#
2b3f93ea |
| 13-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed.
Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
show more ...
|
#
dd711b4a |
| 05-Feb-2023 |
Sascha Wildner <saw@online.de> |
Move mailwrapper(8) examples from /etc/mail to /usr/share/examples.
|
Revision tags: v6.4.0, v6.4.0rc1, v6.5.0 |
|
#
b0d1612f |
| 27-Nov-2022 |
Antonio Huete Jimenez <tuxillo@quantumachine.net> |
Add the old libssl/libcrypto to TO_REMOVE_LATE
|
#
c1ccac55 |
| 13-Nov-2022 |
Antonio Huete Jimenez <tuxillo@quantumachine.net> |
ldns: Adjust makefiles for ldns-1.8.3 update.
- Bump soname for api changes, 1.8.3 has major as 3. - Update ldns/ headers and remove them from the vendor branch. - Adjust lib/libssh Makefile to i
ldns: Adjust makefiles for ldns-1.8.3 update.
- Bump soname for api changes, 1.8.3 has major as 3. - Update ldns/ headers and remove them from the vendor branch. - Adjust lib/libssh Makefile to include the headers from ldns. - Update READMES.
Currently only user of the libprivate_ldns is drill(1). OpenSSH will be adjusted to use this lib next.
show more ...
|
Revision tags: v6.2.2, v6.2.1, v6.2.0, v6.3.0 |
|
#
819799ae |
| 30-Dec-2021 |
Sascha Wildner <saw@online.de> |
Remove the old <sys/dir.h> compat header. Nothing needs it anymore.
The world has since switched over to <dirent.h>. Thanks to zrj for confirming that with a full dports bulk build.
The libssh and
Remove the old <sys/dir.h> compat header. Nothing needs it anymore.
The world has since switched over to <dirent.h>. Thanks to zrj for confirming that with a full dports bulk build.
The libssh and RPC examples adjustments are just cosmetics. libssh includes it only on NeXTSTEP and the RPC examples don't build.
show more ...
|
#
ae7dcfc5 |
| 08-Dec-2021 |
Sascha Wildner <saw@online.de> |
Remove the ext2fs_freebsd.ko module via 'make upgrade'.
|
#
5b00f746 |
| 07-Dec-2021 |
Sascha Wildner <saw@online.de> |
Some more adjustments regarding the recent switch to sys/vfs/ext2fs.
* Remove /usr/include/gnu via 'make upgrade'.
* Remove a no longer needed #undef in kdump and friends' ioctl.c.
|
Revision tags: v6.0.1 |
|
#
5229377c |
| 07-Sep-2021 |
Sascha Wildner <saw@online.de> |
kernel/libc: Remove the old vmm code.
Removes the kernel code and two system calls.
Bump __DragonFly_version too.
Reviewed-by: aly, dillon
|
#
4d38b140 |
| 12-Jul-2021 |
Sascha Wildner <saw@online.de> |
Make stand/lib an internal one, i.e. don't install libstand anymore.
Nothing in dports needs it either.
Also, leave the manual page.
|
#
ae75c143 |
| 03-Jul-2021 |
Sascha Wildner <saw@online.de> |
kernel: Remove ndis(4) and associated tools and stuff.
ndis(4) was a wrapper to allow running binary Windows network drivers that conformed to the Network Driver Interface Specification, i.e. NDIS.
kernel: Remove ndis(4) and associated tools and stuff.
ndis(4) was a wrapper to allow running binary Windows network drivers that conformed to the Network Driver Interface Specification, i.e. NDIS.
It only ever supported drivers from the days of Windows XP and Windows Server 2003 (i.e. NDIS 5.1). And even if one was actually able to extract the .sys and .inf files from the driver package and successfully convert them to a building module, which both were adventures in itself, it could be any result when trying to run it, depending on the card and driver, from resonably working to not working, even crashing. But it did work for some cards, so it had some limited merit in its time.
NetBSD removed it in 2018, FreeBSD in January 2021, so let's follow suit now.
show more ...
|
#
423fcad2 |
| 31-May-2021 |
Sascha Wildner <saw@online.de> |
Revert "Remove tcsh emacs script which is obsolete due to the latest tcsh import."
This reverts commit f9a4cffb7a705afb85d8f082d55f89a7ec3f8809.
Not sure anymore why I poked Matthias to add this to
Revert "Remove tcsh emacs script which is obsolete due to the latest tcsh import."
This reverts commit f9a4cffb7a705afb85d8f082d55f89a7ec3f8809.
Not sure anymore why I poked Matthias to add this to 'make upgrade'. Anyway, the file is useful because Emacs does not have a native mode for csh(1) scripts.
show more ...
|
#
42a874b4 |
| 27-May-2021 |
Sascha Wildner <saw@online.de> |
periodic: Rename 220.snapshot-hammer2 to 162.snapshot-hammer2.
160.clean-hammer does cleanup _and_ snapshots for hammer1.
161.clean-hammer2 does the cleanup part for hammer2, so putting the snapsho
periodic: Rename 220.snapshot-hammer2 to 162.snapshot-hammer2.
160.clean-hammer does cleanup _and_ snapshots for hammer1.
161.clean-hammer2 does the cleanup part for hammer2, so putting the snapshot part of the job for hammer2 as 162 looks like the natural choice.
show more ...
|
Revision tags: v6.0.0, v6.0.0rc1, v6.1.0 |
|
#
3e8928ce |
| 22-Mar-2021 |
Sascha Wildner <saw@online.de> |
Makefile_upgrade.inc: Remove obsolete comment.
We stopped keeping formatted manual pages.
See 105f26b55c3c3ffc9913e781deca4c5973a4940c.
|
#
9164a91e |
| 22-Mar-2021 |
Sascha Wildner <saw@online.de> |
include/Makefile: Remove a 'make upgrade' predecessor.
A few days after we pushed RMHEADERS to include/Makefile, the 'upgrade' target was added as a more general approach, but these two headers were
include/Makefile: Remove a 'make upgrade' predecessor.
A few days after we pushed RMHEADERS to include/Makefile, the 'upgrade' target was added as a more general approach, but these two headers were never added to it and removed from include's Makefile.
Add them at the top of Makefile_upgrade.inc.
show more ...
|
#
2a93a2a3 |
| 01-Jan-2021 |
Sascha Wildner <saw@online.de> |
Remove /usr/share/examples/etc/bsd-style-copyright.
/usr/share/examples/etc is supposed to hold the contents of an unchanged /etc directory only. Also, our template is in /COPYRIGHT so there is no p
Remove /usr/share/examples/etc/bsd-style-copyright.
/usr/share/examples/etc is supposed to hold the contents of an unchanged /etc directory only. Also, our template is in /COPYRIGHT so there is no point to keep a different one. Examples of n-clause BSD licenses are widely available online, when needed.
Clean up newvers.sh, which was using the file for vers.c generation. There is no need to put a license on generated files, let alone such simple ones.
show more ...
|
#
6b921297 |
| 01-Jan-2021 |
Aaron LI <aly@aaronly.me> |
Remove obsolete dev_mkdb(8)
The devname(3) has long been updated to determine the device name via the 'kern.devname' sysctl provided by devfs(5). The dev.db created by dev_mkdb(8) is thus unused an
Remove obsolete dev_mkdb(8)
The devname(3) has long been updated to determine the device name via the 'kern.devname' sysctl provided by devfs(5). The dev.db created by dev_mkdb(8) is thus unused and obsolete. So remove dev_mkdb(8) as well and update relevant parts.
show more ...
|
#
7de42e6a |
| 30-Dec-2020 |
Aaron LI <aly@aaronly.me> |
etc/Makefile: Install 'group' and 'master.passwd' to examples/etc
Add back installation of 'group' to '/usr/share/examples/etc'. In addition, also install 'master.passwd' there.
The point is that
etc/Makefile: Install 'group' and 'master.passwd' to examples/etc
Add back installation of 'group' to '/usr/share/examples/etc'. In addition, also install 'master.passwd' there.
The point is that '/usr/share/examples/etc' should have all config files that the initial '/etc' have.
Suggested-by: swildner
show more ...
|
#
db250a0c |
| 27-Dec-2020 |
Aaron LI <aly@aaronly.me> |
etc/Makefile: No need to try to install 'group' file
Similar to the 'master.passwd', no need to try to install the 'group' file, because its update has already been handled by the 'pw-update.sh' scr
etc/Makefile: No need to try to install 'group' file
Similar to the 'master.passwd', no need to try to install the 'group' file, because its update has already been handled by the 'pw-update.sh' script.
show more ...
|
Revision tags: v5.8.3, v5.8.2 |
|
#
d87a94cb |
| 24-Aug-2020 |
Sascha Wildner <saw@online.de> |
zoneinfo: Update /etc/localtime when upgrading timezones.
* Add tzsetup(8) to the bootstrap-tools.
* Install the backward file to retain obsolete timezones as links for backward compatibility. Re
zoneinfo: Update /etc/localtime when upgrading timezones.
* Add tzsetup(8) to the bootstrap-tools.
* Install the backward file to retain obsolete timezones as links for backward compatibility. Remove all these timezones from Makefile_upgrade.inc again. Also extend mtree/BSD.usr.dist for this and remove the old 'dragonfly' file (which was only for UTC).
* After installing new timezones, run tzsetup -r to upgrade the user's chosen timezone. Allow this to fail for quickworlders. It will start working after the next full buildworld.
Taken-from: FreeBSD (with modifications)
show more ...
|
#
c6641c96 |
| 03-Aug-2020 |
Daniel Fojt <df@neosystem.org> |
libressl: keep cms.h
Now, when we enabled CMS by default with LibreSSL 3.1.3, let's keep /usr/include/priv/openssl/cms.h.
Pointed out by: Sascha Wildner
|
#
18a5eb36 |
| 23-Jul-2020 |
Daniel Fojt <df@neosystem.org> |
Fix 'make upgrade' for updated libressl.
Require -DREMOVE_DEPRECATED to remove old versions of libprivate_crypto and libprivate_ssl, as pkg(8) may still be linked against them.
|
#
98456ee8 |
| 22-Jul-2020 |
Sascha Wildner <saw@online.de> |
Remove fuse.ko via 'make upgrade'.
So the ever older module doesn't stay around.
|
#
7dae3d51 |
| 21-Jul-2020 |
Daniel Fojt <df@neosystem.org> |
Upgrade libressl. 2/2
Update README.{DELETED,DRAGONFLY} and adapt Makefiles to vendor changes.
|
#
1ded2c17 |
| 28-Jun-2020 |
Sascha Wildner <saw@online.de> |
Remove bsd.doc.mk via 'make upgrade'.
|
#
fe0a2b7e |
| 04-Jun-2020 |
Sascha Wildner <saw@online.de> |
A little cleanup after recent dhcpcd(8) changes.
* Remove /var/chroot via 'make upgrade' for now.
* Use spaces for indenting in BSD.var.dist.
* Un-document dhcpcd_chrootdir and /var/chroot.
|