370017 |
18-Jun-2021 |
git2svn |
libcasper: add missing unistd.h
Reported by: Arrigo Marchiori <ardovm (at) yahoo.it>
Git Hash: b4fe6fbab236a0fd37ebafb4d3bb15856f99596c Git Author: oshogbo@FreeBSD.org |
370004 |
16-Jun-2021 |
git2svn |
libcasper: fix descriptors numbers
Casper services expect that the first 3 descriptors (stdin/stdout/stderr) will point to /dev/null. Which Casper will ensure later. The Casper services are forked from the original process. If the initial process closes one of those descriptors, Casper may reuse one of them for it on purpose. If this is the case, then renumarate the descriptors used by Casper to higher numbers. This is done already after the fork, so it doesn't break the parent process.
PR: 255339 Reported by: Borja Marcos <borjam (at) sarenet.es> Tested by: jkim@
(cherry picked from commit aa310ebfba3d49a0b6b03a103b969731a8136a73)
Git Hash: 6c0a51837f4ba242ea723a887c3b6120d9335c8f Git Author: oshogbo@FreeBSD.org |
322715 |
20-Aug-2017 |
ngie |
MFC r305626,r305629,r307863,r322447,r322448,r322449,r322450,r322451:
r305626 (by oshogbo):
Move libcasper tests from regression/capsicum/libcasper/ to lib/libcasper/service/${service_name}/tests.
r305629 (by jkim):
Add new directories added in r305626 to fix "make installworld".
r307863 (by emaste):
Set SHLIBDIR before .including src.opts.mk in libcapser services
bsd.own.mk (included from src.opts.mk) sets SHLIBDIR?=${LIBDIR}, so SHLIBDIR must be set before including either one of them.
MFC with: 305626
r322447:
Fix result printing
- Flushing stdout prevents the buffer from being printed twice, fixing issues with stdout printing out the testplan, etc, twice. - Don't print out raw source/line numbers; hide them behind comments.
r322448:
Make root-privileges a requirement for the test
Some of the testcases try to manipulate sysctls that require root privileges, e.g., "kern.sync_on_panic". Make root-privileges a hard requirement so the tests don't raise false positives due to privilege issues when calling sysctlbyname(3) on writable sysctls.
r322449:
Use hardcoded IPv4/IPv6 addresses for google-public-dns-a.google.com instead of freefall.freebsd.org to unbreak the DNS tests
The address allocations for freefall.freebsd.org have changed in the past 4 years. Use a more stable set of hardcoded addresses for now to make the tests succeed reliably.
The hostname should be resolved dynamically instead of hardcoding the addresses in the future. This is just a bandaid.
r322450:
Integrate the tests moved in r305626 in to the FreeBSD test suite
The reachover Kyuafiles were never added, and thus the tests were installed as standalone tests, and not integrated into the full suite.
MFC with: r305626, 305629, r307863, r322447, r322448, r322449
r322451:
TESTSDIR isn't required; remove it
MFC with: r322450 |
302408 |
08-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
301844 |
13-Jun-2016 |
oshogbo |
Don't close fd if it's lower then stderr, otherwise we can close one of the descriptor which we just set.
Pointed out by: jilles Approved by: re (hrs)
|
301572 |
08-Jun-2016 |
oshogbo |
Add flags to the Casper services.
CASPER_SERVICE_STDIO - Casper will not close the first three descriptors (stdin, stdout and stderr) this can be helpful for debugging. CASPER_SERVICE_FD - Capser will not close all other descriptors, this can be useful for a filesystem service.
|
301167 |
01-Jun-2016 |
ed |
Don't call setgrent() in an unportable way.
For FreeBSD 12, I'm considering updating setgrent() to have a function prototype that conforms to POSIX. FreeBSD seems to be the only operating system that lets setgrent() return an integer. It's also inconsistent with setpwent().
It looks like our libcasper depends on setgrent() returning an integer. Get rid of that.
Reviewed by: oshogbo Differential Revision: https://reviews.freebsd.org/D6659
|
298107 |
16-Apr-2016 |
gjb |
Merge the projects/release-pkg branch to head.
This allows packaging the base system with pkg(8), including but not limited to providing the ability to provide upstream binary update possibilities for non-tier-1 architectures.
This merge is a requirement of the 11.0-RELEASE, and as such, thank you to everyone that has tested the project branch.
Documentation in build(7) etc. is still somewhat sparse, but updates to those parts will follow.
Sponsored by: The FreeBSD Foundation
|
297982 |
14-Apr-2016 |
oshogbo |
Set NULL to the ai_next pointer which fix cap_getaddrinfo(). Add regression test case.
PR: 195551 Submitted by: Mikhail <mp39590@gmail.com> Approved by: pjd (mentor)
|
296127 |
26-Feb-2016 |
bdrewery |
Update dependencies.
Sponsored by: EMC / Isilon Storage Division
|
296126 |
26-Feb-2016 |
bdrewery |
Remove unneeded lines.
- WARNS can be inherited from lib/Makefile.inc - CFLAGS referred to a non-existent directory and this shouldn't be needed anyhow due to the build picking up includes from WORLDTMP.
Sponsored by: EMC / Isilon Storage Division
|
296125 |
26-Feb-2016 |
bdrewery |
These can build in parallel.
Sponsored by: EMC / Isilon Storage Division
|
296047 |
25-Feb-2016 |
oshogbo |
Convert casperd(8) daemon to the libcasper. After calling the cap_init(3) function Casper will fork from it's original process, using pdfork(2). Forking from a process has a lot of advantages: 1. We have the same cwd as the original process. 2. The same uid, gid and groups. 3. The same MAC labels. 4. The same descriptor table. 5. The same routing table. 6. The same umask. 7. The same cpuset(1). From now services are also in form of libraries. We also removed libcapsicum at all and converts existing program using Casper to new architecture.
Discussed with: pjd, jonathan, ed, drysdale@google.com, emaste Partially reviewed by: drysdale@google.com, bdrewery Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4277
|
291563 |
01-Dec-2015 |
bdrewery |
META MODE: Update dependencies with 'the-lot' and add missing directories.
This is not properly respecting WITHOUT or ARCH dependencies in target/. Doing so requires a massive effort to rework targets/ to do so. A better approach will be to either include the SUBDIR Makefiles directly and map to DIRDEPS or just dynamically lookup the SUBDIR. These lose the benefit of having a userland/lib, userland/libexec, etc, though and results in a massive package. The current implementation of targets/ is very unmaintainable.
Currently rescue/rescue and sys/modules are still not connected.
Sponsored by: EMC / Isilon Storage Division
|
285063 |
02-Jul-2015 |
oshogbo |
Let the nv.h and dnv.h includes be only in sys directory.
Change consumers to include those files from sys. Add duplicated files to ObsoleteFiles.
Approved by: pjd (mentor)
|
284421 |
15-Jun-2015 |
bapt |
Revert r284417 it is not necessary anymore
|
284417 |
15-Jun-2015 |
bapt |
Enforce overwritting SHLIBDIR
Since METAMODE has been added, sys.mk loads bsd.mkopt.mk which ends load loading bsd.own.mk which then defines SHLIBDIR before all the Makefile.inc everywhere.
This makes /lib being populated again.
Reported by: many
|
282346 |
02-May-2015 |
oshogbo |
Approved, oprócz użycie RESTORE_ERRNO() do ustawiania errno.
Change the nvlist_recv() function to take additional argument that specifies flags expected on the received nvlist. Receiving a nvlist with different set of flags than the ones we expect might lead to undefined behaviour, which might be potentially dangerous.
Update consumers of this and related functions and update the tests.
Approved by: pjd (mentor)
Update man page for nvlist_unpack, nvlist_recv, nvlist_xfer, cap_recv_nvlist and cap_xfer_nvlist.
Reviewed by: AllanJude Approved by: pjd (mentor)
|
275024 |
25-Nov-2014 |
bapt |
Convert libraries to use LIBADD While here reduce a bit overlinking
|
263234 |
16-Mar-2014 |
rwatson |
Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a vendor import sometime in the next week or two.
MFC after: 3 weeks
|
261693 |
09-Feb-2014 |
pjd |
Fix descriptor leak.
|
260223 |
03-Jan-2014 |
pjd |
MFp4 @1189741:
- Add missing nvlist_destroy(). - Don't override nvlout.
Submitted by: Mariusz Zaborski <oshogbo@FreeBSD.org> MFC after: 3 days
|
258866 |
03-Dec-2013 |
pjd |
Fix comparisons in assertions.
Reported by: Coverity Coverity CID: 1130048
|
258850 |
02-Dec-2013 |
pjd |
Both libcasper and libcapsicum libraries have to be installed in /lib/, as they are used by /sbin/casperd.
|
258843 |
02-Dec-2013 |
pjd |
Forgot to 'svn add' lib/libcasper/ directory.
Reported by: glebius
|