9 Commits

Author SHA1 Message Date
Mariusz Zaborski
bd1da0a002 Approved, oprócz użycie RESTORE_ERRNO() do ustawiania errno.
Change the nvlist_recv() function to take additional argument that
specifies flags expected on the received nvlist. Receiving a nvlist with
different set of flags than the ones we expect might lead to undefined
behaviour, which might be potentially dangerous.

Update consumers of this and related functions and update the tests.

Approved by:	pjd (mentor)

Update man page for nvlist_unpack, nvlist_recv, nvlist_xfer, cap_recv_nvlist
and cap_xfer_nvlist.

Reviewed by:	AllanJude
Approved by:	pjd (mentor)
2015-05-02 17:45:52 +00:00
Bjoern A. Zeeb
b9dadec087 Unreak DNS usage through libcapsicum, which broke, e.g., ping in r282252
with what looks like a copy and paste error.

Sponsored by:	DARPA/AFRL
2015-05-01 11:56:21 +00:00
Mariusz Zaborski
bed3fb70df Remove the use of nvlist_.*[vf] functions from libcapsicum and replace
them with snprintf(3). Assert the results of snprintf(3).

Approved by:	pjd (mentor)
2015-04-29 22:19:40 +00:00
Baptiste Daroussin
6b129086dc Convert libraries to use LIBADD
While here reduce a bit overlinking
2014-11-25 11:07:26 +00:00
Baptiste Daroussin
2b7af31cf5 use .Mt to mark up email addresses consistently (part3)
PR:		191174
Submitted by:	Franco Fichtner  <franco at lastsummer.de>
2014-06-23 08:23:05 +00:00
Pawel Jakub Dawidek
e51fc8f90d Don't forget to remember previous element at the end of the loop.
Reported by:	brueffer
Found with:	Coverity Prevent(tm)
CID:		1135301
2014-04-30 09:58:28 +00:00
Glen Barber
4fa056cdce Fix err() usage in libcapsicum(3) example.
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2014-04-14 18:14:09 +00:00
Pawel Jakub Dawidek
0f984a9260 Both libcasper and libcapsicum libraries have to be installed in /lib/,
as they are used by /sbin/casperd.
2013-12-02 17:07:22 +00:00
Pawel Jakub Dawidek
42a8595256 Please welcome casperd daemon. It (and its services) will be responsible for
giving access to functionality that is not available in capability mode
sandbox. The functionality can be precisely restricted.

Start with the following services:
- system.dns - provides API compatible to:
	- gethostbyname(3),
	- gethostbyname2(3),
	- gethostbyaddr(3),
	- getaddrinfo(3),
	- getnameinfo(3),
- system.grp - provides getgrent(3)-compatible API,
- system.pwd - provides getpwent(3)-compatible API,
- system.random - allows to obtain entropy from /dev/random,
- system.sysctl - provides sysctlbyname(3-compatible API.

Sponsored by:	The FreeBSD Foundation
2013-12-02 08:21:28 +00:00