Commit Graph

36 Commits

Author SHA1 Message Date
br
aa2d4dad68 Fix libjail reached latest sysctl entry.
Reviewed by:	jamie
Sponsored by:	DARPA, AFRL
Sponsored by:	HEIF5
Differential Revision:	https://reviews.freebsd.org/D8096
2016-10-02 11:56:17 +00:00
gjb
fef2698edf First pass through library packaging.
Sponsored by:	The FreeBSD Foundation
2016-02-04 21:16:35 +00:00
gjb
e4028b90cb Add a package for jail(8) and related utilities.
Sponsored by:	The FreeBSD Foundation
2016-01-20 17:07:13 +00:00
bdrewery
e13d6f8b3f META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host.
This both avoids some dependencies on xinstall.host and allows
bootstrapping on older releases to work due to lack of at least 'install -l'
support.

Sponsored by:	EMC / Isilon Storage Division
2015-11-25 19:10:28 +00:00
bapt
594e07bd1b Revert r284417 it is not necessary anymore 2015-06-15 19:28:07 +00:00
bapt
9fb85ece8b Enforce overwritting SHLIBDIR
Since METAMODE has been added, sys.mk loads bsd.mkopt.mk which ends load loading
bsd.own.mk which then defines SHLIBDIR before all the Makefile.inc everywhere.

This makes /lib being populated again.

Reported by:	many
2015-06-15 15:34:20 +00:00
sjg
008d7c831f Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
sjg
75a137820d dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
sjg
65145fa4c8 Merge sync of head 2015-05-27 01:19:58 +00:00
jamie
86654891d0 In preparation for using clang's -Wcast-qual:
Use __DECONST (instead of my own attempted re-invention) for the iov
parameters to jail_get/set(2).  Similarly remove the decost-ish hack
from execvp's argv, except the __DECONST is only added at very end.

While I'm at it, remove an unused variable and fix a comment typo.
2014-11-25 21:01:08 +00:00
sjg
5860f0d106 Updated dependencies 2014-05-16 14:09:51 +00:00
sjg
1a7e48acf1 Updated dependencies 2014-05-10 05:16:28 +00:00
sjg
6d37b86f2b Updated dependencies 2013-03-11 17:21:52 +00:00
sjg
0ee5295509 Updated dependencies 2013-02-16 01:23:54 +00:00
sjg
9f7bd28e77 Updated/new Makefile.depend 2012-11-08 21:24:17 +00:00
sjg
778e93c51a Sync from head 2012-11-04 02:52:03 +00:00
jamie
c9ef684bc2 Fix some memory allocation errors:
* jail_setv will leak a parameter name if jailparam_import fails.
* jailparam_all loses the jailparam pointer on realloc error
  (a clear freshman mistake).
* If jailparam_init fails, the caller doesn't need to jailparam_free
  the buffer.  That's not really clear, so set things to NULL allowing
  jailparam_free to work without error (though it's still not required).
2012-10-04 19:07:05 +00:00
marcel
9dd41e3647 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
jamie
9243e0fcfd The fix in r235291 re-broke the "allow.nomount" case. Re-fix it
by testing for the right parameter name.
2012-05-22 18:30:32 +00:00
jamie
9a5a4f524a The linker isn't consistent in the ordering of dynamic sysctls, so don't
assume that the unnamed final component of "security.jail.param.foo." is
one less than the "foo" component.  It might be one greater instead.
2012-05-11 21:22:52 +00:00
jamie
de23ce306e Handle the case where a boolean parameter is also a node.
PR:		bin/165515
MFC after:	2 weeks
2012-03-01 15:09:41 +00:00
mdf
6b5f615b7c Introduce signed and unsigned version of CTLTYPE_QUAD, renaming
existing uses.  Rename sysctl_handle_quad() to sysctl_handle_64().
2011-01-19 23:00:25 +00:00
jamie
e7b4c436b0 Find a jail's type as part of jailparam_init rather than waiting until
it's absolutely necessary.

MFC after:	1 week
2010-10-27 21:01:53 +00:00
uqs
f987d108ff mdoc: fix manlint warnings by unbreaking mdoc syntax 2010-10-08 12:39:49 +00:00
jamie
758b5f48ff Whitespace and comment fixes.
MFC after:	3 days
2010-08-31 23:14:03 +00:00
jamie
4d14528739 Don't over-allocate array values in jailparam_export.
Fix a little comment typo.

MFC after:	3 days
2010-08-31 21:50:09 +00:00
jamie
d569ac94f2 Make it clear in the example that jailparam_export's return value
should be freed.

MFC after:	3 days
2010-08-31 21:48:45 +00:00
jamie
b539225cf9 Don't copy and return a potentially unset buffer when jail_get fails. 2010-07-15 19:21:33 +00:00
jamie
9afbdfdebb Don't import parameter values in jail_getv, except for the search key.
Remove the internal jailparam_vlist, in favor of using variants of its
 logic separately in jail_setv and jail_getv.
Free the temporary parameter list and exported values in jail_setv
 and jail_getv.

Noted by:	Stanislav Uzunchev
MFC after:	3 days
2010-07-15 19:21:07 +00:00
ru
fe9f464e77 realloc() with a proper amount of memory.
MFC after:	3 days
2010-02-17 16:45:03 +00:00
ed
09818ac28e Build lib/ with WARNS=6 by default.
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and
lower it when needed.

I'm setting WARNS?=0 for secure/. It seems secure/ includes the
Makefile.inc provided by lib/. I'm not going to touch that directory.
Most of the code there is contributed anyway.
2010-01-02 09:58:07 +00:00
jamie
cf8736c474 Add a null pointer check so "name" can be used as a key parameter in
jailparam_get.

PR:		bin/141692
Submitted by:	delphij
MFC after:	3 days
2009-12-17 05:06:56 +00:00
ru
3a9f89996b Fixed markup (mostly) errors. 2009-09-21 08:30:52 +00:00
jamie
274ea197bb Some jail parameters (in particular, "ip4" and "ip6" for IP address
restrictions) were found to be inadequately described by a boolean.
Define a new parameter type with three values (disable, new, inherit)
to handle these and future cases.

Approved by:	re (kib), bz (mentor)
Discussed with:	rwatson
2009-07-25 14:48:57 +00:00
jamie
76812bfcfe Fix dynamic (re)allocation logic in jailparam_set and jailparam_get.
Touch up jailparam_import a bit while I'm at it.

Approved by:	bz (mentor)
2009-06-25 22:42:19 +00:00
jamie
7c0019fd30 Add libjail, a (somewhat) simpler interface to the jail_set and jail_get
system calls and the security.jail.param sysctls.

Approved by:	bz (mentor)
2009-06-24 18:18:35 +00:00