#
dfabf3ef |
|
03-Feb-2024 |
Mark Johnston <markj@FreeBSD.org> |
libjail: Guard against programmer error in jailparam_export() If the caller didn't use jailparam_import() to fetch the parameter value, an attempt to export it will trigger a segfault. Make it a bit easier to figure out what's happening in this situation. PR: 276809 Reviewed by: jamie MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D43732
|
#
a2f733ab |
|
24-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
lib: Automated cleanup of cdefs and other formatting Apply the following automated changes to try to eliminate no-longer-needed sys/cdefs.h includes as well as now-empty blank lines in a row. Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/ Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/ Remove /\n+#if.*\n#endif.*\n+/ Remove /^#if.*\n#endif.*\n/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/ Sponsored by: Netflix
|
#
1d386b48 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line .c pattern Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
#
4d846d26 |
|
10-May-2023 |
Warner Losh <imp@FreeBSD.org> |
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause. Discussed with: pfg MFC After: 3 days Sponsored by: Netflix
|
#
accd6aa2 |
|
07-Jan-2020 |
Mark Johnston <markj@FreeBSD.org> |
libjail: Handle an error from reallocarray() when trimming the buffer. There is no API guarantee that realloc() will not fail when the buffer is shrinking. Handle it by simply returning the untrimmed buffer. While this is unlikely to ever happen in practice, it seems worth handling just to silence static analyzer warnings. PR: 243106 Submitted by: Hans Christian Woithe <chwoithe@yahoo.com> MFC after: 1 week
|
#
6ab631e8 |
|
22-Jun-2019 |
Devin Teske <dteske@FreeBSD.org> |
`libjail/jail.c' includes both <sys/param.h> and <sys/types.h> Latter is undesired when including <sys/param.h> according to style(9) Submitted by: Faraz Vahedi Reviewed by: cem Differential Revision: https://reviews.freebsd.org/D20637
|
#
123af6ec |
|
20-Mar-2019 |
Alan Somers <asomers@FreeBSD.org> |
Rename fuse(4) to fusefs(4) This makes it more consistent with other filesystems, which all end in "fs", and more consistent with its mount helper, which is already named "mount_fusefs". Reviewed by: cem, rgrimes MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D19649
|
#
98f8234b |
|
09-Nov-2018 |
Alan Somers <asomers@FreeBSD.org> |
libjail: fix handling of allow.mount.fusefs in jailparam_init fusefs is inconsistently named. The kernel module is named "fuse", but the mount helper is named "mount_fusefs" and the jail(8) parameter is named "allow.mount.fusefs". Special case it in libjail. Reviewed by: jamie MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D17929
|
#
0e5c6bd4 |
|
04-May-2018 |
Jamie Gritton <jamie@FreeBSD.org> |
Make it easier for filesystems to count themselves as jail-enabled, by doing most of the work in a new function prison_add_vfs in kern_jail.c Now a jail-enabled filesystem need only mark itself with VFCF_JAIL, and the rest is taken care of. This includes adding a jail parameter like allow.mount.foofs, and a sysctl like security.jail.mount_foofs_allowed. Both of these used to be a static list of known filesystems, with predefined permission bits. Reviewed by: kib Differential Revision: D14681
|
#
f047b921 |
|
21-Mar-2018 |
Jamie Gritton <jamie@FreeBSD.org> |
If a jail parameter isn't found, try loading a related kernel module.
|
#
5e53a4f9 |
|
25-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
lib: further adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 2-Clause license, however the tool I was using mis-identified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts.
|
#
6fd94039 |
|
16-Apr-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
libjail: make allocation in jailparam_all() somewhat more robust. Unsign some variables involved in allocation as they will never be negative anyways. Provide some bounds checking through reallocarray(3). This is all very unlikely to have any visible effect. Reviewed by: jamie MFC after: 3 weeks
|
#
e5edb779 |
|
02-Oct-2016 |
Ruslan Bukin <br@FreeBSD.org> |
Fix libjail reached latest sysctl entry. Reviewed by: jamie Sponsored by: DARPA, AFRL Sponsored by: HEIF5 Differential Revision: https://reviews.freebsd.org/D8096
|
#
d031802b |
|
25-Nov-2014 |
Jamie Gritton <jamie@FreeBSD.org> |
In preparation for using clang's -Wcast-qual: Use __DECONST (instead of my own attempted re-invention) for the iov parameters to jail_get/set(2). Similarly remove the decost-ish hack from execvp's argv, except the __DECONST is only added at very end. While I'm at it, remove an unused variable and fix a comment typo.
|
#
49f903d5 |
|
04-Oct-2012 |
Jamie Gritton <jamie@FreeBSD.org> |
Fix some memory allocation errors: * jail_setv will leak a parameter name if jailparam_import fails. * jailparam_all loses the jailparam pointer on realloc error (a clear freshman mistake). * If jailparam_init fails, the caller doesn't need to jailparam_free the buffer. That's not really clear, so set things to NULL allowing jailparam_free to work without error (though it's still not required).
|
#
cee9d6cc |
|
22-May-2012 |
Jamie Gritton <jamie@FreeBSD.org> |
The fix in r235291 re-broke the "allow.nomount" case. Re-fix it by testing for the right parameter name.
|
#
fb8d1d4f |
|
11-May-2012 |
Jamie Gritton <jamie@FreeBSD.org> |
The linker isn't consistent in the ordering of dynamic sysctls, so don't assume that the unnamed final component of "security.jail.param.foo." is one less than the "foo" component. It might be one greater instead.
|
#
699f4007 |
|
01-Mar-2012 |
Jamie Gritton <jamie@FreeBSD.org> |
Handle the case where a boolean parameter is also a node. PR: bin/165515 MFC after: 2 weeks
|
#
cbc134ad |
|
19-Jan-2011 |
Matthew D Fleming <mdf@FreeBSD.org> |
Introduce signed and unsigned version of CTLTYPE_QUAD, renaming existing uses. Rename sysctl_handle_quad() to sysctl_handle_64().
|
#
b81422ef |
|
27-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
Find a jail's type as part of jailparam_init rather than waiting until it's absolutely necessary. MFC after: 1 week
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
881f6af4 |
|
31-Aug-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
Whitespace and comment fixes. MFC after: 3 days
|
#
4d02a3e7 |
|
31-Aug-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
Don't over-allocate array values in jailparam_export. Fix a little comment typo. MFC after: 3 days
|
#
c26c472c |
|
15-Jul-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
Don't import parameter values in jail_getv, except for the search key. Remove the internal jailparam_vlist, in favor of using variants of its logic separately in jail_setv and jail_getv. Free the temporary parameter list and exported values in jail_setv and jail_getv. Noted by: Stanislav Uzunchev MFC after: 3 days
|
#
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
#
8d0a84b1 |
|
22-Feb-2010 |
Ruslan Ermilov <ru@FreeBSD.org> |
MFC: r204008: realloc() with a proper amount of memory.
|
#
f2ee2e68 |
|
17-Feb-2010 |
Ruslan Ermilov <ru@FreeBSD.org> |
realloc() with a proper amount of memory. MFC after: 3 days
|
#
19022f28 |
|
19-Dec-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
MFC r200623: Add a null pointer check so "name" can be used as a key parameter in jailparam_get. PR: bin/141692 Submitted by: delphij
|
#
1574e5dd |
|
16-Dec-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Add a null pointer check so "name" can be used as a key parameter in jailparam_get. PR: bin/141692 Submitted by: delphij MFC after: 3 days
|
#
7cbf7213 |
|
25-Jul-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Some jail parameters (in particular, "ip4" and "ip6" for IP address restrictions) were found to be inadequately described by a boolean. Define a new parameter type with three values (disable, new, inherit) to handle these and future cases. Approved by: re (kib), bz (mentor) Discussed with: rwatson
|
#
69ea521e |
|
25-Jun-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Fix dynamic (re)allocation logic in jailparam_set and jailparam_get. Touch up jailparam_import a bit while I'm at it. Approved by: bz (mentor)
|
#
de6f3704 |
|
24-Jun-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Add libjail, a (somewhat) simpler interface to the jail_set and jail_get system calls and the security.jail.param sysctls. Approved by: bz (mentor)
|