when fortune and other games moved from /usr/games to /usr/bin; I am
removing rather than correcting it since we normally do not mention in
the FILES section the paths to programs in /usr/bin/.
PR: 215962
Reported by: Andras Farkas
* Rewrite r_buf to use standard tail queues instead of a hand-rolled
circular linked list. Free dynamic allocations when done.
* Remove an optimization for the case where the file is a multiple of 128KB
in size and there is a scarcity of memory.
* Add ATF tests for "tail -r" and its variants.
Reported by: Valgrind
Reviewed by: ngie
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D9067
Instead of collecting statistics for each combination of ports and logical
units, that consumed ~45KB per LU with present number of ports, collect
separate statistics for every port and every logical unit separately, that
consume only 176 bytes per each single LU/port. This reduces struct
ctl_lun size down to just 6KB.
Also new IOCTL API/ABI does not hardcode number of LUs/ports, and should
allow handling of very large quantities.
MFC after: 2 weeks (probably keeping old API enabled for some time)
Load kvm symbols earlier to prevent rstat: symbol not in namelist
error when running netstat -rs.
Submitted by: Sebastian Huber <sebastian.huber@embedded-brains.de>
MFC after: 1 week
Sponsored by: Multiplay
invoked as llvm-ranlib, it can create an archive symbol table for
archives of objects compiled for LTO by an LLVM compiler.
Submitted by: Dan McGregor <danismostlikely@gmail.com>
MFC after: 3 days
Expand inet6name() line buffer to NI_MAXHOST and use strlcpy/snprintf
in various places.
Reported by: Anton Yuzhaninov <citrin citrin ru>
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D8916
It's been dead ever since it was imported from TI-RPC in 1995. The dead
code is still present in Illumos today, but was removed from NetBSD in 2006.
Reported by: Coverity
CID: 270097
Obtained from: NetBSD
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
It's always been dead, ever since first import in 1994. It's still dead in
OpenBSD's version, too.
Reported by: Coverity
CID: 270586
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
party software, this provides more standarized import workflow and
makes future upgrades easier.
The following files are new with this commit:
zconf.h.in
zlib.map
zlib.pc.in
They are not connected to build, but were kept in tree for reference
for future maintenance.
All our local trivial changes were applied to contrib/zlib, and the
contrib/zlib vendor source code is intended to 100% match lib/libz
before this commit.
MFC after: 2 weeks
As a followup to r310638, update libsysdecode (and kdump) to decode the
'mode' argument to getfsstat(). sysdecode_getfsstat_flags() has been
renamed to sysdecode_getfsstat_mode() and now treats the argument as an
enumerated value rather than a mask of flags.
Without this change, indent(1) would only look to load options from ~/.indent.pro if it's there and -npro wasn't used on the command line. This option lets the user set their own path to the file.
Approved by: pfg (mentor)
Differential Revision: https://reviews.freebsd.org/D9010
Move llvm-objdump from CLANG_EXTRAS to installed by default
We currently install three tools from binutils 2.17.50: as, ld, and
objdump. Work is underway to migrate to a permissively-licensed
tool-chain, with one goal being the retirement of binutils 2.17.50.
LLVM's llvm-objdump is intended to be compatible with GNU objdump
although it is currently missing some options and may have formatting
differences. Enable it by default for testing and further investigation.
It may later be changed to install as /usr/bin/objdump, it becomes a
fully viable replacement.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D8879
We currently install three tools from binutils 2.17.50: as, ld, and
objdump. Work is underway to migrate to a permissively-licensed
tool-chain, with one goal being the retirement of binutils 2.17.50.
LLVM's llvm-objdump is intended to be compatible with GNU objdump
although it is currently missing some options and may have formatting
differences. Enable it by default for testing and further investigation.
It may later be changed to install as /usr/bin/objdump, it becomes a
fully viable replacement.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D8879
zero-length array are dynamically sized at run-time based on the use
of hints, compilers can't be expected to figure out these offsets on
their own. [1]
- Fix incorrect comparison in cmp_nans(). [2]
PR: 204571 [1], 202301 [2]
Submitted by: David Binderman [2]
MFC after: 3 days
This takes the usual shortcut of only sandboxing the last input file.
It's a first cut and this program will be easy to adapt to sandbox all
files in the future.
iconv(1) has been changed to only open the conversion descriptor once,
since the input and output encodings are fixed over all inputs.
Instead, the descriptor is simply reset after each use (documented in
iconv(3) API).
Reviewed by: no one, unfortunately
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D7917
For now, only enter the sandbox for the last file processed (including
stdin for zero-argument mode).
Sandboxing all inputs will require a little restructuring of the
program.
Feedback by: emaste@ (earlier versions)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D7915
We restrict the (optional) input file and output files. It would be
nice to restrict the KVM files, but that's up to libkvm.
We wait until after kvm_nlist() is invoked to cap_enter() because
kldsym() isn't supported in the Capsicum sandbox.
Feedback from: emaste@ (earlier versions)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D7921
Separate dataset opening from reading/parsing. The number of input
files is already capped to a small number, so just open all input files
before sandboxing.
Feedback from: allanjude@ (earlier version), emaste@ (earlier version)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D7925
kinfo_proc::ki_tdname is three characters shorter than
thread::td_name. Add a ki_moretdname field for these three
extra characters. Add the new field to kinfo_proc32, as well.
Update all in-tree consumers to read the new field and assemble
the full name, except for lldb's HostThreadFreeBSD.cpp, which
I will handle separately. Bump __FreeBSD_version.
Reviewed by: kib
MFC after: 1 week
Relnotes: yes
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D8722
Avoid always using an O(n^2) loop over known syscall structures with
strcmp() on each system call. Instead, use a per-ABI cache indexed by
the system call number. The first 1024 system calls (which should cover
all of the normal system calls in currently-supported ABIs) use a flat array
indexed by the system call number to find system call structure. For other
system calls, a linked list of structures storing an integer to structure
mapping is stored in the ABI. The linked list isn't very smart, but it
should only be used by buggy applications invoking unknown system calls.
This also fixes handling of unknown system calls which currently trigger
a NULL pointer dereference.
Reviewed by: kib
MFC after: 2 weeks
ps.paren_indents:
When ps.paren_level was 0, this was accessing paren_indents[-1].
in_buffer:
This fragment checks if "*/" was read, but there's no guarantee that there
is more than one byte in the array (actually, this happens frequently for
the "{" in things like "int main(void) {").
Submitted by: Piotr Stefaniak
When special else-if processing is enabled (-ei), we can assume "else if"
and "if" to be equivalent for indentation purposes.
This reduction saves a lot of stack space in case of a long "if-else-if
... else-if" sequence; with this change,
Postgres/src/bin/psql/tab-complete.c as of 9.6beta3
requires minimum of the stack length to be 31 instead of 444.
Submitted by: Piotr Sephaniak
Teach indent(1) about storage-class specifiers. Don't assume
"in_parameter_declaration" state if "in_decl" hasn't been set. Don't set
"in_decl" for storage-class specifiers.
That set of changes helps with recognizing the difference between file
scope declarations like this:
static LIST_HEAD(, alq) ald_active;
static int ald_shuttingdown = 0;
struct thread *ald_thread;
and old style function declarators like this:
static int
do_execve(td, args, mac_p)
struct thread *td;
struct image_args *args;
struct mac *mac_p;
{
Unfortunately, at the same time this change makes indent(1) require
explicit int in declarations like "static a;", in order to understand that
it's part of a declaration. On the other hand, declarations like in the
first example are no longer indented as if ald_shuttingdown and ald_thread
were parameters of a function named LIST_HEAD.
Submitted by: Piotr Stefaniak
Do not set WARNS, so it gets the current default of 6.
Fix the warnings by sprinkling static, const, or strdup.
Make some constant data tables const. Fix whitespace.
MFC after: 1 week
Sponsored by: Dell EMC
Also, handle signed and unsigned chars, and more gracefully handle
invalid input.
Submitted by: bde in response to r309331
MFC after: 1 week
Sponsored by: Dell EMC
pr_comment() did avoid adding surplus space character when a comment
contained it at the end. Now it's also paying attention to tabs.
Taken from: Piotr Stefaniak
indent.c has a special loop that stores tokens from between an if () and
the next statement into a buffer. The loop ignored all newlines, but that
resulted in not calling dump_line() when it was needed to produce the
final line of the buffered up comment.
Taken from: Piotr Stefaniak
Work-around a somewhat complex interaction within the code. From
Piotr's commit [1]:
When pr_comment() calls dump_line() for the first line of a multiline
comment, it doesn't include any indentation - it starts with the "/*".
This is consistent for both boxed and not boxed comments. Where the logic
diverges is in how it treats the rest of the lines of the comment. For box
comments indent assumes that it must not change anything, so lines are
dumped as they were, including the indentation where it exists. For the
rest of comments, it will first remove the indentation to store plain text
of the comment and then add it again where indent thinks it's appropriate
-- this is part of comment re-indenting process.
For continuations of multi-line comments, the code that handles comments
in dump_line() will use pad_output() to create indentation from the
beginning of the line (what indent calls the first column) and then write
string pointed by s_com afterwards. But if it's a box comment, the string
will include original indentation, unless it's the first line of the
comment. This is why tab characters from s_com have to be considered when
calculating how much padding is needed and the "while (*com_st == '\t')
com_st++, target += 8;" does that.
In dump_line(), /target/ is initially set to ps.com_col, so it always
assumes that indentation needs to be produced in this function, regardless
of which line of a box comment it is. But for the first line of a box
comment it is not true, so pr_comment() signals it by setting
ps.n_comment_delta, the negative comment delta, to a negative number which
is then added to /target/ in dump_line() on all lines except the first
one, so that the function produces adequate indentation in this special
case.
The bug was in how that negative offset was calculated: pr_comment() used
count_spaces() on in_buffer, which pr_comment() expected to contain
non-null terminated sequence of characters, originating from whatever
originally was on the left side of the comment. Understanding that
count_spaces() requires a string, pr_comment() temporarily set buf_ptr[-2]
to 0 in hope that it would nul-terminate the right thing in in_buffer and
calling count_spaces() would be safe and do the expected thing. This was
false whenever buf_ptr would point into save_com, an entirely different
char array than in_buffer.
The short-term fix is to recognize whether buf_ptr points into in_buffer
or save_com.
Reference:
[1]
ea486a2aa3
Taken from: Piotr Stefaniak
This was needed on stable/10. Apparently, sys/param.h supplies CHAR_MAX
on head. Include limits.h anyway, for consistency, and because C says so.
Sponsored by: Dell EMC
when au_user_mask() fails, it's not a failure to set the audit mask,
but to calculate the audit mask -- and hence a condfiguration-file
issue (of some sort).
MFC after: 3 days
Sponsored by: DARPA, AFRL
During the upgrade of clang/llvm etc to 3.9.0 in r309124, the PACKAGE
directive in the usr.bin/clang/*.mk files got dropped accidentally.
Restore it, with a few minor changes and additions:
* Correct license in clang.ucl to NCSA
* Add PACKAGE=clang for clang and most of the "ll" tools
* Put lldb in its own package
* Put lld in its own package
Reviewed by: gjb, jmallett
X-MFC-With: 309124
Differential Revision: https://reviews.freebsd.org/D8666
indent(1) treated the "L" in "L'a'" as if it were an identifier and forced
a space character after it, breaking valid code.
PR: 143090
MFC after: 2 weeks
Multi-line comments are always block comments in KNF. Restore properly,
handling the case when a long one-liner gets wrapped and becomes a
multi-line comment.
Obtained from: Piotr Stefaniak
In C, strchr(3) returns a char*, whereas C++ defines two overloads:
* const char *strchr(const char*, int)
* char *strchr(char*, int)
Building fdt.cc (with the WITHOUT_GPL_DTC knob set) with libc++ 3.9.0 (imported
in r309124) was failing because libc++ r260377 added the first overload to
string.h, leading to failures such as:
fdt.cc:1638:8: error: cannot initialize a variable of type 'char *' with an
rvalue of type 'const char *'
Just define val as a const char* to fix it.
Upstreamed in https://github.com/davidchisnall/dtc/pull/14
Reviewed by: emaste
Approved by: emaste
If set it installs LLD as /usr/bin/ld. LLD (as of version 3.9) is not
capable of linking the world and kernel, but can self-host and link many
substantial applications. GNU ld continues to be used for the world and
kernel build, regardless of how this knob is set.
It is on by default for arm64, and off for all other CPU architectures.
Sponsored by: The FreeBSD Foundation
The "grouping" and "mon_grouping" values are arrays of one-byte
integers, not arrays of ASCII characters. Display them in a format
similar to GNU and MacOS.
MFC after: 3 days
Sponsored by: Dell EMC
sendfile_swapin() loop works this way:
- Find first invalid page in the request.
- Do vm_pager_has_page() and get count of pages, that can be taken in
single I/O.
- Trim valid pages from the end of the request.
- Cycle through the request and substitute to bogus_page all valid
pages that are in the middle of the request.
- After I/O launched (pager copies array of pages into buf(9), it
is important to restore proper page pointers with help vm_page_lookup().
Count bogus pages used and report them in sendfile stats.
An example problem case is 163.1.0.0 (University of Oxford)
which is in an APNIC ERX address range. Previously we assumed
that ARIN has the correct information for all ERX allocations,
but in this case ARIN refers back to APNIC, rather than referring
to RIPE. This caused whois to loop.
Whois will no longer loop back and forth forever between two RIRs
that don't have an answer, but instead try the other RIRs in turn.
As Jean-Sébastien notes, fold(1) requires handling argv-supplied files. That
will require a slightly more sophisticated approach.
Reported by: dumbbell@
Sponsored by: Dell EMC Isilon
Trivially capsicumize some simple programs that just interact with
stdio. This list of programs uses 'pledge("stdio")' in OpenBSD.
No objection from: allanjude, emaste, oshogbo
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D8307
The previous calculation used an approximation which was only valid in
cases where the means being compared were similar; this resulted in very
odd claims being made, e.g. that 0 +/- 0 is a difference of -100% +/- 1%
from 100 +/- 1.
The new calculation scales sample standard deviations by the means, and
yields approximately correct percentage difference bounds providing that
the reference population is bounded away from zero. (In the case where
the values being compared are not sufficiently bounded away from zero,
the distribution of ratios becomes much harder to calculate, and is not
likely to be useful anyway.)
Note that when ministat is used for its intended purpose of determining
whether two samples are statistically different, this change is unlikely
to have any noticeable effect; in such cases the means will be similar
enough that the correction applied here will be minimal.
In r297602, which included a __FreeBSD_version bump to 1100105, we changed
sed 'i' and 'a' from discarding whitespaces to conform with what GNU and
sysvish sed do.
There are arguments in favor of keeping the old behavior but the new
behavior is also useful for migration purposes. It seems important to at
least consider the case of developers depending on the previous behavior,
so add a CFLAG to enable the old behaviour.
PR: 213474
MFC after: 5 days
The cornercase is when printenv is passed a parameter in the form VAR=val,
where VAR=val exists in the environment. In this case, printenv would print a
spurious newline and returns 0.
Approved by: cognet
MFC after: 1 week
those partitioning schemes that have this concept. Implement it as an
override for mbr's setting 0x80 in the flags for the first partition
when we have boot code.
Differential Revision: https://reviews.freebsd.org/D4403
UUIDs are not portable.
o Move mkimg_uuid() to a new file and merge both gpt_uuid_enc()
and vhd_uuid_enc() into a single mkimg_uuid_enc() that lives
in the same file.
o Move the OS-specific implementation of generating a UUID to
osdep_uuidgen() and provide the implementations for FreeBSD,
macOS and Linux.
o Expect the partitioning scheme headers to be found by having
a search to the directory in which the headers live. This
avoids conflicts on non-FreeBSD machines.
Restructure this script so that it generates a header of tables instead
of a source file. The tables are included in a flags.c source file which
provides functions to decode various system call arguments.
For functions that decode an enumeration, the function returns a pointer
to a string for known values and NULL for unknown values.
For functions that do more complex decoding (typically of a bitmask), the
function accepts a pointer to a FILE object (open_memstream() can be used
as a string builder) to which decoded values are written. If the
function operates on a bitmask, the function returns true if any bits
were decoded or false if the entire value was valid. Additionally, the
third argument accepts a pointer to a value to which any undecoded bits
are stored. This pointer can be NULL if the caller doesn't care about
remaining bits.
Convert kdump over to using decoder functions from libsysdecode instead of
mksubr. truss also uses decoders from libsysdecode instead of private
lookup tables, though lookup tables for objects not decoded by kdump remain
in truss for now. Eventually most of these tables should move into
libsysdecode as the automated table generation approach from mksubr is
less stale than the static tables in truss.
Some changes have been made to truss and kdump output:
- The flags passed to open() are now properly decoded in that one of
O_RDONLY, O_RDWR, O_WRONLY, or O_EXEC is always included in a decoded
mask.
- Optional arguments to open(), openat(), and fcntl() are only printed
in kdump if they exist (e.g. the mode is only printed for open() if
O_CREAT is set in the flags).
- Print argument to F_GETLK/SETLK/SETLKW in kdump as a pointer, not int.
- Include all procctl() commands.
- Correctly decode pipe2() flags in truss by not assuming full
open()-like flags with O_RDONLY, etc.
- Decode file flags passed to *chflags() as file flags (UF_* and SF_*)
rather than as a file mode.
- Fix decoding of quotactl() commands by splitting out the two command
components instead of assuming the raw command value matches the
primary command component.
In addition, truss and kdump now build without triggering any warnings.
All of the sysdecode manpages now include the required headers in the
synopsis.
Reviewed by: kib (several older versions), wblock (manpages)
MFC after: 2 months
Differential Revision: https://reviews.freebsd.org/D7847
r109332 introduced these three as DT_SUNW_*. Update to the correct
names already used elsewhere in FreeBSD and the Sun "Linker and
Libraries Guide"
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
- Numerous crash and bug fixes
- Improved warning and error messages
- Permit multiple labels on nodes and properties
- Fix node@address references
- Add support for /delete-node/
- Consume whitespace after a node
- Read the next token before the second /memreserve/
- Fix parsing of whitespace
- Clean up /delete-node/ and add support for /delete-property/
- Handle /delete-node/ specifying a unit address
Obtained from: https://github.com/davidchisnall/dtc @df5ede4
original commit log:
=====
I had originally suspected the parsing of ctype definition files as being
the source of the ctype flag mis-definitions, but it wasn't. In the
process, I simplified the cc_list parsing so I'm committing the no-impact
improvement separately. It removes some parsing redundancies and
won't parse partial range definitions anymore.
====
Submitted by: marino
Obtained from: Dragonfly
MFC after: 1 month
This commit is from John Marino in dragonfly with the following commit log:
====
This was a CTYPE encoding error involving consecutive points of the same
ctype. It was reported by myself to Illumos over a year ago but I was
unsure if it was only happening on BSD. Given the cause, the bug is also
present on Illumos.
Basically, if consecutive points were of the exact same ctype, they would
be defined as a range regardless. For example, all of these would be
considered equivalent:
<A> ... <C>, <H> (converts to <A> .. <H>)
<A>, <B>, <H> (converts to <A> .. <H>)
<A>, <J> ... <H> (converts to <A> .. <H>)
So all the points that shouldn't have been defined got "bridged" by the
extreme points.
The effects were recently reported to FreeBSD on PR 213013. There are
countless places were the ctype flags are misdefined, so this is a major
fix that has to be MFC'd.
====
This reveals a bad change I did on the testsuite: while 0x07FF is a valid
unicode it is not used yet (reserved for future use)
PR: 213013
Submitted by: marino@
Reported by: Kurtis Rader <krader@skepticism.us>
Obtained from: Dragonfly
MFC after: 1 month
Enter Capsicum capability sandbox pretty early in this setuid program.
Some minor modifications were needed to cache directory fds and use
relative lookups.
Rights restriction of the stdio descriptors is unfortunately pretty messy
because we need an ioctl capability not present in the current libcapsicum
helpers (FIODGNAME).
Reviewed by: ed
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D7999
In FreeBSD 11 ELF Tool Chain's elfcopy is installed as objcopy by
default, with the option to switch back to GNU objcopy by setting
WITHOUT_ELFCOPY_AS_OBJCOPY in make.conf.
We plan to remove the outdated in-tree binutils in FreeBSD 12, so
remove the temporary transition aid.
Reviewed by: brooks, imp
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7337
inclusion of <sys/queue.h>.
Move the inclusion of the disk partitioning headers out of order
and inbetween standard headers and local header. They will change
in a subsequent commit.
be used on both macOS and Linux. STAILQs are not. In particular,
STAILQ_LAST does not next on Linux. Since neither STAILQ_FOREACH_SAFE
nor TAILQ_FOREACH_SAFE exist on Linux, replace its use with a regular
TAILQ_FOREACH. The _SAFE variant was only used for having the next
pointer in a local variable.
Previously, kdump used the kernel-only timervalsub() macro which required
defining _KERNEL when including <sys/time.h>. Now, kdump uses the existing
userland API. The timercmp() usage to check for a backwards timestamp is
also clearer and simpler than the previous code which checked the result of
the subtraction for a negative value.
While here, take advantage of the 3-arg timersub() to store the subtraction
results in a tempory timeval instead of overwriting the timestamp in the
ktrace record and then having to restore it.
The kernel uses a few negative errno values for internal conditions
such as requesting a system call restart. Normally these errno values
are not exposed to userland. However, kdump needs access to these
values as some of then can be present in a ktrace system call return
record. Previously kdump was defining _KERNEL to gain access to ehse
values, but was then having to manually declare 'errno' (and doing it
incorrectly). Now, kdump uses _WANT_KERNEL_ERRNO instead of _KERNEL
and uses the system-provided declaration of errno.
In particular, 64-bit system call arguments use up two register_t
arguments for 32-bit processes. They must also be aligned on a 64-bit
boundary on 32-bit powerpc processes. This fixes the decoding of
lseek(), procctl(), and wait6() arguments for 32-bit processes (both
native and via freebsd32).
Note that the ktrace system call return record only returns a single
register, so the return value of lseek is always truncated to the low
32-bits for 32-bit processes.
It also turns off dependencies (bsdinstall, bsdconfig, dpv, tzsetup).
Reviewed by: dteske
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7969
1. macOS nor Linux have MAP_NOCORE nor MAP_NOSYNC. Define as 0.
2. macOS doesn't have SEEK_DATA nor SEEK_HOLE. Define as -1
so that lseek will return -1 (with errno set to EINVAL).
3. gcc correctly warns that error is assigned but not used in
image_copyout_region(). Fix by returning on the first error.
Not only is the header unportable, the encoding/decoding functions
are as well. Instead, duplicate the handful of small inlines we
need into a private header called endian.h.
Aside: an alternative approach is to move the encoding/decoding
functions to a separate system header. While the header is still
nonportable, such an approach would make it possible to re-use the
definitions by playing games with include paths. This may be the
preferred approach if more (build) utilities need this. This
change does not preclude that. In fact, it makes it easier.
otherwise format_resize(), which is called right after, isn't
getting the current/actual image size. Rather than rounding up,
format_resize() could end up truncating the size and we don't
allow that by design.
MFC after: 1 week
Closing stdin/stdout/stderr is often a bad idea as a future open()
can end up with its fd. Leave it open and limit it to no rights
instead.
Reviewed by: cem
Differential Revision: https://reviews.freebsd.org/D7984
bspatch previously included sys/capability.h or sys/capsicum.h based
on __FreeBSD_version, as FreeBSD is the upstream for bsdiff and we may
see this file incorporated into other third-party software.
The Capsicum header is now installed as sys/capsicum.h in stable/10 and
FreeBSD 10.3, so we can just use sys/capsicum.h and simplify the logic.
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D7954
This is not actually documented or even implied in style(9). Make the change
to match convention. Someone should document this convention in style(9).
Reported by: jhb
Sponsored by: EMC Dell Isilon
This is a nice and trivial program for sandboxing. One input file, one
output file.
Reviewed by: pfg
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D7920
This is a straightforward single input, single output program for
capsicum.
Reviewed by: bapt
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D7928
stdio uses fstat and the TIOCGETA ioctl. Also collapse the
cap_rights_limit and new cap_ioctls_limit calls into one if statement.
Errors here are not actionable by the user and distinguishing stdout
from stderr doesn't really have value.
Reported by: kib
Reviewed by: allanjude, bapt
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7944
if getcwd fails: just ignore it and do not try to adding to the list of possible
path where to find the files.
if fdopen fails, warn and return NULL the rest of the code knows how to deal
with it
Reported by: oshogbo
As a trick to be able to access all files passed in arguments (readonly) within
the sandbox we first open the root directory, then consider all files as
relative to this file descriptor.
This might be improved once casper add supports for filesystem.
MFC after: 1 month
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D7936
errx() prefixes the error string with argv[0] so including "login: "
in the string is redundant. Also remove a superfluous newline.
Sponsored by: The FreeBSD Foundation
The first argument of calloc(3) should be an ordinal type, and the
second a size: split a multiplication to make better use of calloc(3)
and detect overflows.
Do some other re-ordering and style fixes while here.
MFC after: 3 weeks
Note that this introduces an explicit 2GB limit, but this was already
implicit in variable and function argument types.
This is based on the "non-cryptanalytic attacks against freebsd
update components" anonymous gist. Further refinement is planned.
Reviewed by: allanjude, cem, kib
Obtained from: anonymous gist
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7619
process. We don't *quite* pull that number out of our backside, as
the actual number is difficult to determine without modifying the VM
system to report it, but it's still useful to get an idea of what's
going on when a machine unexpectedly starts swapping.
MFC after: 1 week
