lib: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remov

lib: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/

Sponsored by: Netflix

show more ...

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix

show more ...

cap_fileargs: silence warnings of unused variable

We still want to fetch the variable just to verify that the interface
is right.

Reported by: pstef

fileargs: fix double caching of the same file

In situations when the current file name wasn't the first element on
the list we were cleaning the current name too early.
This might cause us to pre-ca

fileargs: fix double caching of the same file

In situations when the current file name wasn't the first element on
the list we were cleaning the current name too early.
This might cause us to pre-cache the same file twice.

show more ...

fileargs: add support for realpath

cap_fileargs: Fix a descriptor leak in the service process.

The service handler for fileargs_open() tries to pre-open multiple files
and pass descriptors for each back to the sandboxed process in a

cap_fileargs: Fix a descriptor leak in the service process.

The service handler for fileargs_open() tries to pre-open multiple files
and pass descriptors for each back to the sandboxed process in a single
message. This is to amortize the cost of round-trips between the two
processes.

The service process adds a "cache" nvlist to the reply to "open",
containing file descriptors for pre-opened files. However, when adding
that nvlist to the reply, it was making a copy, effectively leaking the
cached descriptors.

While here, fix spelling in a local variable name.

PR: 241226
Reviewed by: oshogbo
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25095

show more ...

cap_filergs: limit size of the file name

The limit of the name in fileargs is twice the size of the MAXPATH.
The nvlist will not add an element with the longer name.
We can detect at this point that

cap_filergs: limit size of the file name

The limit of the name in fileargs is twice the size of the MAXPATH.
The nvlist will not add an element with the longer name.
We can detect at this point that the path is too big, and simple return
the same error as open(2) would.

PR: 239700
Reported by: markj
Tested by: markj
MFC after: 2 weeks

show more ...

MFHead @349234

Sponsored by: The FreeBSD Foundation

fileargs: add wrapping/unwrapping functions

Those function may be useful to pass fileargs connections around.

MFHead @347527

Sponsored by: The FreeBSD Foundation

cap_fileargs: fix test after r346318

Reported by: danfe, mjg
MFC after: 3 weeks
MFC with: r346315
Sponsored by: The FreeBSD Foundation

cap_fileargs: fix GCC build, don't shadow 'stat'

Reported by: ci.freebsd.org
MFC after: 3 weeks
MFC with: r346315
Sponsored by: The FreeBSD Foundation

cap_fileargs: add fileargs_lstat service

Add fileargs_lstat function to cap_fileargs casper service to be able to
lstat files while in capability mode. It can only lstat files given in
fileargs_ini

cap_fileargs: add fileargs_lstat service

Add fileargs_lstat function to cap_fileargs casper service to be able to
lstat files while in capability mode. It can only lstat files given in
fileargs_init.

Submitted by: Bora Özarslan <borako.ozarslan@gmail.com>
Reviewed by: oshogbo, cem (partial)
MFC after: 3 weeks
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D19548

show more ...

Merge ^/head r340918 through r341763.

libcasper: do not fail if Capsicum is not avilable

Casper service can be also used on the kernels without Capsicum support.

Reported by: sbruno
Tested by: sbruno

Merge ^/head r340368 through r340426.

Fix typo in the comparison.
This fix build with gcc.

Reported by: jenkins

libcasper: introduce cap_fileargs service

cap_fileargs is a Casper service which helps to sandbox applications that need
access to the filesystem namespace. The main purpose of the service is to mak

libcasper: introduce cap_fileargs service

cap_fileargs is a Casper service which helps to sandbox applications that need
access to the filesystem namespace. The main purpose of the service is to make
easy to capsicumize applications that works on multiple files passed in argv.

We have a couple example of using it but we still treat this service as an
experimental one.

Reviewed by: emsate (previous version), jonathan (partially)
Discussed with: many
Differential Revision: https://reviews.freebsd.org/D14407

show more ...