kernel - Add per-process capability-based restrictions* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed. Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features.* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)* Add sys/caps.h* Add the "setcaps" userland utility and manual page.* Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure.* The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
show more ...
kernel: Rename BUILDING_WITH_KERNEL to KERNBUILDDIR.Fits better with e.g. KERNCONFDIR.Add a small paragraph in kmod.mk which was taken from FreeBSD.
devfs: Add a vnode pointer argument to dev_dopen()* Initialize fp->f_data with it when possible* drm drivers expect to be able to access vnode information in their open() functionReviewed-by:
devfs: Add a vnode pointer argument to dev_dopen()* Initialize fp->f_data with it when possible* drm drivers expect to be able to access vnode information in their open() functionReviewed-by: dillon
kernel: Cleanup <sys/uio.h> issues. The iovec_free() inline very complicates this header inclusion. The NULL check is not always seen from <sys/_null.h>. Luckily only three kernel sources needs
kernel: Cleanup <sys/uio.h> issues. The iovec_free() inline very complicates this header inclusion. The NULL check is not always seen from <sys/_null.h>. Luckily only three kernel sources needs it: kern_subr.c, sys_generic.c and uipc_syscalls.c. Also just a single dev/drm source makes use of 'struct uio'. * Include <sys/uio.h> explicitly first in drm_fops.c to avoid kfree() macro override in drm compat layer. * Use <sys/_uio.h> where only enums and struct uio is needed, but ensure that userland will not include it for possible later <sys/user.h> use. * Stop using <sys/vnode.h> as shortcut for uiomove*() prototypes. The uiomove*() family functions possibly transfer data across kernel/user space boundary. This header presence explicitly mark sources as such. * Prefer to add <sys/uio.h> after <sys/systm.h>, but before <sys/proc.h> and definitely before <sys/malloc.h> (except for 3 mentioned sources). This will allow to remove <sys/malloc.h> from <sys/uio.h> later on. * Adjust <sys/user.h> to use component headers instead of <sys/uio.h>. While there, use opportunity for a minimal whitespace cleanup. No functional differences observed in compiler intermediates.
kernel - Fix devfs bitmap races for pty and other devices (2)* Fix bug in 1991e949fd5da due to misinterpretation of how devfs_clone_bitmap_get() worked in the vn code.
kernel - Fix devfs bitmap races for pty and other devices* Use an internal lock to protect the integrity of bitmap operations for devfs_clone_bitmap_*() functions, allowing devices to use the f
kernel - Fix devfs bitmap races for pty and other devices* Use an internal lock to protect the integrity of bitmap operations for devfs_clone_bitmap_*() functions, allowing devices to use the functions without having to lock themselves.* Devices which use devfs_clone_bitmap_chk() + devfs_clone_bitmap_set() sequences have to be more careful, either having their own covering lock or checking the return code from devfs_clone_bitmap_set() and looping.* This fixes serious /dev/ptmx pty allocation races which become obvious when pty's are allocated concurrently at a high rate, such as by the dsynth code.
kernel: Fix some -Wundef corner cases.When those modules were built outside buildkernel, NVN and NSNP wouldnot be defined, so provide some defaults.
Fix a few typos across the tree.
kernel - Refuse to swapoff under certain conditions* Both tmpfs and vn can't handle swapoff's method of bringing pages back in from the swap partition being decomissioned.* Fixing this properly
kernel - Refuse to swapoff under certain conditions* Both tmpfs and vn can't handle swapoff's method of bringing pages back in from the swap partition being decomissioned.* Fixing this properly is fairly involved. The normal swapoff procedure is to page swap into the related VM object, but tmpfs and vn use their VM objects ONLY to track swap blocks and not for vm_page manipulation, so that just won't work. In addition, the swap code may associate a swap block with a VM object before issuing the write I/O to page out the data, and the swapoff code's asynchronous pagein might cause problems. For now, just make sure that swapoff refuses to remove the partition under these conditions, so it doesn't blow up tmpfs or vn.
kernel - Adjust emergency pager, add D_NOEMERGPGR* Adjust emergency pager and pager thread tests a little. Allow the emergency pager to also page to VCHR devices as long as D_NOEMERGPGR is not
kernel - Adjust emergency pager, add D_NOEMERGPGR* Adjust emergency pager and pager thread tests a little. Allow the emergency pager to also page to VCHR devices as long as D_NOEMERGPGR is not flagged.* Add the D_NOEMERGPGR flag and apply to "vn" and "mfs" block devices.
kernel: Add 'static' to some function definitions.The declarations already have it, so no functional difference.
Remove advertising header from sys/Correct BSD License clause numbering from 1-2-4 to 1-2-3.Some less clear cases taken as it was done of FreeBSD.
devfs(9): Rename DEVFS_DECLARE_CLONE_BITMAP to DEVFS_DEFINE_CLONE_BITMAP.Also, add DEVFS_DECLARE_CLONE_BITMAP() for extern declarations, analogousto MALLOC_DEFINE() and MALLOC_DECLARE().In the s
devfs(9): Rename DEVFS_DECLARE_CLONE_BITMAP to DEVFS_DEFINE_CLONE_BITMAP.Also, add DEVFS_DECLARE_CLONE_BITMAP() for extern declarations, analogousto MALLOC_DEFINE() and MALLOC_DECLARE().In the sound code, replace some externs with DEVFS_DECLARE_CLONE_BITMAP()and remove one unneeded extern.
kernel disk/vn: fix locking in vnstrategy
devfs: add passing of file pointer through to dev_dclose
add file pointer to dev_d*() functions
kernel: Clean up some module Makefiles.Adding missing opt_*.h and use_*.h mostly.
kernel -- vn: Implement BUF_CMD_FLUSH for vn(ode) devices.File-backed vnode devices implement BUF_CMD_FLUSH by VOP_FSYNC-ingthe backing vnode.
vn - use DSO_RAWPSIZE flag * Use the DSO_RAWPSIZE flag so that the disk subsystem uses vn's own psize when the top level fails. * This allows the use of vn disks as swap.Reported-by: Antonio
vn - use DSO_RAWPSIZE flag * Use the DSO_RAWPSIZE flag so that the disk subsystem uses vn's own psize when the top level fails. * This allows the use of vn disks as swap.Reported-by: Antonio Huete (tuxillo@)
vn - switch to using own malloc type
vn - Major overhaul* Now that we can do proper disk cloning we do so. vn_create will now return the top device of the disk (the one that belongs to the disk subsystem and not us) if asked to do
vn - Major overhaul* Now that we can do proper disk cloning we do so. vn_create will now return the top device of the disk (the one that belongs to the disk subsystem and not us) if asked to do so. This is then passed back from the clone handler so that we have a real cloned disk.* Remove all sorts of old hacks, mostly related to finding vn's and strange cdev lists that were not being used anymore anyways.* Avoid the destruction/detachment of devices that are in use by keeping track of whether they are open or not and checking the opencount provided by the disk susbsystem.* Fix a memory leak related to adding references to devs but never releasing them.Dragonfly-bug: http://bugs.dragonflybsd.org/issue1561 (partly)
Remove useless .PATH targets from kernel module Makefiles.All these came in from FreeBSD which keeps their module Makefiles insys/modules (that is, separate from the source). We don't, so they are
Remove useless .PATH targets from kernel module Makefiles.All these came in from FreeBSD which keeps their module Makefiles insys/modules (that is, separate from the source). We don't, so they arenot needed.
kernel: Remove most definitions of CDEV_MAJOR.These are no longer needed since we have devfs.A few are left in because they are added to the order in SYSINIT()s.This needs further investigation.
vn - remove vn_softc from list on detach command* Remove the vn_softc out of the vn list when a detach command is issued, additionally to calling disk_destroy().* This was causing a panic when
vn - remove vn_softc from list on detach command* Remove the vn_softc out of the vn list when a detach command is issued, additionally to calling disk_destroy().* This was causing a panic when a reboot was issued after detaching a vn device, as disk_destroy was effectively called twice on the same dp.
cache_fullpath - Guess mountpoints if requested* cache_fullpath (and vn_fullpath) now take an extra parameter, guess, which, if != 0, makes cache_fullpath look for a matching mp if an ncp flagg
cache_fullpath - Guess mountpoints if requested* cache_fullpath (and vn_fullpath) now take an extra parameter, guess, which, if != 0, makes cache_fullpath look for a matching mp if an ncp flagged as a mountpoint is found while traversing upwards. This fixes uses of *_fullpath when no nch is provided, but only a vp.* Change all consumers of cache_fullpath and vn_fullpath to accomodate for the extra parameter.Suggested-by: Matthew Dillon
1234