sys: Add cap_pdwait_rights

Suggested by: asomers
Reviewed by: asomers, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/

sys: Add cap_pdwait_rights

Suggested by: asomers
Reviewed by: asomers, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54592

show more ...

vfs: Initial revision of inotify

Add an implementation of inotify_init(), inotify_add_watch(),
inotify_rm_watch(), source-compatible with Linux. This provides
functionality similar to kevent(2)'s E

vfs: Initial revision of inotify

Add an implementation of inotify_init(), inotify_add_watch(),
inotify_rm_watch(), source-compatible with Linux. This provides
functionality similar to kevent(2)'s EVFILT_VNODE, i.e., it lets
applications monitor filesystem files for accesses. Compared to
inotify, however, EVFILT_VNODE has the limitation of requiring the
application to open the file to be monitored. This means that activity
on a newly created file cannot be monitored reliably, and that a file
descriptor per file in the hierarchy is required.

inotify on the other hand allows a directory and its entries to be
monitored at once. It introduces a new file descriptor type to which
"watches" can be attached; a watch is a pseudo-file descriptor
associated with a file or directory and a set of events to watch for.
When a watched vnode is accessed, a description of the event is queued
to the inotify descriptor, readable with read(2). Events for files in a
watched directory include the file name.

A watched vnode has its usecount bumped, so name cache entries
originating from a watched directory are not evicted. Name cache
entries are used to populate inotify events for files with a link in a
watched directory. In particular, if a file is accessed with, say,
read(2), an IN_ACCESS event will be generated for any watched hard link
of the file.

The inotify_add_watch_at() variant is included so that this
functionality is available in capability mode; plain inotify_add_watch()
is disallowed in capability mode.

When a file in a nullfs mount is watched, the watch is attached to the
lower vnode, such that accesses via either layer generate inotify
events.

Many thanks to Gleb Popov for testing this patch and finding lots of
bugs.

PR: 258010, 215011
Reviewed by: kib
Tested by: arrowd
MFC after: 3 months
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D50315

show more ...

machine/stdarg.h -> sys/stdarg.h

Switch to using sys/stdarg.h for va_list type and va_* builtins.

Make an attempt to insert the include in a sensible place. Where
style(9) was followed this is eas

machine/stdarg.h -> sys/stdarg.h

Switch to using sys/stdarg.h for va_list type and va_* builtins.

Make an attempt to insert the include in a sensible place. Where
style(9) was followed this is easy, where it was ignored, aim for the
first block of sys/*.h headers and don't get too fussy or try to fix
other style bugs.

Reviewed by: imp
Exp-run by: antoine (PR 286274)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1595

show more ...

capsicum: Statically initialize commonly used capability rights

Rather than initializing all of these sets during boot, define a macro
which can do so at compile-time. This lets us get rid of the s

capsicum: Statically initialize commonly used capability rights

Rather than initializing all of these sets during boot, define a macro
which can do so at compile-time. This lets us get rid of the silly
sysinit and furthermore allows the sets to live in .rodata, where they
ought to be anyway.

The CAP_RIGHTS_INITIALIZER2 macro can create a set out of up to two
capsicum rights. This could be made more general, but we currently
don't have any use for a more abstract implementation, so just keep it
simple for now.

Also remove the unused cap_chflags_rights symbol.

No functional change intended.

Reviewed by: olce, oshogbo, kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D50420

show more ...

Add fchroot(2)

This is similar to chroot(2), but takes a file descriptor instead
of path. Same syscall exists in NetBSD and Solaris. It is part of a larger
patch to make absolute pathnames usable

Add fchroot(2)

This is similar to chroot(2), but takes a file descriptor instead
of path. Same syscall exists in NetBSD and Solaris. It is part of a larger
patch to make absolute pathnames usable in Capsicum mode, but should
be useful in other contexts too.

Reviewed By: brooks
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D41564

show more ...

capsicum: introduce cap_rights_is_empty Function

Before this commit, we only had the capability to check if a specific
capability was set (using cap_rights_is_set function). However, there
was no ef

capsicum: introduce cap_rights_is_empty Function

Before this commit, we only had the capability to check if a specific
capability was set (using cap_rights_is_set function). However, there
was no efficient method to determine if a cap_rights_t structure doesn't
contain any capability. The cap_rights_is_empty function addresses
this gap.

PR: 275330
Reported by: vini.ipsmaker@gmail.com
Reviewed by: emaste, markj
Differential Revision: https://reviews.freebsd.org/D42780

show more ...

sys: Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix

show more ...

Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights

These ones were unambiguous cases where the Foundation was the only
listed copyright holder (in the associated license block).

S

Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights

These ones were unambiguous cases where the Foundation was the only
listed copyright holder (in the associated license block).

Sponsored by: The FreeBSD Foundation

show more ...

Remove unused SYSINIT macros for capability rights.

Static rights are initialized in cap_rights_sysinit().

MFC after: 1 week

Merge ^/head r357931 through r357965.

capsicum: use new helpers

Merge ^/head r357662 through r357854.

capsicum: restore the cap_rights_contains symbol

It is expected to be provided by libc.

PR: 244033
Reported by: Jan Kokemueller

Merge ^/head r357408 through r357661.

capsicum: faster cap_rights_contains

Instead of doing a 2 iteration loop (determined at runeimt), take advantage
of the fact that the size is already known.

While here provdie cap_check_inline so t

capsicum: faster cap_rights_contains

Instead of doing a 2 iteration loop (determined at runeimt), take advantage
of the fact that the size is already known.

While here provdie cap_check_inline so that fget_unlocked does not have to
do a function call.

Verified with the capsicum suite /usr/tests.

show more ...

sys: Add cap_pdwait_rights

Suggested by: asomers
Reviewed by: asomers, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/

sys: Add cap_pdwait_rights

Suggested by: asomers
Reviewed by: asomers, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54592

show more ...

vfs: Initial revision of inotify

Add an implementation of inotify_init(), inotify_add_watch(),
inotify_rm_watch(), source-compatible with Linux. This provides
functionality similar to kevent(2)'s E

vfs: Initial revision of inotify

Add an implementation of inotify_init(), inotify_add_watch(),
inotify_rm_watch(), source-compatible with Linux. This provides
functionality similar to kevent(2)'s EVFILT_VNODE, i.e., it lets
applications monitor filesystem files for accesses. Compared to
inotify, however, EVFILT_VNODE has the limitation of requiring the
application to open the file to be monitored. This means that activity
on a newly created file cannot be monitored reliably, and that a file
descriptor per file in the hierarchy is required.

inotify on the other hand allows a directory and its entries to be
monitored at once. It introduces a new file descriptor type to which
"watches" can be attached; a watch is a pseudo-file descriptor
associated with a file or directory and a set of events to watch for.
When a watched vnode is accessed, a description of the event is queued
to the inotify descriptor, readable with read(2). Events for files in a
watched directory include the file name.

A watched vnode has its usecount bumped, so name cache entries
originating from a watched directory are not evicted. Name cache
entries are used to populate inotify events for files with a link in a
watched directory. In particular, if a file is accessed with, say,
read(2), an IN_ACCESS event will be generated for any watched hard link
of the file.

The inotify_add_watch_at() variant is included so that this
functionality is available in capability mode; plain inotify_add_watch()
is disallowed in capability mode.

When a file in a nullfs mount is watched, the watch is attached to the
lower vnode, such that accesses via either layer generate inotify
events.

Many thanks to Gleb Popov for testing this patch and finding lots of
bugs.

PR: 258010, 215011
Reviewed by: kib
Tested by: arrowd
MFC after: 3 months
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D50315

show more ...

machine/stdarg.h -> sys/stdarg.h

Switch to using sys/stdarg.h for va_list type and va_* builtins.

Make an attempt to insert the include in a sensible place. Where
style(9) was followed this is eas

machine/stdarg.h -> sys/stdarg.h

Switch to using sys/stdarg.h for va_list type and va_* builtins.

Make an attempt to insert the include in a sensible place. Where
style(9) was followed this is easy, where it was ignored, aim for the
first block of sys/*.h headers and don't get too fussy or try to fix
other style bugs.

Reviewed by: imp
Exp-run by: antoine (PR 286274)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1595

show more ...

capsicum: Statically initialize commonly used capability rights

Rather than initializing all of these sets during boot, define a macro
which can do so at compile-time. This lets us get rid of the s

capsicum: Statically initialize commonly used capability rights

Rather than initializing all of these sets during boot, define a macro
which can do so at compile-time. This lets us get rid of the silly
sysinit and furthermore allows the sets to live in .rodata, where they
ought to be anyway.

The CAP_RIGHTS_INITIALIZER2 macro can create a set out of up to two
capsicum rights. This could be made more general, but we currently
don't have any use for a more abstract implementation, so just keep it
simple for now.

Also remove the unused cap_chflags_rights symbol.

No functional change intended.

Reviewed by: olce, oshogbo, kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D50420

show more ...

Add fchroot(2)

This is similar to chroot(2), but takes a file descriptor instead
of path. Same syscall exists in NetBSD and Solaris. It is part of a larger
patch to make absolute pathnames usable

Add fchroot(2)

This is similar to chroot(2), but takes a file descriptor instead
of path. Same syscall exists in NetBSD and Solaris. It is part of a larger
patch to make absolute pathnames usable in Capsicum mode, but should
be useful in other contexts too.

Reviewed By: brooks
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D41564

show more ...

capsicum: introduce cap_rights_is_empty Function

Before this commit, we only had the capability to check if a specific
capability was set (using cap_rights_is_set function). However, there
was no ef

capsicum: introduce cap_rights_is_empty Function

Before this commit, we only had the capability to check if a specific
capability was set (using cap_rights_is_set function). However, there
was no efficient method to determine if a cap_rights_t structure doesn't
contain any capability. The cap_rights_is_empty function addresses
this gap.

PR: 275330
Reported by: vini.ipsmaker@gmail.com
Reviewed by: emaste, markj
Differential Revision: https://reviews.freebsd.org/D42780

show more ...

sys: Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix

show more ...

Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights

These ones were unambiguous cases where the Foundation was the only
listed copyright holder (in the associated license block).

S

Remove "All Rights Reserved" from FreeBSD Foundation sys/ copyrights

These ones were unambiguous cases where the Foundation was the only
listed copyright holder (in the associated license block).

Sponsored by: The FreeBSD Foundation

show more ...