#
2b3f93ea |
| 13-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed.
Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
show more ...
|
Revision tags: v6.4.0, v6.4.0rc1, v6.5.0, v6.2.2 |
|
#
3e885352 |
| 29-Jan-2022 |
Sascha Wildner <saw@online.de> |
libc: Remove libc checks around manual pages from the Makefile.inc's.
Handle this better by setting NOMAN for libc_rtld.
|
Revision tags: v6.2.1, v6.2.0, v6.3.0, v6.0.1 |
|
#
ee5a5918 |
| 14-Sep-2021 |
Sascha Wildner <saw@online.de> |
Some additions and fixes related to fdatasync(2) and posix_fallocate(2).
* Fix a small issue in VOP_FDATASYNC()'s definition in <sys/vfsops.h>.
* Mention fdatasync() in fsync.2 (this basically sync
Some additions and fixes related to fdatasync(2) and posix_fallocate(2).
* Fix a small issue in VOP_FDATASYNC()'s definition in <sys/vfsops.h>.
* Mention fdatasync() in fsync.2 (this basically syncs that manual page with FreeBSD, with a few adjustments).
* Add a manual page for posix_fallocate() (from FreeBSD, with a few adjustments).
* Mention fdatasync() in the list of reentrant functions in sigaction.2.
* In pthread_testcancel.3, mention fdatasync() in the list of functions for which a cancellation point will occur.
* Mention VOP_FDATASYNC() in VOP_FSYNC.9 (partly taken from FreeBSD).
* Remove a compatibility define in the fsstress tool.
Thanks to tkusumi for reviewing.
show more ...
|
#
5229377c |
| 07-Sep-2021 |
Sascha Wildner <saw@online.de> |
kernel/libc: Remove the old vmm code.
Removes the kernel code and two system calls.
Bump __DragonFly_version too.
Reviewed-by: aly, dillon
|
Revision tags: v6.0.0, v6.0.0rc1, v6.1.0 |
|
#
337acc44 |
| 17-Feb-2021 |
Aaron LI <aly@aaronly.me> |
Implement the fexecve(2) system call
The fexecve(2) function is equivalent to execve(2), except that the file to be executed is determined by the file descriptor fd instead of a pathname.
The purpo
Implement the fexecve(2) system call
The fexecve(2) function is equivalent to execve(2), except that the file to be executed is determined by the file descriptor fd instead of a pathname.
The purpose of fexecve(2) is to enable executing a file which has been verified to be the intended file. It is possible to actively check the file by reading from the file descriptor and be sure that the file is not exchanged for another between the reading and the execution.
See https://pubs.opengroup.org/onlinepubs/9699919799/functions/fexecve.html
This work is partially based on swildner's patch and FreeBSD's implementation (revisions 177787, 182191, 238220).
XXX: We're missing O_EXEC support in open(2).
Reviewed-by: dillon
show more ...
|
#
86ccdacb |
| 17-Jan-2021 |
Aaron LI <aly@aaronly.me> |
Implement clock_nanosleep(2) system call
* Extend the nanosleep1() function in kern_time.c to support the clock_nanosleep(2) system call. Add {kern,sys}_clock_nanosleep() functions and update k
Implement clock_nanosleep(2) system call
* Extend the nanosleep1() function in kern_time.c to support the clock_nanosleep(2) system call. Add {kern,sys}_clock_nanosleep() functions and update kern_nanosleep() accordingly.
* Add clock_nanosleep() syscall to syscalls.master and regenerate syscall-related files.
* Update libc symbols with the new syscall.
* Add clock_nanosleep() warpper in libthread_xu.
* Update nanosleep.2 man page to describe clock_nanosleep().
* Update <time.h> and bump __DragonFly_version.
This work is loosely based on the FreeBSD implementation: https://reviews.freebsd.org/rS315526
This clock_nanosleep(2) syscall passed all tests in the Open POSIX Test Suite [0]:
conformance/interfaces/clock_nanosleep/1-1: execution: PASS conformance/interfaces/clock_nanosleep/1-2: execution: PASS conformance/interfaces/clock_nanosleep/1-3: execution: PASS conformance/interfaces/clock_nanosleep/1-4: execution: PASS conformance/interfaces/clock_nanosleep/1-5: execution: PASS conformance/interfaces/clock_nanosleep/2-1: execution: PASS conformance/interfaces/clock_nanosleep/2-2: execution: PASS conformance/interfaces/clock_nanosleep/2-3: execution: PASS conformance/interfaces/clock_nanosleep/3-1: execution: PASS conformance/interfaces/clock_nanosleep/4-1: execution: PASS conformance/interfaces/clock_nanosleep/5-1: execution: PASS conformance/interfaces/clock_nanosleep/6-1: execution: PASS conformance/interfaces/clock_nanosleep/9-1: execution: PASS conformance/interfaces/clock_nanosleep/8-1: execution: PASS conformance/interfaces/clock_nanosleep/10-1: execution: PASS conformance/interfaces/clock_nanosleep/11-1: execution: PASS conformance/interfaces/clock_nanosleep/13-1: execution: PASS conformance/interfaces/clock_nanosleep/15-1: execution: PASS
[0] Open POSIX Test Suite: http://posixtest.sourceforge.net/
Reviewed-by: swildner, dillon, tuxillo, zach
show more ...
|
#
c6ecc293 |
| 16-Jan-2021 |
Aaron LI <aly@aaronly.me> |
Use ${} instead of $() in various makefiles
Also use ${.TARGET} and ${.ALLSRC] wherever impossible.
Minor style adjustment in at(1)'s makefiles.
|
Revision tags: v5.8.3, v5.8.2, v5.8.1, v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3 |
|
#
d8bda3d5 |
| 02-Feb-2020 |
Matthew Dillon <dillon@apollo.backplane.com> |
libc - Update manual page for realpath(3) and add page for __realpath(2)
* Add a manual page for __realpath(2) which clarifies differences between realpath(3) and __realpath(2).
|
#
417215e8 |
| 02-Feb-2020 |
Matthew Dillon <dillon@apollo.backplane.com> |
libc - Update for realpath() system call support
* The realpath() implementation now checks to see if the system call is available and uses it.
* getosreldate() now caches the result to avoid mul
libc - Update for realpath() system call support
* The realpath() implementation now checks to see if the system call is available and uses it.
* getosreldate() now caches the result to avoid multiple sysctl() calls.
* Add the new system calls (__realpath and getrandom()) to the symbol list.
show more ...
|
#
eb396e51 |
| 14-Nov-2019 |
Matthew Dillon <dillon@apollo.backplane.com> |
world - Add support for lwp_getname() and pthread_get_name_np()
* Add support for the new system call lwp_getname()
* Add support for pthread_get_name_np(), rounding out that function set and imp
world - Add support for lwp_getname() and pthread_get_name_np()
* Add support for the new system call lwp_getname()
* Add support for pthread_get_name_np(), rounding out that function set and improving ports compatibility.
show more ...
|
Revision tags: v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2 |
|
#
925dae71 |
| 01-Mar-2019 |
Sascha Wildner <saw@online.de> |
Adjust various things for the recent brk(2) removal.
|
Revision tags: v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1 |
|
#
f29ea48f |
| 11-Oct-2018 |
Sascha Wildner <saw@online.de> |
kernel/libc: Remove sigstack() remains.
There is no sigstack() syscall anymore in DragonFly, besides being obsolete, so remove some remains like the manual page and prototype, and do some related cl
kernel/libc: Remove sigstack() remains.
There is no sigstack() syscall anymore in DragonFly, besides being obsolete, so remove some remains like the manual page and prototype, and do some related cleanup.
show more ...
|
#
33b81dc9 |
| 30-Sep-2018 |
Matthew Dillon <dillon@apollo.backplane.com> |
system - Add wait6(), waitid(), and si_pid/si_uid siginfo support
* Add the wait6() system call (header definitions taken from FreeBSD). This required rearranging kern_wait() a bit. In particular
system - Add wait6(), waitid(), and si_pid/si_uid siginfo support
* Add the wait6() system call (header definitions taken from FreeBSD). This required rearranging kern_wait() a bit. In particular, we now maintain a hold count of 1 on the process during processing instead of releasing the hold count early.
* Add waitid() to libc (waitid.c taken from FreeBSD).
* Adjust manual pages (taken from FreeBSD).
* Add siginfo si_pid and si_uid support. This basically allows a process taking a signal to determine where the signal came from. The fields already existed in siginfo but were not implemented.
Implemented using a non-queued per-process array of signal numbers. The last originator sending any given signal is recorded and passed through to userland in the siginfo.
* Fixes the 'lightdm' X display manager. lightdm relies on si_pid support. In addition, note that avoiding long lightdm related latencies and timeouts require a softlink from libmozjs-52.so to libmozjs-52.so.0 (must be addressed in dports, not addressed in this commit).
Loosely-taken-from: FreeBSD (wait6, waitid support only) Reviewed-by: swildner
show more ...
|
Revision tags: v5.2.2, v5.2.1 |
|
#
03643777 |
| 10-Apr-2018 |
Sascha Wildner <saw@online.de> |
libc: Move to a format for specifying MLINKS that's less hard on the eyes.
We do it like this in other places of the tree already and will eventually move to this everywhere.
|
Revision tags: v5.2.0, v5.3.0, v5.2.0rc |
|
#
4174424d |
| 04-Mar-2018 |
Sascha Wildner <saw@online.de> |
Fix typo in MLINK name.
|
#
7635cdc1 |
| 02-Mar-2018 |
Sascha Wildner <saw@online.de> |
{read,write}.2: A bit more cleanup. Also add ext*() MLINKS.
|
Revision tags: v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1, v4.8.1 |
|
#
35ca622f |
| 12-Apr-2017 |
John Marino <draco@marino.st> |
Revert "libc: Add temporary (get|set)affinity DF404.0 symbols"
This reverts commit 3c2537818c14aaba122a276020143cd4b92d2cbc.
As indicated in the original commit, the (get|set)affinity DF404.0 symbo
Revert "libc: Add temporary (get|set)affinity DF404.0 symbols"
This reverts commit 3c2537818c14aaba122a276020143cd4b92d2cbc.
As indicated in the original commit, the (get|set)affinity DF404.0 symbols were temporary and limited to the 4.7 development branch. Now that 4.8 has been officially released, remove them as they have served their purpose. By now, all software built on 4.7 should have been rebuilt and thus nothing depends on the mistake symbols.
show more ...
|
Revision tags: v4.8.0, v4.6.2, v4.9.0, v4.8.0rc |
|
#
3c253781 |
| 05-Feb-2017 |
John Marino <draco@marino.st> |
libc: Add temporary (get|set)affinity DF404.0 symbols
The sched_getaffinity, sched_setaffinity and related work had the new symbols erroneously given DF404.0 versioning. This was corrected by commi
libc: Add temporary (get|set)affinity DF404.0 symbols
The sched_getaffinity, sched_setaffinity and related work had the new symbols erroneously given DF404.0 versioning. This was corrected by commit 6262c9d, but that in turn broke any userland programs built with the original symbol versions.
This patch redefines the old symbols while maintaining the correct DF408.0 versions, but it is intended to be temporary. After the branch (e.g. Release 4.8), this commit should be reverted so that the next development trunk won't have the DF404.0 versions. It's expected that all ports and third-party software is rebuilt when upgrading to a new release. This serves as a reasonable bridge to allow affected users to do that rebuild.
This patch is particularly intrusive regarding the syscall assembly file creation, so it's not something we want to leave in place permanently in my opinion.
show more ...
|
#
25e1dde1 |
| 30-Jan-2017 |
Sascha Wildner <saw@online.de> |
libc/libpthread: Some manual page cleanup after the *setaffinity* work.
|
#
b1b85ff2 |
| 30-Jan-2017 |
Sascha Wildner <saw@online.de> |
libc: Remove the unused NO_P1003_1B variable checks.
|
#
a7477187 |
| 19-Jan-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
libc: Add sched_getcpu().
|
#
1eb8c611 |
| 14-Jan-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
lwp: Add lwp_create2 syscll, which takes cpumask for scheduling.
|
#
907281d1 |
| 14-Jan-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
libc: Add sched_{set,get}affinity().
Same as other sched_ fucntions, these two functions do _not_ support the overriding pid as tid as what Linux supports.
|
#
8f95cc34 |
| 09-Jan-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
lwp: Add two syscalls to set/get lwp's CPU affinity mask.
|
#
8289fd98 |
| 26-Nov-2016 |
Sascha Wildner <saw@online.de> |
libc: Fix up compat-43 a bit.
* Functions in libc/compat-43 aren't syscalls so move their manual pages to section 3.
* Move the stuff that is still POSIX to libc/gen: creat, gethostid, getwd, k
libc: Fix up compat-43 a bit.
* Functions in libc/compat-43 aren't syscalls so move their manual pages to section 3.
* Move the stuff that is still POSIX to libc/gen: creat, gethostid, getwd, killpg. compat-43 isn't the right place for them.
* While here, a non-existant .PATH in compat-43/Makefile.inc.
show more ...
|