Author: pjd
Date: Sat Aug 17 14:18:41 2013
New Revision: 254448
URL: http://svnweb.freebsd.org/changeset/base/254448
Log:
Regenerate after r254447.
Sponsored by: The FreeBSD Foundation
Modified:
head/sys/compat/freebsd32/freebsd32_proto.h
head/sys/compat/freebsd32/freebsd32_syscall.h
Author: pjd
Date: Sat Aug 17 14:55:31 2013
New Revision: 254453
URL: http://svnweb.freebsd.org/changeset/base/254453
Log:
Correct function name and return value.
Modified:
head/lib/libc/sys/cap_ioctls_limit.2
Modified: head/lib/libc/sys/cap_ioctls_limit.2
On Sun, Aug 04, 2013 at 01:24:45AM +0900, Hiroki Sato wrote:
Pawel Jakub Dawidek p...@freebsd.org wrote
in 201307032104.r63l4kee015...@svn.freebsd.org:
pj Author: pjd
pj Date: Wed Jul 3 21:04:20 2013
pj New Revision: 252603
pj URL: http://svnweb.freebsd.org/changeset/base/252603
pj
pj
On Wed, Jul 24, 2013 at 02:53:32PM +0200, Ulrich Spörlein wrote:
On Thu, 2013-07-18 at 22:11:27 +, Pawel Jakub Dawidek wrote:
Author: pjd
Date: Thu Jul 18 22:11:27 2013
New Revision: 253457
URL: http://svnweb.freebsd.org/changeset/base/253457
Log:
Close uniq(1
Author: pjd
Date: Thu Jul 18 21:56:10 2013
New Revision: 253456
URL: http://svnweb.freebsd.org/changeset/base/253456
Log:
- Make localtime(3) to work in sandbox.
- Move strerror(3) initialization to its own function.
Modified:
head/usr.bin/kdump/kdump.c
Modified:
Author: pjd
Date: Thu Jul 18 22:11:27 2013
New Revision: 253457
URL: http://svnweb.freebsd.org/changeset/base/253457
Log:
Close uniq(1) in the capability mode sandbox and limit descriptors using
capability rights.
Modified:
head/usr.bin/uniq/uniq.c
Modified: head/usr.bin/uniq/uniq.c
Author: pjd
Date: Sun Jul 7 21:19:53 2013
New Revision: 253004
URL: http://svnweb.freebsd.org/changeset/base/253004
Log:
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were
page to
recommend avoiding sysexits(3). As of now we are just sending mixed
signals and create confusion.
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http
for EX_TEMPFAIL when internal process exits.
That's not something user-visible, so nothing to document. Just FYI.
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http
Author: pjd
Date: Thu Jul 4 12:27:10 2013
New Revision: 252697
URL: http://svnweb.freebsd.org/changeset/base/252697
Log:
Fix dhclient for interfaces that are down. The discover_interfaces() function
that looks for interface skips interfaces that are not UP. We need to call
dhclient-script
)ip-i_gen);
For uintmax_t you also need to change %jd to %ju.
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://mobter.com
pgpk5O7tizXWK.pgp
Description: PGP
Author: pjd
Date: Wed Jul 3 20:28:33 2013
New Revision: 252596
URL: http://svnweb.freebsd.org/changeset/base/252596
Log:
Style cleanups.
Submitted by: Mariusz Zaborski osho...@freebsd.org
Sponsored by: Google Summer of Code 2013
Reviewed by: pjd
MFC after:1 month
Modified:
Author: pjd
Date: Wed Jul 3 20:42:10 2013
New Revision: 252598
URL: http://svnweb.freebsd.org/changeset/base/252598
Log:
Sandbox rwho(1) using capability mode and Capsicum capabilities.
rwho(1) gets only read-only access to /var/rwho/ directory.
Submitted by: Mariusz Zaborski
Author: pjd
Date: Wed Jul 3 20:44:47 2013
New Revision: 252599
URL: http://svnweb.freebsd.org/changeset/base/252599
Log:
Few more style nits.
MFC after:1 month
Modified:
head/usr.bin/rwho/rwho.c
Modified: head/usr.bin/rwho/rwho.c
Author: pjd
Date: Wed Jul 3 20:58:58 2013
New Revision: 252602
URL: http://svnweb.freebsd.org/changeset/base/252602
Log:
Style cleanups.
Submitted by: Mariusz Zaborski osho...@freebsd.org
Sponsored by: Google Summer of Code 2013
Reviewed by: pjd
MFC after:1 month
Modified:
Author: pjd
Date: Wed Jul 3 21:04:20 2013
New Revision: 252603
URL: http://svnweb.freebsd.org/changeset/base/252603
Log:
The whole sending functionality was implemented within signal handler,
which is very bad idea. Split sending and receiving in two processes,
which fixes this problem and
Author: pjd
Date: Wed Jul 3 21:07:02 2013
New Revision: 252605
URL: http://svnweb.freebsd.org/changeset/base/252605
Log:
Sandbox rwhod(8) receiver process using capability mode and Capsicum
capabilities.
rwhod(8) receiver can now only receive packages, write to /var/rwho/ directory
Author: pjd
Date: Wed Jul 3 21:41:35 2013
New Revision: 252612
URL: http://svnweb.freebsd.org/changeset/base/252612
Log:
MFp4: @229469:
Garbage-collect dead prototypes.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Modified:
head/sbin/dhclient/dhcpd.h
Author: pjd
Date: Wed Jul 3 21:45:29 2013
New Revision: 252614
URL: http://svnweb.freebsd.org/changeset/base/252614
Log:
MFp4 @229470:
Remove unused argument from send_packet().
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Modified:
head/sbin/dhclient/bpf.c
Author: pjd
Date: Wed Jul 3 21:49:10 2013
New Revision: 252615
URL: http://svnweb.freebsd.org/changeset/base/252615
Log:
MFp4 @229471:
Remove unused argument from assemble_hw_header().
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Modified:
head/sbin/dhclient/bpf.c
Author: pjd
Date: Wed Jul 3 21:53:54 2013
New Revision: 252616
URL: http://svnweb.freebsd.org/changeset/base/252616
Log:
MFp4 @229472:
Use the same type for 'from' and 'to' argument in send_packet().
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Modified:
Author: pjd
Date: Wed Jul 3 21:57:24 2013
New Revision: 252618
URL: http://svnweb.freebsd.org/changeset/base/252618
Log:
MFp4 @229473:
No caller checks send_packet() return value, so make it void.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Modified:
Author: pjd
Date: Wed Jul 3 21:58:26 2013
New Revision: 252619
URL: http://svnweb.freebsd.org/changeset/base/252619
Log:
MFp4 @229474:
iov_base field is 'void *' in FreeBSD, no need to cast.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Modified:
Author: pjd
Date: Wed Jul 3 22:01:52 2013
New Revision: 252620
URL: http://svnweb.freebsd.org/changeset/base/252620
Log:
MFp4 @229476,229478:
Make use of two fields: rfdesc and wfdesc to keep bpf descriptor open for
reading only in rfdesc and bpf descriptor open for writing only in
Author: pjd
Date: Wed Jul 3 22:03:19 2013
New Revision: 252621
URL: http://svnweb.freebsd.org/changeset/base/252621
Log:
Remove redundant white-spaces.
Modified:
head/sbin/dhclient/dhclient.c
Modified: head/sbin/dhclient/dhclient.c
Author: pjd
Date: Wed Jul 3 22:05:36 2013
New Revision: 252623
URL: http://svnweb.freebsd.org/changeset/base/252623
Log:
MFp4 @229477:
The gethostname(3) function won't work in capability mode, because reading
kern.hostname sysctl is not permitted there. Cache hostname early and use
Author: pjd
Date: Wed Jul 3 22:07:55 2013
New Revision: 252624
URL: http://svnweb.freebsd.org/changeset/base/252624
Log:
MFp4 @229479:
- Add new request (IMSG_SEND_PACKET) that will be handled by privileged
process.
- Add $FreeBSD$.
Reviewed by: brooks
Sponsored by: The FreeBSD
Author: pjd
Date: Wed Jul 3 22:09:02 2013
New Revision: 252625
URL: http://svnweb.freebsd.org/changeset/base/252625
Log:
MFp4 @229480:
Shutdown write direction of the routing socket. We only need to read from it.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Modified:
Author: pjd
Date: Wed Jul 3 22:12:54 2013
New Revision: 252626
URL: http://svnweb.freebsd.org/changeset/base/252626
Log:
MFp4 @229481:
Currently it was allowed to send any UDP packets from unprivileged process and
possibly any packets because /dev/bpf was open for writing.
Move
Author: pjd
Date: Wed Jul 3 22:16:02 2013
New Revision: 252628
URL: http://svnweb.freebsd.org/changeset/base/252628
Log:
MFp4 @229482:
- Limit bpf descriptor in unprivileged process to CAP_POLL_EVENT, CAP_READ and
allow for SIOCGIFFLAGS, SIOCGIFMEDIA ioctls.
- While here limit bpf
Author: pjd
Date: Wed Jul 3 22:17:29 2013
New Revision: 252629
URL: http://svnweb.freebsd.org/changeset/base/252629
Log:
MFp4 @229483:
Limit communication pipe with privileged process to CAP_READ and CAP_WRITE.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Modified:
Author: pjd
Date: Wed Jul 3 22:18:40 2013
New Revision: 252630
URL: http://svnweb.freebsd.org/changeset/base/252630
Log:
MFp4 @229484:
Limit routing socket so only poll(2) and read(2) are allowed (CAP_POLL_EVENT
and CAP_READ). This prevents unprivileged process from adding, removing or
Author: pjd
Date: Wed Jul 3 22:19:43 2013
New Revision: 252631
URL: http://svnweb.freebsd.org/changeset/base/252631
Log:
MFp4 @229485:
Only allow to overwrite lease file.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Modified:
head/sbin/dhclient/dhclient.c
Modified:
Author: pjd
Date: Wed Jul 3 22:21:11 2013
New Revision: 252632
URL: http://svnweb.freebsd.org/changeset/base/252632
Log:
MFp4 @229486:
Once PID is written to the pidfile, revoke all capability rights.
We just want to keep the pidfile open.
Reviewed by: brooks
Sponsored by: The
Author: pjd
Date: Wed Jul 3 22:22:29 2013
New Revision: 252633
URL: http://svnweb.freebsd.org/changeset/base/252633
Log:
MFp4 @229487:
Revoke all capability rights from STDIN and allow only for write to STDOUT and
STDERR. All those descriptors are redirected to /dev/null.
Reviewed
Author: pjd
Date: Wed Jul 3 22:23:25 2013
New Revision: 252634
URL: http://svnweb.freebsd.org/changeset/base/252634
Log:
MFp4 @229488:
Sandbox unprivileged process using capability mode.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Modified:
On Sun, Jun 16, 2013 at 11:42:21AM +0200, Ed Schouten wrote:
Hello Pawel,
2013/6/16 Pawel Jakub Dawidek p...@freebsd.org:
Hmm, I don't like HAST to be a victim of bad LLVM import. This is not
the kind of software you run on HEAD (so it might go unnoticed
initially) and this is the kind
= atomic_fetchadd_int(count, -1);
+ old = atomic_fetch_sub(count, 1);
PJDLOG_ASSERT(old 0);
return (old - 1);
}
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http
, vfs_unmounted_notify_fn);
+
+/*
* exported vnode operations
*/
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://mobter.com
pgpXcc1e1ayC7.pgp
Description: PGP
?
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://mobter.com
pgp1W2We0R_xJ.pgp
Description: PGP signature
Author: pjd
Date: Thu May 30 21:59:29 2013
New Revision: 251167
URL: http://svnweb.freebsd.org/changeset/base/251167
Log:
If the -r option is given we cannot enter capability mode.
The option tells kdump to convert numeric UIDs and GIDs into user and
group names plus to convert times and
== 1) {
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://mobter.com
pgpIbqUq_8h_o.pgp
Description: PGP signature
Author: pjd
Date: Wed May 29 07:17:51 2013
New Revision: 251100
URL: http://svnweb.freebsd.org/changeset/base/251100
Log:
Release Steven Hartland (smh) from mentorship. He is ready to face the world
on
his own. Kids, they grow up so fast... :)
Discussed with: avg (co-mentor)
On Wed, May 29, 2013 at 02:36:17PM +0200, Dag-Erling Smørgrav wrote:
Pawel Jakub Dawidek p...@freebsd.org writes:
Which library is needed for AES-NI? I don't see any engine in /usr/lib/
that implements AES-NI support. Could you be more specific?
Ah, you're right. Bryan (cc:ed) did
On Wed, May 29, 2013 at 05:03:05PM +0200, Dag-Erling Smørgrav wrote:
Pawel Jakub Dawidek p...@freebsd.org writes:
AES-NI doesn't have to go through kernel at all and doing so is much
slower. Not sure if our OpenSSL version already has native AES-NI
support. If not it would be best
Author: pjd
Date: Tue May 28 21:21:46 2013
New Revision: 251072
URL: http://svnweb.freebsd.org/changeset/base/251072
Log:
MFp4 @229085:
Rearrange the code so we don't call ioctl(TIOCGWINSZ) if the -s option is
given,
as the result won't be used then.
Sponsored by: The FreeBSD
Author: pjd
Date: Tue May 28 21:25:28 2013
New Revision: 251073
URL: http://svnweb.freebsd.org/changeset/base/251073
Log:
MFp4 @229086:
Make use of Capsicum to protect kdump(1), as it might be used to parse data
from untrusted sources:
- Sandbox kdump(1) using capability mode.
-
that it is really ugly and without any comment it looks
like a typo.
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://mobter.com
pgpahmTMR4yYA.pgp
Description: PGP
Author: pjd
Date: Thu May 23 21:07:26 2013
New Revision: 250944
URL: http://svnweb.freebsd.org/changeset/base/250944
Log:
Use proper malloc type for ioctls white-list.
Reported by: pho
Tested by:pho
Modified:
head/sys/kern/sys_capability.c
Modified:
Author: pjd
Date: Sun May 19 23:28:28 2013
New Revision: 250816
URL: http://svnweb.freebsd.org/changeset/base/250816
Log:
Protect SDT_PROBE() with do { } while (0) loop.
Modified:
head/sys/sys/sdt.h
Modified: head/sys/sys/sdt.h
Author: pjd
Date: Sun May 19 23:29:22 2013
New Revision: 250817
URL: http://svnweb.freebsd.org/changeset/base/250817
Log:
Use SDT_PROBE1() instead of SDT_PROBE().
Modified:
head/sys/kern/kern_priv.c
Modified: head/sys/kern/kern_priv.c
Author: pjd
Date: Sun May 19 23:30:24 2013
New Revision: 250818
URL: http://svnweb.freebsd.org/changeset/base/250818
Log:
Style nits.
Modified:
head/sys/kern/kern_priv.c
Modified: head/sys/kern/kern_priv.c
==
---
. It looks both solutions work for me and I
personally prefer the second one.
Me too.
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://mobter.com
pgpMSHj2QWPrW.pgp
)
@@ -2281,6 +2281,8 @@ retry_space:
}
}
+ VOP_UNLOCK(vp, 0);
+
/* Add the buffer chain to the socket buffer. */
if (m != NULL) {
int mlen, err;
--
Pawel Jakub Dawidek http
On Mon, May 06, 2013 at 11:05:30PM +0300, Konstantin Belousov wrote:
On Mon, May 06, 2013 at 08:16:11PM +0200, Pawel Jakub Dawidek wrote:
On Sun, Apr 28, 2013 at 07:12:09PM +, Konstantin Belousov wrote:
Author: kib
Date: Sun Apr 28 19:12:09 2013
New Revision: 250027
URL: http
Author: pjd
Date: Wed Apr 17 21:08:18 2013
New Revision: 249594
URL: http://svnweb.freebsd.org/changeset/base/249594
Log:
Style cleanups.
Modified:
head/tools/regression/pjdfstest/pjdfstest.c
Modified: head/tools/regression/pjdfstest/pjdfstest.c
Author: pjd
Date: Tue Apr 16 12:31:16 2013
New Revision: 249547
URL: http://svnweb.freebsd.org/changeset/base/249547
Log:
Correct error message.
Reported by: Dirk Engling erdge...@erdgeist.org
Modified:
head/cddl/contrib/opensolaris/lib/libzfs/common/libzfs_dataset.c
Modified:
() are unlikely to fail, [...]
They are very likely to fail when the process is sandboxed.
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://tupytaj.pl
Author: pjd
Date: Fri Mar 22 07:40:34 2013
New Revision: 248610
URL: http://svnweb.freebsd.org/changeset/base/248610
Log:
- Constify local path variable for chflagsat().
- Use correct format characters (%lx) for u_long.
This fixes the build broken in r248599.
Modified:
* 1000);
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://tupytaj.pl
pgpGoEyXtPkv1.pgp
Description: PGP signature
On Thu, Mar 21, 2013 at 05:30:44PM +0100, Pawel Jakub Dawidek wrote:
On Tue, Mar 19, 2013 at 03:01:51PM +, Konstantin Belousov wrote:
Author: kib
Date: Tue Mar 19 15:01:50 2013
New Revision: 248519
URL: http://svnweb.freebsd.org/changeset/base/248519
Log:
Support unmapped i/o
Author: pjd
Date: Thu Mar 21 22:44:33 2013
New Revision: 248597
URL: http://svnweb.freebsd.org/changeset/base/248597
Log:
- Make 'flags' argument to chflags(2), fchflags(2) and lchflags(2) of type
u_long. Before this change it was of type int for syscalls, but prototypes
in sys/stat.h
Author: pjd
Date: Thu Mar 21 22:47:03 2013
New Revision: 248598
URL: http://svnweb.freebsd.org/changeset/base/248598
Log:
Regenerate after r248597.
Sponsored by: The FreeBSD Foundation
Modified:
head/sys/compat/freebsd32/freebsd32_systrace_args.c
head/sys/kern/systrace_args.c
Author: pjd
Date: Thu Mar 21 22:59:01 2013
New Revision: 248599
URL: http://svnweb.freebsd.org/changeset/base/248599
Log:
Implement chflagsat(2) system call, similar to fchmodat(2), but operates on
file flags.
Reviewed by: kib, jilles
Sponsored by: The FreeBSD Foundation
Modified:
Author: pjd
Date: Thu Mar 21 23:02:19 2013
New Revision: 248600
URL: http://svnweb.freebsd.org/changeset/base/248600
Log:
Regenerate after r248599.
Sponsored by: The FreeBSD Foundation
Modified:
head/sys/compat/freebsd32/freebsd32_proto.h
head/sys/compat/freebsd32/freebsd32_syscall.h
Author: pjd
Date: Thu Mar 21 23:05:44 2013
New Revision: 248601
URL: http://svnweb.freebsd.org/changeset/base/248601
Log:
Document chflagsat(2).
Obtained from:jilles
Modified:
head/lib/libc/sys/Makefile.inc
head/lib/libc/sys/cap_rights_limit.2
head/lib/libc/sys/chflags.2
Author: pjd
Date: Thu Mar 21 23:07:04 2013
New Revision: 248603
URL: http://svnweb.freebsd.org/changeset/base/248603
Log:
Update regression tests after adding chflagsat(2).
Sponsored by: The FreeBSD Foundation
Modified:
head/tools/regression/pjdfstest/Makefile
Author: pjd
Date: Mon Mar 18 21:11:31 2013
New Revision: 248475
URL: http://svnweb.freebsd.org/changeset/base/248475
Log:
Reduce stack usage.
Modified:
head/sbin/geom/class/eli/geom_eli.c
Modified: head/sbin/geom/class/eli/geom_eli.c
Author: pjd
Date: Sat Mar 16 22:36:24 2013
New Revision: 248386
URL: http://svnweb.freebsd.org/changeset/base/248386
Log:
Style: Remove redundant space.
Modified:
head/sys/kern/vfs_syscalls.c
Modified: head/sys/kern/vfs_syscalls.c
Author: pjd
Date: Sat Mar 16 22:37:30 2013
New Revision: 248387
URL: http://svnweb.freebsd.org/changeset/base/248387
Log:
Style: Whitespace fixes.
Modified:
head/sys/kern/vfs_syscalls.c
Modified: head/sys/kern/vfs_syscalls.c
Author: pjd
Date: Sat Mar 16 22:44:14 2013
New Revision: 248391
URL: http://svnweb.freebsd.org/changeset/base/248391
Log:
Add a note to the HISTORY section about lchflags(2) being introduced in
FreeBSD 5.0.
Modified:
head/lib/libc/sys/chflags.2
Modified: head/lib/libc/sys/chflags.2
Author: pjd
Date: Sat Mar 16 23:10:40 2013
New Revision: 248394
URL: http://svnweb.freebsd.org/changeset/base/248394
Log:
The mode argument for open(2)/openat(2) only makes sense if the O_CREAT flag
was given.
Sponsored by: The FreeBSD Foundation
Modified:
Author: pjd
Date: Sat Mar 16 23:13:49 2013
New Revision: 248396
URL: http://svnweb.freebsd.org/changeset/base/248396
Log:
Update the tests now that absence of the O_APPEND flag requires CAP_SEEK
capability. Add some more tests.
Sponsored by: The FreeBSD Foundation
Modified:
Author: pjd
Date: Sat Mar 16 23:19:13 2013
New Revision: 248397
URL: http://svnweb.freebsd.org/changeset/base/248397
Log:
Require CAP_SEEK if both O_APPEND and O_TRUNC flags are absent.
In other words we don't require CAP_SEEK if either O_APPEND or O_TRUNC flag is
given, because O_APPEND
Author: pjd
Date: Fri Mar 15 23:00:13 2013
New Revision: 248359
URL: http://svnweb.freebsd.org/changeset/base/248359
Log:
Sort syscalls properly.
Modified:
head/sys/kern/capabilities.conf
Modified: head/sys/kern/capabilities.conf
Author: pjd
Date: Thu Mar 14 20:22:52 2013
New Revision: 248281
URL: http://svnweb.freebsd.org/changeset/base/248281
Log:
When pidptr was passed as NULL to pidfile_open(3), we were returning
EAGAIN/EWOULDBLOCK when another daemon was running and had the pidfile open.
We should return EEXIST
Author: pjd
Date: Thu Mar 14 21:21:14 2013
New Revision: 248286
URL: http://svnweb.freebsd.org/changeset/base/248286
Log:
Removed redundant includes.
Modified:
head/sbin/hastctl/hastctl.c
Modified: head/sbin/hastctl/hastctl.c
Author: pjd
Date: Thu Mar 14 23:03:48 2013
New Revision: 248294
URL: http://svnweb.freebsd.org/changeset/base/248294
Log:
Delete requests can be larger than MAXPHYS.
Modified:
head/sbin/hastd/secondary.c
Modified: head/sbin/hastd/secondary.c
Author: pjd
Date: Thu Mar 14 23:07:01 2013
New Revision: 248295
URL: http://svnweb.freebsd.org/changeset/base/248295
Log:
We don't need buffer to handle BIO_DELETE, so don't check buffer size for it.
This fixes handling BIO_DELETE larger than MAXPHYS.
Modified:
head/sys/geom/gate/g_gate.c
Author: pjd
Date: Thu Mar 14 23:11:52 2013
New Revision: 248296
URL: http://svnweb.freebsd.org/changeset/base/248296
Log:
Minor corrections.
Modified:
head/sbin/hastd/hastd.8
Modified: head/sbin/hastd/hastd.8
==
---
Author: pjd
Date: Thu Mar 14 23:14:47 2013
New Revision: 248297
URL: http://svnweb.freebsd.org/changeset/base/248297
Log:
Now that ioctl(2) is allowed in capability mode and we can limit ioctls for
the
given descriptors, use Capsicum sandboxing for hastd in primary and secondary
modes.
Author: pjd
Date: Fri Mar 15 00:10:38 2013
New Revision: 248304
URL: http://svnweb.freebsd.org/changeset/base/248304
Log:
Make file name generation to work with both new and old versions of OpenSSL.
Sponsored by: The FreeBSD Foundation
Modified:
On Wed, Mar 13, 2013 at 11:08:26AM -0400, John Baldwin wrote:
On Tuesday, March 12, 2013 5:09:21 pm Pawel Jakub Dawidek wrote:
On Mon, Mar 04, 2013 at 09:18:45PM +, Kenneth D. Merry wrote:
Author: ken
Date: Mon Mar 4 21:18:45 2013
New Revision: 247814
URL: http
On Wed, Mar 13, 2013 at 03:23:13PM -0600, Kenneth D. Merry wrote:
On Wed, Mar 13, 2013 at 22:09:51 +0100, Pawel Jakub Dawidek wrote:
On Wed, Mar 13, 2013 at 11:08:26AM -0400, John Baldwin wrote:
On Tuesday, March 12, 2013 5:09:21 pm Pawel Jakub Dawidek wrote:
On Mon, Mar 04, 2013 at 09
sysctl/tunable names and the consensus was, AFAIR, to
use positive(?) names as they are more obvious.
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http
Author: pjd
Date: Mon Mar 11 22:59:07 2013
New Revision: 248176
URL: http://svnweb.freebsd.org/changeset/base/248176
Log:
Fix memory leak when one process send descriptor over UNIX domain socket,
but the other process exited before receiving it.
Modified:
head/sys/kern/uipc_usrreq.c
Author: pjd
Date: Sun Mar 3 23:23:35 2013
New Revision: 247736
URL: http://svnweb.freebsd.org/changeset/base/247736
Log:
Plug memory leaks in file descriptors passing.
Modified:
head/sys/kern/kern_descrip.c
head/sys/kern/uipc_usrreq.c
head/sys/sys/filedesc.h
Modified:
Author: pjd
Date: Sun Mar 3 23:25:45 2013
New Revision: 247737
URL: http://svnweb.freebsd.org/changeset/base/247737
Log:
Use dedicated malloc type for filecaps-related data, so we can detect any
memory leaks easier.
Modified:
head/sys/kern/kern_descrip.c
Modified:
Author: pjd
Date: Sat Mar 2 09:58:47 2013
New Revision: 247617
URL: http://svnweb.freebsd.org/changeset/base/247617
Log:
If the target file already exists, check for the CAP_UNLINKAT capabiity right
on the target directory descriptor, but only if this is renameat(2) and real
target
was written by Pawel Jakub Dawidek under sponsorship
from
+.\ the FreeBSD Foundation.
+.\
+.\ Redistribution and use in source and binary forms, with or without
+.\ modification, are permitted provided that the following conditions
+.\ are met:
+.\ 1. Redistributions of source code must retain the above
Author: pjd
Date: Sat Mar 2 21:12:54 2013
New Revision: 247668
URL: http://svnweb.freebsd.org/changeset/base/247668
Log:
Regen after r247667.
Modified:
head/sys/compat/freebsd32/freebsd32_proto.h
head/sys/compat/freebsd32/freebsd32_syscall.h
Author: pjd
Date: Sat Mar 2 21:16:40 2013
New Revision: 247669
URL: http://svnweb.freebsd.org/changeset/base/247669
Log:
Add support for bindat(2) and connectat(2).
Sponsored by: The FreeBSD Foundation
Modified:
head/tools/regression/pjdfstest/Makefile
Author: pjd
Date: Sat Mar 2 23:40:42 2013
New Revision: 247676
URL: http://svnweb.freebsd.org/changeset/base/247676
Log:
If all ioctls are allowed, cap_ioctls_get(2) will return CAP_IOCTLS_ALL.
Update regression tests.
Modified:
head/tools/regression/capsicum/syscalls/cap_ioctls_limit.c
Author: pjd
Date: Fri Mar 1 21:57:02 2013
New Revision: 247584
URL: http://svnweb.freebsd.org/changeset/base/247584
Log:
Reduce lock scope a little.
Modified:
head/sys/kern/vfs_syscalls.c
Modified: head/sys/kern/vfs_syscalls.c
Author: pjd
Date: Fri Mar 1 21:58:56 2013
New Revision: 247586
URL: http://svnweb.freebsd.org/changeset/base/247586
Log:
Remove unnecessary variables.
Modified:
head/sys/kern/vfs_vnops.c
Modified: head/sys/kern/vfs_vnops.c
added)
+++ head/lib/libc/gen/cap_sandboxed.3 Sat Mar 2 00:11:27 2013
(r247598)
@@ -0,0 +1,70 @@
+.\ Copyright (c) 2012 The FreeBSD Foundation
+.\ All rights reserved.
+.\
+.\ This documentation was written by Pawel Jakub Dawidek under sponsorship
+.\ from the FreeBSD Foundation
file is newly added)
+++ head/lib/libc/sys/cap_fcntls_limit.2Sat Mar 2 00:53:12 2013
(r247602)
@@ -0,0 +1,127 @@
+.\
+.\ Copyright (c) 2012 The FreeBSD Foundation
+.\ All rights reserved.
+.\
+.\ This documentation was written by Pawel Jakub Dawidek under sponsorship
+.\ the FreeBSD
Author: pjd
Date: Sat Mar 2 00:55:09 2013
New Revision: 247604
URL: http://svnweb.freebsd.org/changeset/base/247604
Log:
Regen after r247602.
Modified:
head/sys/compat/freebsd32/freebsd32_proto.h
head/sys/compat/freebsd32/freebsd32_syscall.h
.
*
+ * Portions of this software were developed by Pawel Jakub Dawidek under
+ * sponsorship from the FreeBSD Foundation.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -43,6 +47,7 @@ __FBSDID
The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * This software was developed by Pawel Jakub Dawidek under sponsorship from
+ * the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
201 - 300 of 1570 matches
Mail list logo