7485684f | 03-Mar-2024 |
Aaron LI <aly@aaronly.me> |
Whitespace cleanups |
5c694678 | 31-Oct-2023 |
Aaron LI <aly@aaronly.me> |
socket: Implement the SO_USER_COOKIE option
This socket option allows to attach an arbitrary uint32_t value to a socket as the user-defined cookie/metadata, and then the cookie can be used in the ke
socket: Implement the SO_USER_COOKIE option
This socket option allows to attach an arbitrary uint32_t value to a socket as the user-defined cookie/metadata, and then the cookie can be used in the kernel help manipulate the traffic of the socket.
For example, this socket option can be set by WireGuard and then matched in IPFW to help control the WireGuard traffic.
This commit is mostly derived from FreeBSD, but I decided to also support this option in getsockopt().
Note that the support of this option in IPFW (and PF and others) is still need to be implemented. I'd like to do it in the future but it may take quite some efforts. This commit alone doesn't achieve much benefits, but it helps port the WireGuard code from FreeBSD, so commit it first.
Bump __DragonFly_version.
Credit: https://github.com/freebsd/freebsd-src/commit/d5e8d236f4009fc2611f996c317e94b2c8649cf5
show more ...
|
7d84b73d | 31-Oct-2023 |
Aaron LI <aly@aaronly.me> |
getsockopt.2: Improve manpage markups a bit
Obtained-from: FreeBSD |
2b3f93ea | 13-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed.
Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
show more ...
|
d13dc3a1 | 20-Sep-2023 |
Aaron LI <aly@aaronly.me> |
getttyent.3: Tweak manpage markup a bit |
f0e61bb7 | 20-Sep-2023 |
Aaron LI <aly@aaronly.me> |
ttys: Add 'ifexists' option to enable ttys only if exists
Implement the 'ifexists' ttys option in init(8) to enable a tty only if it exists. This allows one to turn off getty for ttys that aren't p
ttys: Add 'ifexists' option to enable ttys only if exists
Implement the 'ifexists' ttys option in init(8) to enable a tty only if it exists. This allows one to turn off getty for ttys that aren't present (e.g., on a headless system), and thus prevent getty error logs from filling up /var/log/messages; e.g.,
------ Sep 20 09:13:07 microserver getty[236362]: open /dev/ttyv0: No such file or directory Sep 20 09:13:07 microserver getty[236404]: open /dev/ttyv0: No such file or directory Sep 20 09:13:07 microserver getty[236405]: open /dev/ttyv0: No such file or directory Sep 20 09:13:07 microserver getty[236406]: open /dev/ttyv0: No such file or directory Sep 20 09:13:07 microserver getty[236407]: open /dev/ttyv0: No such file or directory Sep 20 09:13:07 microserver init: getty repeating too quickly on port /dev/ttyv0, sleeping 30 secs ------
Update the ttys(5) and getttyent(3) man pages accordingly.
The updates to ttys files will follow.
Discussed-with: dillon Credit: https://reviews.freebsd.org/D10037
show more ...
|
17183580 | 02-Jun-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
libc - pthread_key_create() adjustments
* Have libc's stub conditionals ignore any error return from pthread_key_create() stubs, in case we decide to change the stub in the future.
* Change pth
libc - pthread_key_create() adjustments
* Have libc's stub conditionals ignore any error return from pthread_key_create() stubs, in case we decide to change the stub in the future.
* Change pthread_key_create() to start allocating keys at key #1 to work around issues with third party programs making assumptions about the valid key range.
show more ...
|
1370a723 | 11-May-2023 |
Sascha Wildner <saw@online.de> |
stand/edk2: Reorganize the edk2 contrib hierarchy a bit.
* Move sys/contrib/edk2 to stand/contrib/edk2 where it really belongs.
* Put the *Pkg dir as an additional layer. Work that is currently in
stand/edk2: Reorganize the edk2 contrib hierarchy a bit.
* Move sys/contrib/edk2 to stand/contrib/edk2 where it really belongs.
* Put the *Pkg dir as an additional layer. Work that is currently in progress will require headers from other *Pkg's and we don't want to jumble them all into one directory.
In-discussion-with: aly
show more ...
|
d34567ca | 09-May-2023 |
Sascha Wildner <saw@online.de> |
Remove two empty private namespaces. One was commented out anyway. |
f984587a | 09-May-2023 |
Sascha Wildner <saw@online.de> |
libz: Stop exporting internal functions.
By default, this affects the following functions, which are now local:
0000000000009d1d t _tr_align 0000000000009d17 t _tr_flush_bits 0000000000009e09 t _tr
libz: Stop exporting internal functions.
By default, this affects the following functions, which are now local:
0000000000009d1d t _tr_align 0000000000009d17 t _tr_flush_bits 0000000000009e09 t _tr_flush_block 0000000000009b8d t _tr_init 0000000000009bfa t _tr_stored_block 000000000000a433 t _tr_tally 0000000000004d69 t gz_error 000000000000ccbd t inflate_fast 000000000000dc92 t inflate_table 000000000000dc6e t zcalloc 000000000000dc81 t zcfree
Remove them from the ZLIBprivate_1.0 namespace, too. Also remove gz_intmax here. It is not built on DragonFly.
show more ...
|
55f88487 | 04-Apr-2023 |
Sascha Wildner <saw@online.de> |
ktrace/kdump: Implement sysctl tracing.
Useful to know which sysctls exactly are being accessed.
Adapted-from: FreeBSD |
3a2fe011 | 09-Mar-2023 |
Sascha Wildner <saw@online.de> |
libc: Fix a typo. It's local storage, not locale storage. |
e682b62b | 05-Mar-2023 |
Sascha Wildner <saw@online.de> |
libc: Sort SRCS in stdio/. |
b13aa964 | 04-Mar-2023 |
Aaron LI <aly@aaronly.me> |
libc: Fix installation of fopencookie.3 man page
Meanwhile, fix the MLINKS error of having odd number of items, which was causing the warning: 'warn: empty MLINK: yp_unbind.3 3' |
b866b1da | 04-Mar-2023 |
Sascha Wildner <saw@online.de> |
libc/ukp_setproctitle: Properly handle skipping the executable's name.
If fmt begins with a "-" character, the executable's name should be skipped. Our fast version of setproctitle() - which is used
libc/ukp_setproctitle: Properly handle skipping the executable's name.
If fmt begins with a "-" character, the executable's name should be skipped. Our fast version of setproctitle() - which is used after the 10th call to setproctitle() - was not handling that correctly.
While here, fix the case where NULL is passed to setproctitle(), which restores the process title to its original value. Just defer back to setproctitle() in this case. Thanks to aly for catching that.
Dragonfly-bug: <https://bugs.dragonflybsd.org/issues/3319>
show more ...
|
22cd51fe | 25-Feb-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
libc - Port chacha20 from FreeBSD for arc4random()
* Port chacha20 from FreeBSD to replace the arc4random() suite.
Requested-by: Zoltan Keri |
8d1e479a | 10-Feb-2023 |
Aaron LI <aly@aaronly.me> |
kldstat(2): Support to report module's full path
Add 'pathname' field to 'kld_file_stat' and 'linker_file' structs, enable the kldstat(2) syscall to report the full path of modules. This also allows
kldstat(2): Support to report module's full path
Add 'pathname' field to 'kld_file_stat' and 'linker_file' structs, enable the kldstat(2) syscall to report the full path of modules. This also allows kldstat(8) to print the full path of loaded modules, which may be helpful in debugging.
Bump __DragonFly_version due to syscall interface change.
Obtained-from: FreeBSD (revision 172862, commit 1676805c186f5dea36d331a982480d7d9693b126)
See also: https://lists.dragonflybsd.org/pipermail/users/2023-January/428489.html
show more ...
|
54fa87ff | 09-Feb-2023 |
Sascha Wildner <saw@online.de> |
libc/fopencookie: Additional fix which I forgot in a431bfe52a2aad0a18c.
Fixes buildworld. |
a431bfe5 | 09-Feb-2023 |
Sascha Wildner <saw@online.de> |
<stdio.h>: Fix issues introduced with the fopencookie() changes.
a765cedf26cef470ba7deee42c365f0221690a1a added fopencookie() and associated types from FreeBSD but it introduced a number of issues:
<stdio.h>: Fix issues introduced with the fopencookie() changes.
a765cedf26cef470ba7deee42c365f0221690a1a added fopencookie() and associated types from FreeBSD but it introduced a number of issues:
* Wrong parentheses caused it to try to (re-)typedef the ssize_t type. Fixed by removing parentheses and using __ssize_t. This fixes graphics/png as pointed out by David Shao. ssize_t isn't available in the compilation environment that graphics/png uses.
* Use off_t which is 64 bits in DragonFly. No need for off64_t.
* Put everything under __BSD_VISIBLE because it is not standard.
* While here, bump the manpage's date properly.
Reported-by: David Shao Dragonfly-bug: <https://bugs.dragonflybsd.org/issues/3343>
show more ...
|
8d6aeca2 | 04-Feb-2023 |
Sascha Wildner <saw@online.de> |
For manual pages from ports, show the ports category/name only the first time the page is mentioned but not every time. |
a765cedf | 04-Feb-2023 |
Antonio Huete Jimenez <tuxillo@quantumachine.net> |
fopencookie(3): Add a wrapper around funopen(3)
- Minor adjustment to _flags since ours reside on the public interface. - Untested. A unit test would be a good thing to have :)
Taken from :
fopencookie(3): Add a wrapper around funopen(3)
- Minor adjustment to _flags since ours reside on the public interface. - Untested. A unit test would be a good thing to have :)
Taken from : FreeBSD 877a840c080f FreeBSD-Review: https://reviews.freebsd.org/D6282
show more ...
|
efbafed1 | 06-Jan-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
build - Fix make concurrency for libpcap
* Fix a make concurrency issue |
b97fef05 | 14-Dec-2022 |
Matthew Dillon <dillon@backplane.com> |
world - Fix buildworld bootstrapping on older systems
* Adjustments for the buildworld bootstrap stages when building on older systems that do not have sys/byteswap.h.
* Note that the first __Dra
world - Fix buildworld bootstrapping on older systems
* Adjustments for the buildworld bootstrap stages when building on older systems that do not have sys/byteswap.h.
* Note that the first __DragonFly_Version rev containing sys/byteswap,h is 500908 in comments (no functional changes to sys/param.h)
show more ...
|
2c81fb9c | 28-Nov-2022 |
Antonio Huete Jimenez <tuxillo@quantumachine.net> |
openssh: Adjustments after import
- Adjust README.DELETED and README.DRAGONFLY - Update openbsd-compat - Regen config.h , adjusting several defines manually because the configure script seems
openssh: Adjustments after import
- Adjust README.DELETED and README.DRAGONFLY - Update openbsd-compat - Regen config.h , adjusting several defines manually because the configure script seems to not detect everything correctly. - Add some required source files to SRCS in various programs.
Basic testing done: - sshd runs and works, i.e. accepts incoming connections, allows different auth methods (interactive, key). - X-Forwarding works. - Can ssh to other OSes.
show more ...
|
6f5ec8b5 | 27-Nov-2022 |
Antonio Huete Jimenez <tuxillo@quantumachine.net> |
libressl: Local modifications after the upgrade (refs #3333)
libressl: - Adjust Makefiles to include a number of source files that have been either added or moved around. - Bump shlib. -
libressl: Local modifications after the upgrade (refs #3333)
libressl: - Adjust Makefiles to include a number of source files that have been either added or moved around. - Bump shlib. - Forcibly compile in engines by removing OPENSSL_NO_ENGINE which no longer seems to be valid to have a full build. We wanted to avoid doing hacks to bypass the OPENSSL_NO_ENGINE requirement. As far as we know the engine code is disabled anyways. librecrypto: - Adjust Makefiles to include a number of source files that have been either added or moved around. - Bump shlib. ldns: - Remove HAVE_EVP_DSS1 from config.h to avoid using removed LibreSSL API functions. crytpsetup: - Adjustments to use the new API. dc: - Adjustments to use the new API. nc: - Add more source files to the Makefile from libtls, which are now required.
Testing-and-fixes: @dillon, @tuxillo, @aly
show more ...
|