
|
|
|
|
MLINKS+=getitimer.2 setitimer.2
|
1999-12-23 16:12:24 +00:00
|
|
|
MLINKS+=getlogin.2 getlogin_r.3
|
1994-05-27 05:00:24 +00:00
|
|
|
MLINKS+=getlogin.2 setlogin.2
|
2011-03-06 08:35:50 +00:00
|
|
|
MLINKS+=getloginclass.2 setloginclass.2
|
1997-08-19 07:00:53 +00:00
|
|
|
MLINKS+=getpgrp.2 getpgid.2
|
1994-05-27 05:00:24 +00:00
|
|
|
MLINKS+=getpid.2 getppid.2
|
|
|
|
MLINKS+=getpriority.2 setpriority.2
|
|
|
|
MLINKS+=getrlimit.2 setrlimit.2
|
|
|
|
MLINKS+=getsockopt.2 setsockopt.2
|
|
|
|
MLINKS+=gettimeofday.2 settimeofday.2
|
|
|
|
MLINKS+=getuid.2 geteuid.2
|
|
|
|
MLINKS+=intro.2 errno.2
|
2009-04-29 21:14:15 +00:00
|
|
|
MLINKS+=jail.2 jail_attach.2 \
|
|
|
|
jail.2 jail_get.2 \
|
|
|
|
jail.2 jail_remove.2 \
|
|
|
|
jail.2 jail_set.2
|
2008-03-10 09:54:13 +00:00
|
|
|
MLINKS+=kldunload.2 kldunloadf.2
|
2013-02-16 22:21:46 +00:00
|
|
|
MLINKS+=kqueue.2 kevent.2 \
|
|
|
|
kqueue.2 EV_SET.3
|
2008-04-16 14:44:43 +00:00
|
|
|
MLINKS+=link.2 linkat.2
|
2003-08-09 03:23:24 +00:00
|
|
|
MLINKS+=madvise.2 posix_madvise.2
|
2008-04-16 14:44:43 +00:00
|
|
|
MLINKS+=mkdir.2 mkdirat.2
|
|
|
|
MLINKS+=mkfifo.2 mkfifoat.2
|
|
|
|
MLINKS+=mknod.2 mknodat.2
|
1994-05-27 05:00:24 +00:00
|
|
|
MLINKS+=mlock.2 munlock.2
|
2003-08-11 07:14:08 +00:00
|
|
|
MLINKS+=mlockall.2 munlockall.2
|
2000-09-28 22:39:59 +00:00
|
|
|
MLINKS+=modnext.2 modfnext.2
|
2013-02-16 22:21:46 +00:00
|
|
|
MLINKS+=mount.2 nmount.2 \
|
|
|
|
mount.2 unmount.2
|
2005-11-30 04:14:53 +00:00
|
|
|
MLINKS+=mq_receive.2 mq_timedreceive.2
|
2008-04-16 14:57:40 +00:00
|
|
|
MLINKS+=mq_send.2 mq_timedsend.2
|
2007-09-15 14:33:55 +00:00
|
|
|
MLINKS+=ntp_adjtime.2 ntp_gettime.2
|
2008-04-16 14:44:43 +00:00
|
|
|
MLINKS+=open.2 openat.2
|
1994-05-27 05:00:24 +00:00
|
|
|
MLINKS+=pathconf.2 fpathconf.2
|
2009-07-08 15:23:18 +00:00
|
|
|
MLINKS+=pathconf.2 lpathconf.2
|
Add experimental support for process descriptors
A "process descriptor" file descriptor is used to manage processes
without using the PID namespace. This is required for Capsicum's
Capability Mode, where the PID namespace is unavailable.
New system calls pdfork(2) and pdkill(2) offer the functional equivalents
of fork(2) and kill(2). pdgetpid(2) allows querying the PID of the remote
process for debugging purposes. The currently-unimplemented pdwait(2) will,
in the future, allow querying rusage/exit status. In the interim, poll(2)
may be used to check (and wait for) process termination.
When a process is referenced by a process descriptor, it does not issue
SIGCHLD to the parent, making it suitable for use in libraries---a common
scenario when using library compartmentalisation from within large
applications (such as web browsers). Some observers may note a similarity
to Mach task ports; process descriptors provide a subset of this behaviour,
but in a UNIX style.
This feature is enabled by "options PROCDESC", but as with several other
Capsicum kernel features, is not enabled by default in GENERIC 9.0.
Reviewed by: jhb, kib
Approved by: re (kib), mentor (rwatson)
Sponsored by: Google Inc
2011-08-18 22:51:30 +00:00
|
|
|
MLINKS+=pdfork.2 pdgetpid.2\
|
|
|
|
pdfork.2 pdkill.2 \
|
|
|
|
pdfork.2 pdwait4.2
|
2013-02-16 22:21:46 +00:00
|
|
|
MLINKS+=read.2 pread.2 \
|
|
|
|
read.2 preadv.2 \
|
|
|
|
read.2 readv.2
|
2008-04-16 14:44:43 +00:00
|
|
|
MLINKS+=readlink.2 readlinkat.2
|
2013-02-16 22:21:46 +00:00
|
|
|
MLINKS+=recv.2 recvfrom.2 \
|
|
|
|
recv.2 recvmsg.2
|
2008-04-16 14:44:43 +00:00
|
|
|
MLINKS+=rename.2 renameat.2
|
2011-12-27 10:34:00 +00:00
|
|
|
MLINKS+=rtprio.2 rtprio_thread.2
|
2008-04-16 14:57:40 +00:00
|
|
|
.if !defined(NO_P1003_1B)
|
|
|
|
MLINKS+=sched_get_priority_max.2 sched_get_priority_min.2 \
|
|
|
|
sched_get_priority_max.2 sched_rr_get_interval.2
|
|
|
|
MLINKS+=sched_setparam.2 sched_getparam.2
|
|
|
|
MLINKS+=sched_setscheduler.2 sched_getscheduler.2
|
|
|
|
.endif
|
2013-02-16 22:21:46 +00:00
|
|
|
MLINKS+=select.2 FD_CLR.3 \
|
|
|
|
select.2 FD_ISSET.3 \
|
|
|
|
select.2 FD_SET.3 \
|
2006-10-12 13:46:33 +00:00
|
|
|
select.2 FD_ZERO.3
|
2013-02-16 22:21:46 +00:00
|
|
|
MLINKS+=send.2 sendmsg.2 \
|
|
|
|
send.2 sendto.2
|
1995-05-27 04:17:04 +00:00
|
|
|
MLINKS+=setpgid.2 setpgrp.2
|
2013-02-16 22:21:46 +00:00
|
|
|
MLINKS+=setresuid.2 getresgid.2 \
|
|
|
|
setresuid.2 getresuid.2 \
|
|
|
|
setresuid.2 setresgid.2
|
|
|
|
MLINKS+=setuid.2 setegid.2 \
|
|
|
|
setuid.2 seteuid.2 \
|
|
|
|
setuid.2 setgid.2
|
1995-10-03 19:17:21 +00:00
|
|
|
MLINKS+=shmat.2 shmdt.2
|
Add a new file descriptor type for IPC shared memory objects and use it to
implement shm_open(2) and shm_unlink(2) in the kernel:
- Each shared memory file descriptor is associated with a swap-backed vm
object which provides the backing store. Each descriptor starts off with
a size of zero, but the size can be altered via ftruncate(2). The shared
memory file descriptors also support fstat(2). read(2), write(2),
ioctl(2), select(2), poll(2), and kevent(2) are not supported on shared
memory file descriptors.
- shm_open(2) and shm_unlink(2) are now implemented as system calls that
manage shared memory file descriptors. The virtual namespace that maps
pathnames to shared memory file descriptors is implemented as a hash
table where the hash key is generated via the 32-bit Fowler/Noll/Vo hash
of the pathname.
- As an extension, the constant 'SHM_ANON' may be specified in place of the
path argument to shm_open(2). In this case, an unnamed shared memory
file descriptor will be created similar to the IPC_PRIVATE key for
shmget(2). Note that the shared memory object can still be shared among
processes by sharing the file descriptor via fork(2) or sendmsg(2), but
it is unnamed. This effectively serves to implement the getmemfd() idea
bandied about the lists several times over the years.
- The backing store for shared memory file descriptors are garbage
collected when they are not referenced by any open file descriptors or
the shm_open(2) virtual namespace.
Submitted by: dillon, peter (previous versions)
Submitted by: rwatson (I based this on his version)
Reviewed by: alc (suggested converting getmemfd() to shm_open())
2008-01-08 21:58:16 +00:00
|
|
|
MLINKS+=shm_open.2 shm_unlink.2
|
2005-11-11 03:13:25 +00:00
|
|
|
MLINKS+=sigwaitinfo.2 sigtimedwait.2
|
2013-02-16 22:21:46 +00:00
|
|
|
MLINKS+=stat.2 fstat.2 \
|
|
|
|
stat.2 fstatat.2 \
|
|
|
|
stat.2 lstat.2
|
1994-05-27 05:00:24 +00:00
|
|
|
MLINKS+=statfs.2 fstatfs.2
|
2002-12-15 19:17:57 +00:00
|
|
|
MLINKS+=swapon.2 swapoff.2
|
2008-04-16 14:44:43 +00:00
|
|
|
MLINKS+=symlink.2 symlinkat.2
|
2008-04-16 14:57:40 +00:00
|
|
|
MLINKS+=syscall.2 __syscall.2
|
2013-02-16 22:21:46 +00:00
|
|
|
MLINKS+=timer_settime.2 timer_getoverrun.2 \
|
|
|
|
timer_settime.2 timer_gettime.2
|
1994-05-27 05:00:24 +00:00
|
|
|
MLINKS+=truncate.2 ftruncate.2
|
2008-04-16 14:44:43 +00:00
|
|
|
MLINKS+=unlink.2 unlinkat.2
|
2013-02-16 22:21:46 +00:00
|
|
|
MLINKS+=utimes.2 futimes.2 \
|
|
|
|
utimes.2 futimesat.2 \
|
|
|
|
utimes.2 lutimes.2
|
|
|
|
MLINKS+=wait.2 wait3.2 \
|
|
|
|
wait.2 wait4.2 \
|
|
|
|
wait.2 waitpid.2 \
|
|
|
|
wait.2 waitid.2 \
|
|
|
|
wait.2 wait6.2
|
|
|
|
MLINKS+=write.2 pwrite.2 \
|
|
|
|
write.2 pwritev.2 \
|
|
|
|
write.2 writev.2
|