libcasper: add missing unistd.h

Reported by: Arrigo Marchiori <ardovm (at) yahoo.it>

Git Hash: b4fe6fbab236a0fd37ebafb4d3bb15856f99596c
Git Author: oshogbo@FreeBSD.org

libcasper: fix descriptors numbers

Casper services expect that the first 3 descriptors (stdin/stdout/stderr)
will point to /dev/null. Which Casper will ensure later. The Casper
services are forked from the original process. If the initial process
closes one of those descriptors, Casper may reuse one of them for it on
purpose. If this is the case, then renumarate the descriptors used by
Casper to higher numbers. This is done already after the fork, so it
doesn't break the parent process.

PR: 255339
Reported by: Borja Marcos <borjam (at) sarenet.es>
Tested by: jkim@

(cherry picked from commit aa310ebfba3d49a0b6b03a103b969731a8136a73)

Git Hash: 6c0a51837f4ba242ea723a887c3b6120d9335c8f
Git Author: oshogbo@FreeBSD.org

MFC r305626,r305629,r307863,r322447,r322448,r322449,r322450,r322451:

r305626 (by oshogbo):

Move libcasper tests from regression/capsicum/libcasper/ to
lib/libcasper/service/${service_name}/tests.

r305629 (by jkim):

Add new directories added in r305626 to fix "make installworld".

r307863 (by emaste):

Set SHLIBDIR before .including src.opts.mk in libcapser services

bsd.own.mk (included from src.opts.mk) sets SHLIBDIR?=${LIBDIR}, so
SHLIBDIR must be set before including either one of them.

MFC with: 305626

r322447:

Fix result printing

- Flushing stdout prevents the buffer from being printed twice, fixing
issues with stdout printing out the testplan, etc, twice.
- Don't print out raw source/line numbers; hide them behind comments.

r322448:

Make root-privileges a requirement for the test

Some of the testcases try to manipulate sysctls that require root privileges,
e.g., "kern.sync_on_panic". Make root-privileges a hard requirement so the
tests don't raise false positives due to privilege issues when calling
sysctlbyname(3) on writable sysctls.

r322449:

Use hardcoded IPv4/IPv6 addresses for google-public-dns-a.google.com instead
of freefall.freebsd.org to unbreak the DNS tests

The address allocations for freefall.freebsd.org have changed in the past 4 years.
Use a more stable set of hardcoded addresses for now to make the tests succeed
reliably.

The hostname should be resolved dynamically instead of hardcoding the addresses in
the future. This is just a bandaid.

r322450:

Integrate the tests moved in r305626 in to the FreeBSD test suite

The reachover Kyuafiles were never added, and thus the tests were installed
as standalone tests, and not integrated into the full suite.

MFC with: r305626, 305629, r307863, r322447, r322448, r322449

r322451:

TESTSDIR isn't required; remove it

MFC with: r322450

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Don't close fd if it's lower then stderr, otherwise we can close
one of the descriptor which we just set.

Pointed out by: jilles
Approved by: re (hrs)

Add flags to the Casper services.

CASPER_SERVICE_STDIO - Casper will not close the first three descriptors (stdin,
stdout and stderr) this can be helpful for debugging.
CASPER_SERVICE_FD - Capser will not close all other descriptors, this can
be useful for a filesystem service.

Don't call setgrent() in an unportable way.

For FreeBSD 12, I'm considering updating setgrent() to have a function
prototype that conforms to POSIX. FreeBSD seems to be the only operating
system that lets setgrent() return an integer. It's also inconsistent
with setpwent().

It looks like our libcasper depends on setgrent() returning an integer.
Get rid of that.

Reviewed by: oshogbo
Differential Revision: https://reviews.freebsd.org/D6659

Merge the projects/release-pkg branch to head.

This allows packaging the base system with pkg(8), including
but not limited to providing the ability to provide upstream
binary update possibilities for non-tier-1 architectures.

This merge is a requirement of the 11.0-RELEASE, and as such,
thank you to everyone that has tested the project branch.

Documentation in build(7) etc. is still somewhat sparse, but
updates to those parts will follow.

Sponsored by: The FreeBSD Foundation

Set NULL to the ai_next pointer which fix cap_getaddrinfo().
Add regression test case.

PR: 195551
Submitted by: Mikhail <mp39590@gmail.com>
Approved by: pjd (mentor)

Update dependencies.

Sponsored by: EMC / Isilon Storage Division

Remove unneeded lines.

- WARNS can be inherited from lib/Makefile.inc
- CFLAGS referred to a non-existent directory and this shouldn't be needed
anyhow due to the build picking up includes from WORLDTMP.

Sponsored by: EMC / Isilon Storage Division

These can build in parallel.

Sponsored by: EMC / Isilon Storage Division

Convert casperd(8) daemon to the libcasper.
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.

Discussed with: pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by: drysdale@google.com, bdrewery
Approved by: pjd (mentor)
Differential Revision: https://reviews.freebsd.org/D4277

META MODE: Update dependencies with 'the-lot' and add missing directories.

This is not properly respecting WITHOUT or ARCH dependencies in target/.
Doing so requires a massive effort to rework targets/ to do so. A
better approach will be to either include the SUBDIR Makefiles directly
and map to DIRDEPS or just dynamically lookup the SUBDIR. These lose
the benefit of having a userland/lib, userland/libexec, etc, though and
results in a massive package. The current implementation of targets/ is
very unmaintainable.

Currently rescue/rescue and sys/modules are still not connected.

Sponsored by: EMC / Isilon Storage Division

Let the nv.h and dnv.h includes be only in sys directory.

Change consumers to include those files from sys.
Add duplicated files to ObsoleteFiles.

Approved by: pjd (mentor)

Revert r284417 it is not necessary anymore

Enforce overwritting SHLIBDIR

Since METAMODE has been added, sys.mk loads bsd.mkopt.mk which ends load loading
bsd.own.mk which then defines SHLIBDIR before all the Makefile.inc everywhere.

This makes /lib being populated again.

Reported by: many

Approved, oprócz użycie RESTORE_ERRNO() do ustawiania errno.

Change the nvlist_recv() function to take additional argument that
specifies flags expected on the received nvlist. Receiving a nvlist with
different set of flags than the ones we expect might lead to undefined
behaviour, which might be potentially dangerous.

Update consumers of this and related functions and update the tests.

Approved by: pjd (mentor)

Update man page for nvlist_unpack, nvlist_recv, nvlist_xfer, cap_recv_nvlist
and cap_xfer_nvlist.

Reviewed by: AllanJude
Approved by: pjd (mentor)

Convert libraries to use LIBADD
While here reduce a bit overlinking

Update most userspace consumers of capability.h to use capsicum.h instead.

auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

MFC after: 3 weeks

Fix descriptor leak.

MFp4 @1189741:

- Add missing nvlist_destroy().
- Don't override nvlout.

Submitted by: Mariusz Zaborski <oshogbo@FreeBSD.org>
MFC after: 3 days

Fix comparisons in assertions.

Reported by: Coverity
Coverity CID: 1130048

Both libcasper and libcapsicum libraries have to be installed in /lib/,
as they are used by /sbin/casperd.

Forgot to 'svn add' lib/libcasper/ directory.

Reported by: glebius