Non-tests/... changes:
- Add HAS_TESTS= to Makefiles with libraries and programs to enable iteration
and propagate the appropriate environment down to *.test.mk.
tests/... changes:
- Add appropriate support Makefile.inc's to set HAS_TESTS in a minimal manner,
since tests/... is a special subdirectory tree compared to the others.
MFC after: 2 months
MFC with: r322511
Reviewed by: arch (silence), testing (silence)
Differential Revision: D12014
The reachover Kyuafiles were never added, and thus the tests were installed
as standalone tests, and not integrated into the full suite.
MFC after: 1 week
MFC with: r305626, 305629, r307863, r322447, r322448, r322449
of freefall.freebsd.org to unbreak the DNS tests
The address allocations for freefall.freebsd.org have changed in the past 4 years.
Use a more stable set of hardcoded addresses for now to make the tests succeed
reliably.
The hostname should be resolved dynamically instead of hardcoding the addresses in
the future. This is just a bandaid.
MFC after: 1 week
Some of the testcases try to manipulate sysctls that require root privileges,
e.g., "kern.sync_on_panic". Make root-privileges a hard requirement so the
tests don't raise false positives due to privilege issues when calling
sysctlbyname(3) on writable sysctls.
MFC after: 1 week
- Flushing stdout prevents the buffer from being printed twice, fixing
issues with stdout printing out the testplan, etc, twice.
- Don't print out raw source/line numbers; hide them behind comments.
MFC after: 1 week
directories to SUBDIR.${MK_TESTS} idiom
This is being done to pave the way for future work (and homogenity) in
^/projects/make-check-sandbox .
No functional change intended.
MFC after: 1 weeks
channel to a zygote process, rather than sending a function pointer or
service pointer. This avoids transfering pointers between address spaces,
which while robust in this case (due to the zygote being forked() from the
parent) is not generally a good idea, especially in the presence of
increasingly popular control-flow integrity and pointer protection
mitigation schemes. With this change, ping(8) and other sandboxed tools
using libcasper for DNS resolution now work on architectures with tagged
memory again.
Reviewed by: oshogbo
MFC after: 1 week
Sponsored by: DARPA, AFRL
bsd.own.mk (included from src.opts.mk) sets SHLIBDIR?=${LIBDIR}, so
SHLIBDIR must be set before including either one of them.
MFC with: 305626
Sponsored by: The FreeBSD Foundation
CASPER_SERVICE_STDIO - Casper will not close the first three descriptors (stdin,
stdout and stderr) this can be helpful for debugging.
CASPER_SERVICE_FD - Capser will not close all other descriptors, this can
be useful for a filesystem service.
For FreeBSD 12, I'm considering updating setgrent() to have a function
prototype that conforms to POSIX. FreeBSD seems to be the only operating
system that lets setgrent() return an integer. It's also inconsistent
with setpwent().
It looks like our libcasper depends on setgrent() returning an integer.
Get rid of that.
Reviewed by: oshogbo
Differential Revision: https://reviews.freebsd.org/D6659
- WARNS can be inherited from lib/Makefile.inc
- CFLAGS referred to a non-existent directory and this shouldn't be needed
anyhow due to the build picking up includes from WORLDTMP.
Sponsored by: EMC / Isilon Storage Division
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.
Discussed with: pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by: drysdale@google.com, bdrewery
Approved by: pjd (mentor)
Differential Revision: https://reviews.freebsd.org/D4277
This is not properly respecting WITHOUT or ARCH dependencies in target/.
Doing so requires a massive effort to rework targets/ to do so. A
better approach will be to either include the SUBDIR Makefiles directly
and map to DIRDEPS or just dynamically lookup the SUBDIR. These lose
the benefit of having a userland/lib, userland/libexec, etc, though and
results in a massive package. The current implementation of targets/ is
very unmaintainable.
Currently rescue/rescue and sys/modules are still not connected.
Sponsored by: EMC / Isilon Storage Division
Since METAMODE has been added, sys.mk loads bsd.mkopt.mk which ends load loading
bsd.own.mk which then defines SHLIBDIR before all the Makefile.inc everywhere.
This makes /lib being populated again.
Reported by: many
Change the nvlist_recv() function to take additional argument that
specifies flags expected on the received nvlist. Receiving a nvlist with
different set of flags than the ones we expect might lead to undefined
behaviour, which might be potentially dangerous.
Update consumers of this and related functions and update the tests.
Approved by: pjd (mentor)
Update man page for nvlist_unpack, nvlist_recv, nvlist_xfer, cap_recv_nvlist
and cap_xfer_nvlist.
Reviewed by: AllanJude
Approved by: pjd (mentor)
