kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restricti

kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restrictions
are inherited by sub-processes recursively. Once set, restrictions cannot
be removed.

Basic restrictions that mimic an unadorned jail can be enabled without
creating a jail, but generally speaking real security also requires
creating a chrooted filesystem topology, and a jail is still needed
to really segregate processes from each other. If you do so, however,
you can (for example) disable mount/umount and most global root-only
features.

* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)

* Add sys/caps.h

* Add the "setcaps" userland utility and manual page.

* Remove priv.9 and the priv_check infrastructure, replacing it with
a newly designed caps infrastructure.

* The intention is to add path restriction lists and similar features to
improve jailess security in the near future, and to optimize the
priv_check code.

show more ...

sys/kern: Add fdatasync(2)

Based on the following FreeBSD commits in 2016.
295af703a0d7987c6cf4987e7b7f5f07b3ca1221
1c1cc89580f0fbfabaf6f6c7f0f6440eef0c128e

Add the syscall and also add it to pthre

sys/kern: Add fdatasync(2)

Based on the following FreeBSD commits in 2016.
295af703a0d7987c6cf4987e7b7f5f07b3ca1221
1c1cc89580f0fbfabaf6f6c7f0f6440eef0c128e

Add the syscall and also add it to pthread's cancellation point.
The default behavior is same as fsync(2), which is fine but inefficient.

show more ...

sys/kern: Add posix_fallocate(2)

Based on the initial posix_fallocate(2) implementation in FreeBSD
from d91f88f7f38078ac6dd4b0f0e77470d605d1518e in 2011.

There is nothing special or efficient about

sys/kern: Add posix_fallocate(2)

Based on the initial posix_fallocate(2) implementation in FreeBSD
from d91f88f7f38078ac6dd4b0f0e77470d605d1518e in 2011.

There is nothing special or efficient about the default behavior.
VFS has no knowledge of fs details.

show more ...

kernel/libc: Remove the old vmm code.

Removes the kernel code and two system calls.

Bump __DragonFly_version too.

Reviewed-by: aly, dillon

Implement the fexecve(2) system call

The fexecve(2) function is equivalent to execve(2), except that the file
to be executed is determined by the file descriptor fd instead of a
pathname.

The purpo

Implement the fexecve(2) system call

The fexecve(2) function is equivalent to execve(2), except that the file
to be executed is determined by the file descriptor fd instead of a
pathname.

The purpose of fexecve(2) is to enable executing a file which has been
verified to be the intended file. It is possible to actively check the
file by reading from the file descriptor and be sure that the file is
not exchanged for another between the reading and the execution.

See https://pubs.opengroup.org/onlinepubs/9699919799/functions/fexecve.html

This work is partially based on swildner's patch and FreeBSD's
implementation (revisions 177787, 182191, 238220).

XXX: We're missing O_EXEC support in open(2).

Reviewed-by: dillon

show more ...

Implement clock_nanosleep(2) system call

* Extend the nanosleep1() function in kern_time.c to support the
clock_nanosleep(2) system call. Add {kern,sys}_clock_nanosleep()
functions and update k

Implement clock_nanosleep(2) system call

* Extend the nanosleep1() function in kern_time.c to support the
clock_nanosleep(2) system call. Add {kern,sys}_clock_nanosleep()
functions and update kern_nanosleep() accordingly.

* Add clock_nanosleep() syscall to syscalls.master and regenerate
syscall-related files.

* Update libc symbols with the new syscall.

* Add clock_nanosleep() warpper in libthread_xu.

* Update nanosleep.2 man page to describe clock_nanosleep().

* Update <time.h> and bump __DragonFly_version.

This work is loosely based on the FreeBSD implementation:
https://reviews.freebsd.org/rS315526

This clock_nanosleep(2) syscall passed all tests in the Open POSIX Test
Suite [0]:

conformance/interfaces/clock_nanosleep/1-1: execution: PASS
conformance/interfaces/clock_nanosleep/1-2: execution: PASS
conformance/interfaces/clock_nanosleep/1-3: execution: PASS
conformance/interfaces/clock_nanosleep/1-4: execution: PASS
conformance/interfaces/clock_nanosleep/1-5: execution: PASS
conformance/interfaces/clock_nanosleep/2-1: execution: PASS
conformance/interfaces/clock_nanosleep/2-2: execution: PASS
conformance/interfaces/clock_nanosleep/2-3: execution: PASS
conformance/interfaces/clock_nanosleep/3-1: execution: PASS
conformance/interfaces/clock_nanosleep/4-1: execution: PASS
conformance/interfaces/clock_nanosleep/5-1: execution: PASS
conformance/interfaces/clock_nanosleep/6-1: execution: PASS
conformance/interfaces/clock_nanosleep/9-1: execution: PASS
conformance/interfaces/clock_nanosleep/8-1: execution: PASS
conformance/interfaces/clock_nanosleep/10-1: execution: PASS
conformance/interfaces/clock_nanosleep/11-1: execution: PASS
conformance/interfaces/clock_nanosleep/13-1: execution: PASS
conformance/interfaces/clock_nanosleep/15-1: execution: PASS

[0] Open POSIX Test Suite: http://posixtest.sourceforge.net/

Reviewed-by: swildner, dillon, tuxillo, zach

show more ...

kernel - more cleanup of syscall2()

* Implement an actual SYS___nosys system call.

* Convert one conditional to something that can use CMOV, using
the new SYS___nosys system call code.

* Get rid

kernel - more cleanup of syscall2()

* Implement an actual SYS___nosys system call.

* Convert one conditional to something that can use CMOV, using
the new SYS___nosys system call code.

* Get rid of special checks for SYS_syscall and SYS___syscall.
Instead, provide real vectors for these functions. This also
cleans up a few other bits of code in syscall2().

show more ...

kernel: GC a few old system calls which are libc functions in DragonFly.

Namely, getdomainname, setdomainname, and uname, all of which were
deprecated in early FreeBSD but never really phased out. T

kernel: GC a few old system calls which are libc functions in DragonFly.

Namely, getdomainname, setdomainname, and uname, all of which were
deprecated in early FreeBSD but never really phased out. They were
likely never used (as system calls) in DragonFly at all.

For more information on the FreeBSD history, see FreeBSD's r184789.

show more ...

kernel - Add __realpath() and getrandom() system calls

* Add a kernel __realpath() system call. libc must still implement
the realpath() function to handle NULL buffers (malloc()d buffer
return

kernel - Add __realpath() and getrandom() system calls

* Add a kernel __realpath() system call. libc must still implement
the realpath() function to handle NULL buffers (malloc()d buffer
returned).

The libc implementation checks the osversion for backwards compatibility
before attempting to use the new system call.

* Add a kernel getrandom() system call.

* Bump __DragonFly_version to 500710.

Suggested-by: tuxillo, mjg

show more ...

kernel - Add lwp_getname() system call

* Add a new system call to support pthread_get_name_np().

kernel: Clean up syscalls.master a bit more.

All this and also f29ea48f7a62b011be75119d46acd81bee2dd8ee could have
been cleaned up in d6e8ab2d2508bde32ad7b7daaf86d44ec7330986.

While here, also remo

kernel: Clean up syscalls.master a bit more.

All this and also f29ea48f7a62b011be75119d46acd81bee2dd8ee could have
been cleaned up in d6e8ab2d2508bde32ad7b7daaf86d44ec7330986.

While here, also remove some obsolete comments.

show more ...

syscalls.master: Remove a leftover semicolon.

kernel/libc: Remove sigstack() remains.

There is no sigstack() syscall anymore in DragonFly, besides being
obsolete, so remove some remains like the manual page and prototype,
and do some related cl

kernel/libc: Remove sigstack() remains.

There is no sigstack() syscall anymore in DragonFly, besides being
obsolete, so remove some remains like the manual page and prototype,
and do some related cleanup.

show more ...

system - Add wait6(), waitid(), and si_pid/si_uid siginfo support

* Add the wait6() system call (header definitions taken from FreeBSD).
This required rearranging kern_wait() a bit. In particular

system - Add wait6(), waitid(), and si_pid/si_uid siginfo support

* Add the wait6() system call (header definitions taken from FreeBSD).
This required rearranging kern_wait() a bit. In particular, we now
maintain a hold count of 1 on the process during processing instead
of releasing the hold count early.

* Add waitid() to libc (waitid.c taken from FreeBSD).

* Adjust manual pages (taken from FreeBSD).

* Add siginfo si_pid and si_uid support. This basically allows a process
taking a signal to determine where the signal came from. The fields
already existed in siginfo but were not implemented.

Implemented using a non-queued per-process array of signal numbers.
The last originator sending any given signal is recorded and passed
through to userland in the siginfo.

* Fixes the 'lightdm' X display manager. lightdm relies on si_pid
support. In addition, note that avoiding long lightdm related
latencies and timeouts require a softlink from libmozjs-52.so to
libmozjs-52.so.0 (must be addressed in dports, not addressed in this
commit).

Loosely-taken-from: FreeBSD (wait6, waitid support only)
Reviewed-by: swildner

show more ...

libc/libpthread: Add clock_getcpuclockid() and pthread_getcpuclockid().

* Adjust clock_gettime() and clock_getres() to accept values obtained
this way.

* Also set _POSIX_CPUTIME and _POSIX_THREAD

libc/libpthread: Add clock_getcpuclockid() and pthread_getcpuclockid().

* Adjust clock_gettime() and clock_getres() to accept values obtained
this way.

* Also set _POSIX_CPUTIME and _POSIX_THREAD_CPUTIME, although we should
really support values obtained by these functions in clock_settime()
too.

Based on and taken from FreeBSD's code.

Reviewed-by: sephe

show more ...

lwp: Add lwp_create2 syscll, which takes cpumask for scheduling.

lwp: Add two syscalls to set/get lwp's CPU affinity mask.

kernel: Mark some syscalls obsolete which are really libc functions.

kernel - Implement ppoll system call with precise microseconds timeout.

* Implement a maximum timeout of 2000s, because systimer(9) just accepts an
int timeout in microseconds.

* Add kern.kv_slee

kernel - Implement ppoll system call with precise microseconds timeout.

* Implement a maximum timeout of 2000s, because systimer(9) just accepts an
int timeout in microseconds.

* Add kern.kv_sleep_threshold sysctl variable for tuning the threshold for
the ppoll sleep duration (in nanoseconds), below which we will
busy-loop with DELAY instead of using tsleep for waiting.

show more ...

Add a kenv(2) system call for better handling of the kernel environment.

pthread: Add lwp_setname(2) and implement pthread_set_name_np(3)

- Return thread name through kinfo.
- Show thread name in ps(1) for 'Hc'.
- Show thread name in top(1), if it is different from proce

pthread: Add lwp_setname(2) and implement pthread_set_name_np(3)

- Return thread name through kinfo.
- Show thread name in ps(1) for 'Hc'.
- Show thread name in top(1), if it is different from process name.

show more ...

kernel: Fix three declarations of (obsolete) syscalls.

This mainly fixes some comments and strings in generated files.

socket: Add accept4 syscall and bump __DragonFly_version

Suggested-by: zrj on #dragonflybsd@efnet

i386 removal, part 8/x: Remove i386 DragonFly 1.2 compat kernel code.

Reclaim all the COMPAT_DF12 type syscalls since they never existed on
x86_64.

kernel - Add futimens()

* Add futimens()

* Consolidate the support function to kern_futimens().