kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restricti

kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restrictions
are inherited by sub-processes recursively. Once set, restrictions cannot
be removed.

Basic restrictions that mimic an unadorned jail can be enabled without
creating a jail, but generally speaking real security also requires
creating a chrooted filesystem topology, and a jail is still needed
to really segregate processes from each other. If you do so, however,
you can (for example) disable mount/umount and most global root-only
features.

* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)

* Add sys/caps.h

* Add the "setcaps" userland utility and manual page.

* Remove priv.9 and the priv_check infrastructure, replacing it with
a newly designed caps infrastructure.

* The intention is to add path restriction lists and similar features to
improve jailess security in the near future, and to optimize the
priv_check code.

show more ...

kernel - Refactor tty clist code

* Remove all the old cruft, completely rewrite the clist code to use
a single linear buffer and a FIFO mechanism.

* The linear buffer just uses 16-bit elements in

kernel - Refactor tty clist code

* Remove all the old cruft, completely rewrite the clist code to use
a single linear buffer and a FIFO mechanism.

* The linear buffer just uses 16-bit elements in order to record
TTY_QUOTE along with the character.

* Fixes bug in last commit (lack of global locks around global clist
caches) by removing the cache entirely.

show more ...

kernel - Refactor tty_token, fix SMP performance issues

* Remove most uses of tty_token in favor of per-tty tp->t_token.
This is particularly important for removing bottlenecks related to PTYs,

kernel - Refactor tty_token, fix SMP performance issues

* Remove most uses of tty_token in favor of per-tty tp->t_token.
This is particularly important for removing bottlenecks related to PTYs,
which are used all over the place. tty_token remains in a few places
managing overall registration and global list manipulation.

* tty structures are now required to be persistent. Implement a sepearate
ttyinit() function. Continue to allow ttyregister() and ttyunregister()
calls, but these no longer presume destruction of the structure.

* Refactor ttymalloc() to take a **tty pointer and interlock allocations.
Allocations are intended to be one-time. ttymalloc() only requires the
tty_token for initial allocations.

* Remove all critical section use that was combined with tty_token and
tp->t_token. Leave only the tokens. The critical sections were
hold-overs going all the way back to pre-SMP days.

* syscons now gets its own token, vga_token. The ISA VGA code and
the framebuffer code also now use this token instead of tty_token.

* The keyboard subsystem now uses kbd_token instead of tty_token.

* A few remaining serial-like devices (snp, nmdm) also get their own
tokens, as well as use the now required tp->t_token.

* Remove use of tty_token in the session management code. This fixes
a niggling performance path since sessions almost universally go
hand-in-hand with fork/exec/exit sequences. Instead we use the
already-existing per-hash session token.

show more ...

kernel: Move us to using M_NOWAIT and M_WAITOK for mbuf functions.

The main reason is that our having to use the MB_WAIT and MB_DONTWAIT
flags was a recurring issue when porting drivers from FreeBSD

kernel: Move us to using M_NOWAIT and M_WAITOK for mbuf functions.

The main reason is that our having to use the MB_WAIT and MB_DONTWAIT
flags was a recurring issue when porting drivers from FreeBSD because
it tended to get forgotten and the code would compile anyway with the
wrong constants. And since MB_WAIT and MB_DONTWAIT ended up as ocflags
for an objcache_get() or objcache_reclaimlist call (which use M_WAITOK
and M_NOWAIT), it was just one big converting back and forth with some
sanitization in between.

This commit allows M_* again for the mbuf functions and keeps the
sanitizing as it was before: when M_WAITOK is among the passed flags,
objcache functions will be called with M_WAITOK and when it is absent,
they will be called with M_NOWAIT. All other flags are scrubbed by the
MB_OCFLAG() macro which does the same as the former MBTOM().

Approved-by: dillon

show more ...

kernel/netgraph7: Use kprintf etc. directly instead of defining printf.

While here, remove some commented out code from dragonfly.h

In-discussion-with: nant

kernel/netgraph: Don't grab the tty_token around ldisc_{,de}register().

The functions already grab it themselves.

Pointed-out-by: nant

netgraph7/ng_tty: Remove two unused #define's.

netgraph7: Welcome ng_tty.