There is no API guarantee that realloc() will not fail when the buffer
is shrinking. Handle it by simply returning the untrimmed buffer.
While this is unlikely to ever happen in practice, it seems worth
handling just to silence static analyzer warnings.
PR: 243106
Submitted by: Hans Christian Woithe <chwoithe@yahoo.com>
MFC after: 1 week
Latter is undesired when including <sys/param.h> according to style(9)
Submitted by: Faraz Vahedi
Reviewed by: cem
Differential Revision: https://reviews.freebsd.org/D20637
This makes it more consistent with other filesystems, which all end in "fs",
and more consistent with its mount helper, which is already named
"mount_fusefs".
Reviewed by: cem, rgrimes
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D19649
fusefs is inconsistently named. The kernel module is named "fuse", but the
mount helper is named "mount_fusefs" and the jail(8) parameter is named
"allow.mount.fusefs". Special case it in libjail.
Reviewed by: jamie
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D17929
by doing most of the work in a new function prison_add_vfs in kern_jail.c
Now a jail-enabled filesystem need only mark itself with VFCF_JAIL, and
the rest is taken care of. This includes adding a jail parameter like
allow.mount.foofs, and a sysctl like security.jail.mount_foofs_allowed.
Both of these used to be a static list of known filesystems, with
predefined permission bits.
Reviewed by: kib
Differential Revision: D14681
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Unsign some variables involved in allocation as they will never be
negative anyways. Provide some bounds checking through reallocarray(3).
This is all very unlikely to have any visible effect.
Reviewed by: jamie
MFC after: 3 weeks
Use __DECONST (instead of my own attempted re-invention) for the iov
parameters to jail_get/set(2). Similarly remove the decost-ish hack
from execvp's argv, except the __DECONST is only added at very end.
While I'm at it, remove an unused variable and fix a comment typo.
* jail_setv will leak a parameter name if jailparam_import fails.
* jailparam_all loses the jailparam pointer on realloc error
(a clear freshman mistake).
* If jailparam_init fails, the caller doesn't need to jailparam_free
the buffer. That's not really clear, so set things to NULL allowing
jailparam_free to work without error (though it's still not required).
Remove the internal jailparam_vlist, in favor of using variants of its
logic separately in jail_setv and jail_getv.
Free the temporary parameter list and exported values in jail_setv
and jail_getv.
Noted by: Stanislav Uzunchev
MFC after: 3 days
restrictions) were found to be inadequately described by a boolean.
Define a new parameter type with three values (disable, new, inherit)
to handle these and future cases.
Approved by: re (kib), bz (mentor)
Discussed with: rwatson
