kernel - Add per-process capability-based restrictions* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed. Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features.* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)* Add sys/caps.h* Add the "setcaps" userland utility and manual page.* Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure.* The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
show more ...
finger - Take into account terminal session ID* The 'w' command tries to figure out what process is running on a TTY line and emit that as part of its output. Update its heuristics to select th
finger - Take into account terminal session ID* The 'w' command tries to figure out what process is running on a TTY line and emit that as part of its output. Update its heuristics to select the "most interesting" process.Reported-by: dancrossnycBug-report: #3260
uptime - Use CLOCK_UPTIME to calculate uptime* Use CLOCK_UPTIME instead of subtracting the current realtime from boottime.* Fixes broken uptimes after time is set.Reported-by: tuxillo, others
world: Staticize various variables and also remove a couple of unused ones.
Adjust numerous manual pages, scripts and Makefiles for the utmp removal.Also remove /var/run/utmp and /var/log/lastlog via 'make upgrade'. Keepany /var/log/wtmp and /var/log/wtmp.* files in case
Adjust numerous manual pages, scripts and Makefiles for the utmp removal.Also remove /var/run/utmp and /var/log/lastlog via 'make upgrade'. Keepany /var/log/wtmp and /var/log/wtmp.* files in case the user wants toconvert them with wtmpcvt(1).
w(1): Switch to utmpx. Drop utmp support.
build - prepare for higher optimization levels* Add NO_STRICT_ALIASING, NO_STRICT_OVERFLOW, and NO_WARRAY_BOUNDS make variables as-needed.
Remove advertising header from usr.bin/Correct BSD License clause numbering from 1-2-4 to 1-2-3.
w(1): Use NELEM(), raise WARNS to 3.
w(1): inet_addr() returns INADDR_NONE upon failure.
w(1): Limit affect of locale changeIn essence, w(1) is not designed to be locale sensitive. The majorityof the outputted text is exclusively English. However, it does checkthe locale for the AM
w(1): Limit affect of locale changeIn essence, w(1) is not designed to be locale sensitive. The majorityof the outputted text is exclusively English. However, it does checkthe locale for the AM/PM setting (12 hour vs 24 hour clock) and thedecimal separator.Given that w(1) is designed for English, it only provides enough spaceto accommodate "AM" or "PM". When other locales are used(e.g. de_DE.UTF-8) the output is simply truncated and confusing.Let's keep the 12-hour clock labels in the same language as the restof the program by forcing strftime to use the C/POSIX locale. Usinglocales still affects am/pm presence and the decimal separator asoriginally intended.
Correct BSD License clause numbering from 1-2-4 to 1-2-3.Apparently everyone's doing it:http://svnweb.freebsd.org/base?view=revision&revision=251069Submitted-by: "Eitan Adler" <lists at eitanadl
Correct BSD License clause numbering from 1-2-4 to 1-2-3.Apparently everyone's doing it:http://svnweb.freebsd.org/base?view=revision&revision=251069Submitted-by: "Eitan Adler" <lists at eitanadler.com>
Remove advertising header from man pages.By: Eitan Adler <lists@eitanadler.com>
Remove advertising header from all userland binaries.From: Eitan Adler <lists@eitanadler.com>
utmpx - Bring in utmpx,wtmpx and lastlogx support* This commit introduces the necessary support for utmpx, wtmpx and lastlogx, as well as updating many base utils to work with these while mostl
utmpx - Bring in utmpx,wtmpx and lastlogx support* This commit introduces the necessary support for utmpx, wtmpx and lastlogx, as well as updating many base utils to work with these while mostly maintaining compatibility with the old utmp, wtmp and lastlog.* The new last(1) supports wtmpx but defaults to wtmp as not all wtmp writers have been updated for wtmpx.* All utmp readers support both utmp and utmpx now.* lastlogin (the only lastlog reader) supports both lastlog and lastlogx.* The utils who(1) and finger have been almost directly replaced by their NetBSD equivalent. In case of who(1) the only custom modification is the behaviour of '-b' to be as it has always been.* Partially-Obtained-from: NetBSD
buildworld - Fix breakage* More cases where sys/user.h is not included early enough.Reported-by: swildner
Remove some unnecessary casts.
Rename /kernel and /module to /boot/kernel and /boot/module where appropriate.
Use .Pa
Pull WARNS6 into usr.bin/Makefile.inc.Most of usr.bin is marked as WARNS6, so add exceptions in individualMakefiles. Also, remove any warning flags from CFLAGS in those Makefiles.
1:1 Userland threading stage 2.15/4:Drop P_ZOMBIE and make SZOMB a real state again.
1:1 Userland threading stage 2.13/4:Move P_SINTR and P_BREAKTSLEEP into lwp_flag.Introduce proc_stop and proc_unstop to handle the transition of a complete procto and from stopped state. This i
1:1 Userland threading stage 2.13/4:Move P_SINTR and P_BREAKTSLEEP into lwp_flag.Introduce proc_stop and proc_unstop to handle the transition of a complete procto and from stopped state. This is influenced by NetBSD.
1:1 Userland threading stage 2.12/4:Factor out lwp_stat and move P_STOPPED into p_stat.Reviewed-by: Thomas E. Spanjaard <tgen@netphreax.net>
Change kinfo_proc interface between kernel and userland.Before, we were embedding a struct proc (among others) into structkinfo_proc. Every time we change implementation details in the kernel,us
Change kinfo_proc interface between kernel and userland.Before, we were embedding a struct proc (among others) into structkinfo_proc. Every time we change implementation details in the kernel,userland has to be adapted (recompiled). In preparation for the comingLWP changes this interface has been reworked. Now kinfo_proc is astructure which does not depend on other structures on the kernel whichare subject to change. Instead, the routines fill_kinfo_proc andfill_kinfo_lwp copy all values which are of interest between the kernelstructure and the stable kinfo_proc structure.Furthermore, this change adds infrastructure to export LWP-specific data.If userland requests LWP data, it sets the flag KERN_PROC_FLAG_LWP in thesysctl oid. This leads to multiple kinfo_procs being exported. If notset, the first LWP will used. This is like FreeBSD do it, and it seemseasy and simple. Note that userland was not yet adjusted to actuallyrequest LWPs and aggregate this information if necessary. Besides, thekernel does not yet have more than one LWP per process anyways.This introduces a new file, kern/kern_kinfo.c, which is shared betweenkernel and libkvm. This was done to avoid and remove code duplication.Now kvm_getprocs constructs a complete struct proc, including pointers,and then calls fill_kinfo_proc to do its job.In-collaboration-with: Thomas E. Spanjaard <tgen@netphreax.net>
Sweep-fix man page section order to match mdoc(7), part 4/5.Note: I haven't touched the few man pages that are still using the old man(7) macros. They will be converted to mdoc later.
12