#
4d65a7c6 |
|
24-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
usr.sbin: Automated cleanup of cdefs and other formatting Apply the following automated changes to try to eliminate no-longer-needed sys/cdefs.h includes as well as now-empty blank lines in a row. Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/ Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/ Remove /\n+#if.*\n#endif.*\n+/ Remove /^#if.*\n#endif.*\n/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/ Sponsored by: Netflix
|
#
1d386b48 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line .c pattern Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
#
fda83023 |
|
05-Jul-2023 |
Mateusz Guzik <mjg@FreeBSD.org> |
jls: low-effort fix to make it compilable with neither inet nor inet6
|
#
4d846d26 |
|
10-May-2023 |
Warner Losh <imp@FreeBSD.org> |
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause. Discussed with: pfg MFC After: 3 days Sponsored by: Netflix
|
#
3050aced |
|
15-Dec-2020 |
Jamie Gritton <jamie@FreeBSD.org> |
Bugfix to not hide jailparam flags, which for example changes the output "vnet=2" to the less opaque "vnet=inherit" Reported by: kevans MFC after: 5 days
|
#
d24f17df |
|
04-Nov-2020 |
Alex Richardson <arichardson@FreeBSD.org> |
Fix bad libbxo format strings in jls The existing format string for the empty case was trying to read varargs values that weren't passed to xo_emit. This appears to work on x86 (since the next argument is probably a pointer an empty string), but for CHERI we can bound variadic arguments and detect a read past the end. While touching these lines also use the libxo 'a' modifier to avoid having to construct the libxo format string using asprintf. Found by: CHERI Reviewed By: allanjude Differential Revision: https://reviews.freebsd.org/D26885
|
#
1de7b4b8 |
|
27-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
various: general adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. No functional change intended.
|
#
8fd1ba2a |
|
24-Dec-2016 |
Jamie Gritton <jamie@FreeBSD.org> |
Improve IP address list representation in libxo output. Extract decision-making about special-case printing of certain jail parameters into a function. Refactor emitting of IPv4 and IPv6 address lists into a function. Resulting user-facing changes: XO_VERSION is bumped to 2. In verbose mode (-v), IPv4 and IPv6-Addresses are now properly emitted as separate lists. This only affects the output in encoding styles, i.e. xml and json. { { "__version": "1", "__version": "2", "jail-information": { "jail-information": { "jail": [ "jail": [ { { "jid": 166, "jid": 166, "hostname": "foo.com", "hostname": "foo.com", "path": "/var/jail/foo", "path": "/var/jail/foo", "name": "foo", "name": "foo", "state": "ACTIVE", "state": "ACTIVE", "cpusetid": 2, "cpusetid": 2, "ipv4_addrs": [ "ipv4_addrs": [ "10.1.1.1", "10.1.1.1", "10.1.1.2", "10.1.1.2", "10.1.1.3", | "10.1.1.3" > ], > "ipv6_addrs": [ "fe80::1000:1", "fe80::1000:1", "fe80::1000:2" "fe80::1000:2" ] ] } } ] ] } } } } In -n mode, ip4.addr and ip6.addr are formatted in the encoding styles' native list types, e.g. instead of comma-separated lists, JSON arrays are printed. jls -n all --libxo json ... "ip4.addr": [ "10.1.1.1", "10.1.1.2", "10.1.1.3" ], "ip4.saddrsel": true, "ip6.addr": [ "fe80::1000:1", "fe80::1000:2" ], ... jls -n all --libxo xml ... <ip4.addr>10.1.1.1</ip4.addr> <ip4.addr>10.1.1.2</ip4.addr> <ip4.addr>10.1.1.3</ip4.addr> <ip4.saddrsel>true</ip4.saddrsel> <ip6.addr>fe80::1000:1</ip6.addr> <ip6.addr>fe80::1000:2</ip6.addr> ... PR: 215008 Submitted by: Christian Schwarz <me@cschwarz.com> Differential Revision: https://reviews.freebsd.org/D8766
|
#
cbbaf9b2 |
|
21-Dec-2015 |
Craig Rodrigues <rodrigc@FreeBSD.org> |
Add libxo support to jls PR: 200746 Submitted by: Emmanuel Vadot <manu bidouilliste com> Reviewed by: allanjude Relnotes: yes Differential Revision: https://reviews.freebsd.org/D4452
|
#
463a577b |
|
20-Oct-2015 |
Eitan Adler <eadler@FreeBSD.org> |
Fix a ton of speelling errors arc lint is helpful Reviewed By: allanjude, wblock, #manpages, chris@bsdjunk.com Differential Revision: https://reviews.freebsd.org/D3337
|
#
b2ea411d |
|
21-Feb-2015 |
Jamie Gritton <jamie@FreeBSD.org> |
Allow for parameters added with the JP_OPT flag to not exist. That's why the flag exists in the first place. MFC after: 1 week
|
#
b687b02f |
|
20-Feb-2015 |
Jamie Gritton <jamie@FreeBSD.org> |
Fix the logic for skipping parameters (with -s) that have "jailsys" parents (such as host.hostname); these were being skipped all the time. That it went this long without anyone noticing is a sign that this feature isn't actually used by anyone, but it's there so it might as well work. MFC after: 1 week
|
#
b300bd47 |
|
20-Feb-2015 |
Jamie Gritton <jamie@FreeBSD.org> |
Allow parameters listed on the command line to override the -v option, instead of crashing. PR: 197701 MFC after: 1 week
|
#
75f75375 |
|
17-May-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Add a -N option that prints the jail name rather than its number. MFC after: 3 weeks
|
#
7412cb7e |
|
06-Mar-2012 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Fix building with WITHOUT_INET_SUPPORT set. Reviewed by: jamie (actually provided the real fix) MFC after: 3 days
|
#
7bf1e98f |
|
13-Aug-2011 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Fix jls backward compat mode broken in r222465, correctly displaying addresses in verbose mode (jls -v) again. Submitted by: jamie MFC after: 3 days Approved by: re (kib)
|
#
e08e8999 |
|
18-Jun-2011 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Add a missing ',' to separate arguments lost for r222465 only found in case a complete world is built without INET support. MFC after: 10 days X-MFC with: 222465
|
#
15ede760 |
|
29-May-2011 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Check for IPv4 or IPv6 to be available by the kernel to not provoke errors trying to query options not available. Make it possible to compile out INET or INET6 only parts. Reviewed by: jamie Sponsored by: The FreeBSD Foundation Sponsored by: iXsystems MFC after: 10 days
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
c2e8cb49 |
|
08-Jul-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
Properly recognize a number followed by non-digits as a jail name. Call "0" a name because zero is used to indicate no specified jid. MFC after: 3 days
|
#
be243501 |
|
23-Mar-2010 |
Ed Schouten <ed@FreeBSD.org> |
MFC r205296: Properly progress through the list of IPv6 addresses using in6_addr size. Right now if a jail has multiple IPv6 addresses, it will print them shifting only 4 bytes at a time. Example: 2001:4dd0:ff41::b23f:a9 2001:4dd0:ff41::b23f:aa Becomes: 2001:4dd0:ff41::b23f:a9 ff41::b23f:a9:2001:4dd0 By casting to in6_addr, it uses the correct offsets.
|
#
f97f9525 |
|
18-Mar-2010 |
Ed Schouten <ed@FreeBSD.org> |
Properly progress through the list of IPv6 addresses using in6_addr size. Right now if a jail has multiple IPv6 addresses, it will print them shifting only 4 bytes at a time. Example: 2001:4dd0:ff41::b23f:a9 2001:4dd0:ff41::b23f:aa Becomes: 2001:4dd0:ff41::b23f:a9 ff41::b23f:a9:2001:4dd0 By casting to in6_addr, it uses the correct offsets. MFC after: 1 week
|
#
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
#
af4411db |
|
19-Dec-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
MFC r200449: Don't free jail parameter values after printing them - jail_param_get expects them to be there for the next jail in the list. PR: bin/141359
|
#
4576bbe2 |
|
12-Dec-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Don't free jail parameter values after printing them - jail_param_get expects them to be there for the next jail in the list. PR: bin/141359 MFC after: 1 week
|
#
290d3c9f |
|
11-Aug-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
MFC r196137: Do not truncate IPv6 addresses when printing them in the jls -av 7.x multi-IP jail backward compat output. Reported by: ed Tested by: ed Reviewed by: rwatson Approved by: re
|
#
50580ef7 |
|
11-Aug-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Do not truncate IPv6 addresses when printing them in the jls -av 7.x multi-IP jail backward compat output. Reported by: ed Tested by: ed Reviewed by: rwatson Approved by: re
|
#
7cbf7213 |
|
25-Jul-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Some jail parameters (in particular, "ip4" and "ip6" for IP address restrictions) were found to be inadequately described by a boolean. Define a new parameter type with three values (disable, new, inherit) to handle these and future cases. Approved by: re (kib), bz (mentor) Discussed with: rwatson
|
#
4d4d8879 |
|
08-Jul-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Give a more expected behavior to -[hns] options, defaulting to all parameters instead of ignoring the options and giving the old-style default output. Approved by: re (kib), bz (mentor)
|
#
de6f3704 |
|
24-Jun-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Add libjail, a (somewhat) simpler interface to the jail_set and jail_get system calls and the security.jail.param sysctls. Approved by: bz (mentor)
|
#
baab20bd |
|
17-Jun-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Use the right jail parameters for -v (cpuset has changed to cpuset.id). Reported by: netchild Approved by: bz (mentor)
|
#
73d0971b |
|
27-May-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Add support for the arbitrary named jail parameters used by jail_set(2) and jail_get(2). Jail(8) can now create jails using a "name=value" format instead of just specifying a limited set of fixed parameters; it can also modify parameters of existing jails. Jls(8) can display all parameters of jails, or a specified set of parameters. The available parameters are gathered from the kernel, and not hard-coded into these programs. Small patches on killall(1) and jexec(8) to support jail names with jail_get(2). Approved by: bz (mentor)
|
#
1f34f30f |
|
14-Dec-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Make sure that the direct jls invocations prints something reasonable close to and in the same format as it had always. r185435 said it would try that but I had been living with jail patches for too long to actually remember the single-line format when adding backwards compatibility back in p4. Reported by: Philipp Wuensche <cryx-freebsd@h3q.com> Tested by: Philipp Wuensche <cryx-freebsd@h3q.com> MFC after: 4 weeks (just for me to get the mail)
|
#
0f1fe22d |
|
10-Dec-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Correctly check the number of prison states to not access anything outside the prison_states array. When checking if there is a name configured for the prison, check the first character to not be '\0' instead of checking if the char array is present, which it always is. Note, that this is different for the *jailname in the syscall. Found with: Coverity Prevent(tm) CID: 4156, 4155 MFC after: 4 weeks (just that I get the mail)
|
#
413628a7 |
|
29-Nov-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
MFp4: Bring in updated jail support from bz_jail branch. This enhances the current jail implementation to permit multiple addresses per jail. In addtion to IPv4, IPv6 is supported as well. Due to updated checks it is even possible to have jails without an IP address at all, which basically gives one a chroot with restricted process view, no networking,.. SCTP support was updated and supports IPv6 in jails as well. Cpuset support permits jails to be bound to specific processor sets after creation. Jails can have an unrestricted (no duplicate protection, etc.) name in addition to the hostname. The jail name cannot be changed from within a jail and is considered to be used for management purposes or as audit-token in the future. DDB 'show jails' command was added to aid debugging. Proper compat support permits 32bit jail binaries to be used on 64bit systems to manage jails. Also backward compatibility was preserved where possible: for jail v1 syscalls, as well as with user space management utilities. Both jail as well as prison version were updated for the new features. A gap was intentionally left as the intermediate versions had been used by various patches floating around the last years. Bump __FreeBSD_version for the afore mentioned and in kernel changes. Special thanks to: - Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches and Olivier Houchard (cognet) for initial single-IPv6 patches. - Jeff Roberson (jeff) and Randall Stewart (rrs) for their help, ideas and review on cpuset and SCTP support. - Robert Watson (rwatson) for lots and lots of help, discussions, suggestions and review of most of the patch at various stages. - John Baldwin (jhb) for his help. - Simon L. Nielsen (simon) as early adopter testing changes on cluster machines as well as all the testers and people who provided feedback the last months on freebsd-jail and other channels. - My employer, CK Software GmbH, for the support so I could work on this. Reviewed by: (see above) MFC after: 3 months (this is just so that I get the mail) X-MFC Before: 7.2-RELEASE if possible
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
3a6b8b21 |
|
19-Aug-2005 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Sync code with the error report: calloc(number, 1) is equivalent to malloc(number).
|
#
8bd435d9 |
|
14-Aug-2005 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Not sure why, but SYSCTL_OUT() can sometimes keep returning ENOMEM in sysctl_jail_list(). Because of this, jls(8) could enter into an endless loop. The strange thing is, that we can call jls(8) while the other one is in loop and it will succeed - SYSCTL_OUT() will not return ENOMEM there. Maybe SYSCTL_OUT() returns first ENOMEM, because there is no memory, but is marking some memory range as wired even on failure and another SYSCTL_OUT() calls are not going to succeed, because process exceeds limit of wired memory? ENOVMCLUE. Anyway. Fix jls(8) to ignore ENOMEM and retry only 4 times. Submitted by: Niklas Saers PR: kern/79245 MFC after: 3 days
|
#
90e0c23c |
|
22-Apr-2003 |
Mike Barcroft <mike@FreeBSD.org> |
IP addresses can be up to 15 characters long, not 12. PR: 50904
|
#
87d88cec |
|
17-Apr-2003 |
Bruce Evans <bde@FreeBSD.org> |
Fixed an err() format error in rev.1.1. This should have been fatal since WARNS was high in rev.1.1, but __printf0like() has been temporarily disabled for 9 months.
|
#
ebf5d9bc |
|
08-Apr-2003 |
Mike Barcroft <mike@FreeBSD.org> |
o Add jls(8) for listing active jails. o Add jexec(8) to execute a command in an existing jail. o Add -j option for killall(1) to kill all processes in a specified jail. o Add -i option to jail(8) to output jail ID of newly created jail.
|