| #
e9ac4169 |
| 15-Jul-2024 |
Warner Losh <imp@FreeBSD.org> |
Remove residual blank line at start of Makefile
This is a residual of the $FreeBSD$ removal.
MFC After: 3 days (though I'll just run the command on the branches)
Sponsored by: Netflix
|
|
Revision tags: release/14.1.0, release/13.3.0, release/14.0.0 |
|
| #
d0b2dbfa |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0, release/12.3.0, release/13.0.0 |
|
| #
94dc5715 |
| 26-Mar-2021 |
Ryan Moeller <freqlabs@FreeBSD.org> |
libcasper: Create a minimal cap_netdb service
Create a casper service for netdb functions.
Initially only cap_getprotobyname is implemented.
This is needed for capsicumizing sockstat.
Reviewed by:
libcasper: Create a minimal cap_netdb service
Create a casper service for netdb functions.
Initially only cap_getprotobyname is implemented.
This is needed for capsicumizing sockstat.
Reviewed by: oshogbo, bcr (manpages)
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D24832
show more ...
|
|
Revision tags: release/12.2.0 |
|
| #
e2515283 |
| 27-Aug-2020 |
Glen Barber <gjb@FreeBSD.org> |
MFH
Sponsored by: Rubicon Communications, LLC (netgate.com)
|
| #
e81829d0 |
| 16-Aug-2020 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r364264 through r364278.
|
| #
832dc76b |
| 16-Aug-2020 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
libcasper: Introduce cap_net a network service for Casper.
Reviewed by: emaste, markj (previous version), bcr (man page)
Differential Revision: https://reviews.freebsd.org/D24688
|
|
Revision tags: release/11.4.0, release/12.1.0 |
|
| #
a63915c2 |
| 28-Jul-2019 |
Alan Somers <asomers@FreeBSD.org> |
MFHead @r350386
Sponsored by: The FreeBSD Foundation
|
| #
a76f78dc |
| 25-Jul-2019 |
Mark Johnston <markj@FreeBSD.org> |
Remove cap_random(3).
Now that we have a way to obtain entropy in capability mode
(getrandom(2)), libcap_random is obsolete. Remove it.
Bump __FreeBSD_version in case anything happens to use it, t
Remove cap_random(3).
Now that we have a way to obtain entropy in capability mode
(getrandom(2)), libcap_random is obsolete. Remove it.
Bump __FreeBSD_version in case anything happens to use it, though I've
found no consumers.
Reviewed by: delphij, emaste, oshogbo
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D21033
show more ...
|
|
Revision tags: release/11.3.0, release/12.0.0 |
|
| #
6149ed01 |
| 14-Nov-2018 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r340368 through r340426.
|
| #
cdd6ea94 |
| 12-Nov-2018 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
libcasper: introduce cap_fileargs service
cap_fileargs is a Casper service which helps to sandbox applications that need
access to the filesystem namespace. The main purpose of the service is to mak
libcasper: introduce cap_fileargs service
cap_fileargs is a Casper service which helps to sandbox applications that need
access to the filesystem namespace. The main purpose of the service is to make
easy to capsicumize applications that works on multiple files passed in argv.
We have a couple example of using it but we still treat this service as an
experimental one.
Reviewed by: emsate (previous version), jonathan (partially)
Discussed with: many
Differential Revision: https://reviews.freebsd.org/D14407
show more ...
|
|
Revision tags: release/11.2.0 |
|
| #
55b1c6e7 |
| 15-Nov-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r325663 through r325841.
|
| #
7b4fce76 |
| 12-Nov-2017 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
Introduce syslog service for Casper.
syslog in libc secretly reconnects to the daemon.
Another issue is that we don't have any information from openlog(3) if we
succeeded to open log or not so we do
Introduce syslog service for Casper.
syslog in libc secretly reconnects to the daemon.
Another issue is that we don't have any information from openlog(3) if we
succeeded to open log or not so we don't know if we are ready
to enter cabability mode.
Because all of that we decided we need a syslog service for Caspser.
Reviewed by: bapt@
Differential Revision: https://reviews.freebsd.org/D12824
show more ...
|
| #
c2c014f2 |
| 07-Nov-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r323559 through r325504.
|
| #
3c5ab8c1 |
| 30-Oct-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r325119
|
| #
ceb36bc9 |
| 28-Oct-2017 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
Introduce caspermocks.
The idea behinds mocks is that we don't need to ifdef a lot of code in
tools itself but those defines are hidden in the casper library.
Right now the mocks are implemented as
Introduce caspermocks.
The idea behinds mocks is that we don't need to ifdef a lot of code in
tools itself but those defines are hidden in the casper library.
Right now the mocks are implemented as define/inlines functions.
There was a very long discussion how this should be implemented.
This approach has some advantages like we don't need to link to any additional
libraries. Unfortunately there are also some disadvantages for example it is
easy to get library out of sync between two versions of functions or that we
need extra define to compile program with casper support.
This isn't an ideal solution but it's good enough for now and should simplify
capsicumizing programs. This also doesn't close us any other ways to do those
mocks and this should evolve in time.
Discussed with: pjd, emaste, ed, rwatson, bapt, cem, bdrewery
Differential Revision: https://reviews.freebsd.org/D8753
show more ...
|
|
Revision tags: release/10.4.0 |
|
| #
1409e715 |
| 21-Aug-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r322398 through r322746.
|
| #
083c8ded |
| 13-Aug-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r322451
|
| #
38dd1759 |
| 13-Aug-2017 |
Enji Cooper <ngie@FreeBSD.org> |
Integrate the tests moved in r305626 in to the FreeBSD test suite
The reachover Kyuafiles were never added, and thus the tests were installed
as standalone tests, and not integrated into the full su
Integrate the tests moved in r305626 in to the FreeBSD test suite
The reachover Kyuafiles were never added, and thus the tests were installed
as standalone tests, and not integrated into the full suite.
MFC after: 1 week
MFC with: r305626, 305629, r307863, r322447, r322448, r322449
show more ...
|
|
Revision tags: release/11.1.0, release/11.0.1, release/11.0.0, release/10.3.0 |
|
| #
82aa34e6 |
| 04-Mar-2016 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r296007 through r296368.
|
| #
52259a98 |
| 02-Mar-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH
Sponsored by: The FreeBSD Foundation
|
| #
88ad7d50 |
| 26-Feb-2016 |
Bryan Drewery <bdrewery@FreeBSD.org> |
These can build in parallel.
Sponsored by: EMC / Isilon Storage Division
|
| #
c501d73c |
| 25-Feb-2016 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
Convert casperd(8) daemon to the libcasper.
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We
Convert casperd(8) daemon to the libcasper.
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.
Discussed with: pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by: drysdale@google.com, bdrewery
Approved by: pjd (mentor)
Differential Revision: https://reviews.freebsd.org/D4277
show more ...
|