Remove "All Rights Reserved" from FreeBSD Foundation copyrights

These ones were unambiguous cases where the Foundation was the only
listed copyright holder.

Sponsored by: The FreeBSD Foundation

lib: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remov

lib: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/

Sponsored by: Netflix

show more ...

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix

show more ...

libcasper: Constify cap_sysctl_limit_mib() mib parameter

No functional change. Minor API change that is nicer for consumers. ABI is
identical; the routine never needed to modify the pointed to value

libcasper: Constify cap_sysctl_limit_mib() mib parameter

No functional change. Minor API change that is nicer for consumers. ABI is
identical; the routine never needed to modify the pointed to value.

Reviewed by: emaste, markj
Differential Revision: https://reviews.freebsd.org/D24319

show more ...

cap_sysctl: correct typo from r347534-ish

operation & ~limit where limit is a bool is clearly not what was intended,
given the line prior. Correct it to use the calculated mask for validation.

The

cap_sysctl: correct typo from r347534-ish

operation & ~limit where limit is a bool is clearly not what was intended,
given the line prior. Correct it to use the calculated mask for validation.

The cap_sysctl tests should now be functional again.

show more ...

MFHead @348740

Sponsored by: The FreeBSD Foundation

Add cap_sysctl(3) and cap_sysctlnametomib(3).

These complement cap_sysctlbyname(3) to provide a drop-in
replacement for the corresponding libc functions.

Also revise the libcap_sysctl limit interfa

Add cap_sysctl(3) and cap_sysctlnametomib(3).

These complement cap_sysctlbyname(3) to provide a drop-in
replacement for the corresponding libc functions.

Also revise the libcap_sysctl limit interface to provide access
to sysctls by MIB, and to avoid direct manipulation of nvlists
by the caller.

Reviewed by: oshogbo
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17854

show more ...

Remove "All Rights Reserved" from FreeBSD Foundation copyrights

These ones were unambiguous cases where the Foundation was the only
listed copyright holder.

Sponsored by: The FreeBSD Foundation

lib: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remov

lib: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/

Sponsored by: Netflix

show more ...

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix

show more ...

libcasper: Constify cap_sysctl_limit_mib() mib parameter

No functional change. Minor API change that is nicer for consumers. ABI is
identical; the routine never needed to modify the pointed to value

libcasper: Constify cap_sysctl_limit_mib() mib parameter

No functional change. Minor API change that is nicer for consumers. ABI is
identical; the routine never needed to modify the pointed to value.

Reviewed by: emaste, markj
Differential Revision: https://reviews.freebsd.org/D24319

show more ...

cap_sysctl: correct typo from r347534-ish

operation & ~limit where limit is a bool is clearly not what was intended,
given the line prior. Correct it to use the calculated mask for validation.

The

cap_sysctl: correct typo from r347534-ish

operation & ~limit where limit is a bool is clearly not what was intended,
given the line prior. Correct it to use the calculated mask for validation.

The cap_sysctl tests should now be functional again.

show more ...

MFHead @348740

Sponsored by: The FreeBSD Foundation

Add cap_sysctl(3) and cap_sysctlnametomib(3).

These complement cap_sysctlbyname(3) to provide a drop-in
replacement for the corresponding libc functions.

Also revise the libcap_sysctl limit interfa

Add cap_sysctl(3) and cap_sysctlnametomib(3).

These complement cap_sysctlbyname(3) to provide a drop-in
replacement for the corresponding libc functions.

Also revise the libcap_sysctl limit interface to provide access
to sysctls by MIB, and to avoid direct manipulation of nvlists
by the caller.

Reviewed by: oshogbo
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17854

show more ...

Introduce channel flags in libcasper.

Instead of passing flags (which describe a type of nvlist)
every send/recv we remember them in channel.
It's enough for use to extract them only during unwrap.

Introduce channel flags in libcasper.

Instead of passing flags (which describe a type of nvlist)
every send/recv we remember them in channel.
It's enough for use to extract them only during unwrap.
This simplify use of Casper.

Reviewed by: bruffer@, bcr@ (both man page)
Differential Revision: https://reviews.freebsd.org/D14196 (man page)

show more ...

Add SPDX tags for libcasper(3) and services.

MFC after: 2 weeks

Add flags to the Casper services.

CASPER_SERVICE_STDIO - Casper will not close the first three descriptors (stdin,
stdout and stderr) this can be helpful for debugging.
CASPER_SERVICE_FD -

Add flags to the Casper services.

CASPER_SERVICE_STDIO - Casper will not close the first three descriptors (stdin,
stdout and stderr) this can be helpful for debugging.
CASPER_SERVICE_FD - Capser will not close all other descriptors, this can
be useful for a filesystem service.

show more ...

Convert casperd(8) daemon to the libcasper.
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We

Convert casperd(8) daemon to the libcasper.
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.

Discussed with: pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by: drysdale@google.com, bdrewery
Approved by: pjd (mentor)
Differential Revision: https://reviews.freebsd.org/D4277

show more ...

Let the nv.h and dnv.h includes be only in sys directory.

Change consumers to include those files from sys.
Add duplicated files to ObsoleteFiles.

Approved by: pjd (mentor)

Please welcome casperd daemon. It (and its services) will be responsible for
giving access to functionality that is not available in capability mode
sandbox. The functionality can be precisely restri

Please welcome casperd daemon. It (and its services) will be responsible for
giving access to functionality that is not available in capability mode
sandbox. The functionality can be precisely restricted.

Start with the following services:
- system.dns - provides API compatible to:
- gethostbyname(3),
- gethostbyname2(3),
- gethostbyaddr(3),
- getaddrinfo(3),
- getnameinfo(3),
- system.grp - provides getgrent(3)-compatible API,
- system.pwd - provides getpwent(3)-compatible API,
- system.random - allows to obtain entropy from /dev/random,
- system.sysctl - provides sysctlbyname(3-compatible API.

Sponsored by: The FreeBSD Foundation

show more ...