freebsd-skq/sbin
Pawel Jakub Dawidek 0cddb12ffd Currently we are unable to use capsicum for the primary worker process,
because we need to do ioctl(2)s, which are not permitted in the capability
mode. What we do now is to chroot(2) to /var/empty, which restricts access
to file system name space and we drop privileges to hast user and hast
group.

This still allows to access to other name spaces, like list of processes,
network and sysvipc.

To address that, use jail(2) instead of chroot(2). Using jail(2) will restrict
access to process table, network (we use ip-less jails) and sysvipc (if
security.jail.sysvipc_allowed is turned off). This provides much better
separation.

MFC after:	1 week
2011-05-14 17:02:03 +00:00
..
adjkerntz Raise WARNS for various tools where possible. 2010-01-17 21:56:27 +00:00
atacontrol Improve output for controllers that doesn't report SATA speed. 2010-02-22 10:45:40 +00:00
atm MFtbemd: 2010-08-23 22:24:11 +00:00
badsect Switch the default WARNS level for sbin/ to 6. 2009-10-19 16:00:24 +00:00
bsdlabel Widen fields that display partition offset/length. 2011-03-10 08:24:33 +00:00
camcontrol When calling XPT_REL_SIMQ to ajust number of openings, do not try to really 2011-04-20 14:16:22 +00:00
ccdconfig mdoc: drop redundant .Pp and .LP calls 2010-10-08 12:40:16 +00:00
clri Switch the default WARNS level for sbin/ to 6. 2009-10-19 16:00:24 +00:00
comcontrol ANSIfy almost all applications that use WARNS=6. 2009-12-29 22:53:27 +00:00
conscontrol Changed "conscontrol unset" to accept an existing virtual 2011-04-18 20:28:07 +00:00
ddb Plug an fd leak 2010-11-22 07:00:47 +00:00
devd Typo. For USB devices, 'serial' should be 'sernum'. 2011-05-10 02:34:11 +00:00
devfs Document the interaction between /etc/devfs.conf and 2010-02-21 10:29:45 +00:00
dhclient Use resolvconf(8) to update /etc/resolv.conf. 2011-03-18 12:23:20 +00:00
dmesg Switch the default WARNS level for sbin/ to 6. 2009-10-19 16:00:24 +00:00
dump The dump, fsck_ffs, fsdb, fsirand, newfs, makefs, and quot utilities 2011-01-24 06:17:05 +00:00
dumpfs We now have multiple filesystems (UFS, ZFS, ...), so for tools that only 2011-05-08 12:34:31 +00:00
dumpon Switch the default WARNS level for sbin/ to 6. 2009-10-19 16:00:24 +00:00
fdisk Supply maximum value as an argument to the decimal() function 2011-01-25 04:35:07 +00:00
fdisk_pc98 Use the common PC98_SID_ACTIVE define instead of a local define. 2009-03-19 12:31:59 +00:00
ffsinfo Bump WARNS where possible. 2010-02-15 14:07:40 +00:00
fsck Fix typos and spelling mistakes. 2010-08-06 14:33:42 +00:00
fsck_ffs Add an -E option to mirror newfs's. The idea is that if you have a system 2011-04-29 23:00:23 +00:00
fsck_msdosfs Fix some style(9), although there's a lot more issues here. 2010-06-20 09:40:54 +00:00
fsdb The dump, fsck_ffs, fsdb, fsirand, newfs, makefs, and quot utilities 2011-01-24 06:17:05 +00:00
fsirand The dump, fsck_ffs, fsdb, fsirand, newfs, makefs, and quot utilities 2011-01-24 06:17:05 +00:00
gbde MFtbemd: 2010-08-23 22:24:11 +00:00
geom Document the following sysctls: 2011-05-08 09:46:09 +00:00
ggate Because ggatel(8) operates on local GEOM providers, use unlimited queue size in 2011-04-02 06:59:05 +00:00
growfs We now have multiple filesystems (UFS, ZFS, ...), so for tools that only 2011-05-08 12:34:31 +00:00
gvinum * Add the readline(3) API to libedit. The libedit versions of 2011-04-05 18:41:01 +00:00
hastctl Currently we are unable to use capsicum for the primary worker process, 2011-05-14 17:02:03 +00:00
hastd Currently we are unable to use capsicum for the primary worker process, 2011-05-14 17:02:03 +00:00
ifconfig Revert r220907 and r220915. 2011-04-22 00:44:27 +00:00
init init(8): Document that login(1) is now responsible for recording logouts. 2011-01-23 14:54:45 +00:00
ipf Always assign WARNS using ?= 2010-03-02 16:58:04 +00:00
ipfw Rewrite NAT configuration parser, so that memory allocation size is 2011-04-19 15:03:12 +00:00
iscontrol Fix compilation with debug on. 2011-01-25 22:25:16 +00:00
kldconfig Raise WARNS for various tools where possible. 2010-01-17 21:56:27 +00:00
kldload Make flags in usage() and SYNOPSYS more style(9)-ish. 2010-08-30 07:29:27 +00:00
kldstat In printfile(), exit the process instead of only printing the warning. 2010-11-13 16:49:07 +00:00
kldunload Switch the default WARNS level for sbin/ to 6. 2009-10-19 16:00:24 +00:00
ldconfig ANSIfy ldconfig and the aout bits it still uses from rtld-aout. 2009-12-29 21:07:17 +00:00
mca sysctlbyname() returns -1 on error and sets errno. It does 2010-07-03 22:02:29 +00:00
md5 Switch the default WARNS level for sbin/ to 6. 2009-10-19 16:00:24 +00:00
mdconfig Somewhere around the 473rd time I mistyped "mdconfig file" instead of 2011-04-29 22:40:11 +00:00
mdmfs Switch the default WARNS level for sbin/ to 6. 2009-10-19 16:00:24 +00:00
mknod Fix some more warnings found by clang. 2010-11-22 20:10:48 +00:00
mksnap_ffs Note that a UFS filesystem can have up to 20 active snapshots. 2011-02-15 07:25:54 +00:00
mount Another man page update related to the switchover of the 2011-04-29 01:14:12 +00:00
mount_cd9660 Fix minor memory leak in a function. 2009-11-20 15:28:38 +00:00
mount_ext2fs Switch the default WARNS level for sbin/ to 6. 2009-10-19 16:00:24 +00:00
mount_hpfs mdoc: consistently spell our email addresses <foo@FreeBSD.org> 2010-05-19 08:57:53 +00:00
mount_msdosfs mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the 2010-05-13 12:07:55 +00:00
mount_nfs Implemented a mount option "nocto" that disables cache coherency 2011-05-04 13:27:45 +00:00
mount_ntfs mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the 2010-05-13 12:07:55 +00:00
mount_nullfs ANSIfy almost all applications that use WARNS=6. 2009-12-29 22:53:27 +00:00
mount_reiserfs mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the 2010-05-13 12:07:55 +00:00
mount_std mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the 2010-05-13 12:07:55 +00:00
mount_udf style.Makefile(5): Remove -Wall from CFLAGS. 2006-07-17 20:53:25 +00:00
mount_unionfs Fix SYNOPSIS. 2011-03-23 13:44:09 +00:00
natd Furthermore condition IP waiting behaviour also on -dynamic flag. 2011-04-18 23:45:50 +00:00
newfs Stop trying to zero UFS1 superblocks if we fall off the end of the disk. 2011-04-26 02:06:31 +00:00
newfs_msdos MFtbemd: 2010-08-23 22:24:11 +00:00
nfsiod - Display current settings when run without options. 2009-12-26 08:36:02 +00:00
nos-tun nos-tun(8): make WARNS=3 clean 2010-03-10 18:51:13 +00:00
pfctl Switch the default WARNS level for sbin/ to 6. 2009-10-19 16:00:24 +00:00
pflogd Append to CFLAGS, don't clobber it. 2010-11-05 11:31:39 +00:00
ping Small style fixes: 2010-06-20 12:52:33 +00:00
ping6 Add __unused. Ansi prototypes. 2010-12-19 13:40:38 +00:00
quotacheck Update to current version of head. 2010-04-28 05:33:59 +00:00
rcorder mdoc: move CAVEATS, BUGS and SECURITY CONSIDERATIONS sections to the 2010-05-13 12:07:55 +00:00
reboot Remove vestiges of disklabel(5). 2011-04-14 08:53:04 +00:00
recoverdisk recoverdisk(8): treat output file consistently and abort on EINVAL 2011-05-01 20:14:10 +00:00
resolvconf Add resolvconf(8) which manages resolv.conf. 2011-03-18 12:18:52 +00:00
restore mdoc: make pages render with mandoc 2010-10-21 12:27:13 +00:00
route - Fix array bounds checking. [1] 2010-12-08 15:12:37 +00:00
routed Fix use of AND operator: should be bitwise instead of logical. 2010-11-22 19:40:27 +00:00
rtsol rtsol(8)/rtsold(8): make WARNS=3 clean 2010-02-27 10:19:39 +00:00
savecore Remove the advertising clause from UCB copyrighted files in sbin. This 2010-12-12 21:26:12 +00:00
sconfig Switch the default WARNS level for sbin/ to 6. 2009-10-19 16:00:24 +00:00
setkey mdoc: drop even more redundant .Pp calls 2010-10-19 12:35:40 +00:00
shutdown For compatibility with Linux and Solaris add poweroff(8). 2010-12-30 18:06:31 +00:00
spppcontrol mdoc: order prologue macros consistently by Dd/Dt/Os 2010-04-14 19:08:06 +00:00
sunlabel mdoc: drop even more redundant .Pp calls 2010-10-19 12:35:40 +00:00
swapon Raise WARNS for various tools where possible. 2010-01-17 21:56:27 +00:00
sysctl Introduce signed and unsigned version of CTLTYPE_QUAD, renaming 2011-01-19 23:00:25 +00:00
tunefs We now have multiple filesystems (UFS, ZFS, ...), so for tools that only 2011-05-08 12:34:31 +00:00
umount It's possible to unmount multiple items at once, make it clear. 2011-03-24 12:35:09 +00:00
Makefile Add resolvconf(8) which manages resolv.conf. 2011-03-18 12:18:52 +00:00
Makefile.amd64 MF tbemd: Move to using Makefile.arch to select what to build. 2010-09-13 02:25:21 +00:00
Makefile.arm MF tbemd: Move to using Makefile.arch to select what to build. 2010-09-13 02:25:21 +00:00
Makefile.i386 MF tbemd: Move to using Makefile.arch to select what to build. 2010-09-13 02:25:21 +00:00
Makefile.ia64 MF tbemd: Move to using Makefile.arch to select what to build. 2010-09-13 02:25:21 +00:00
Makefile.inc Switch the default WARNS level for sbin/ to 6. 2009-10-19 16:00:24 +00:00
Makefile.mips MF tbemd: Move to using Makefile.arch to select what to build. 2010-09-13 02:25:21 +00:00
Makefile.pc98 MF tbemd: Move to using Makefile.arch to select what to build. 2010-09-13 02:25:21 +00:00
Makefile.sparc64 MF tbemd: Move to using Makefile.arch to select what to build. 2010-09-13 02:25:21 +00:00