| #
897240c7 |
| 27-Nov-2024 |
Jake Freeland <jfree@FreeBSD.org> |
syslogd: Enter capability mode
Create syslogd_cap_enter() function, which puts syslogd in capability
mode and opens necessary libcasper channels for resource acquisition.
The `syslogd.casper` and `s
syslogd: Enter capability mode
Create syslogd_cap_enter() function, which puts syslogd in capability
mode and opens necessary libcasper channels for resource acquisition.
The `syslogd.casper` and `system.net` services are used.
Substitute capability-mode-unfriendly functions with their libcasper
`cap_` equivalents.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D41467
show more ...
|
| #
61a29eca |
| 27-Nov-2024 |
Jake Freeland <jfree@FreeBSD.org> |
syslogd: Log messages using libcasper
Some logging operations require access to external resources to
complete. Logging to F_WALL requires on-demand access to the user
accounting database. Logging t
syslogd: Log messages using libcasper
Some logging operations require access to external resources to
complete. Logging to F_WALL requires on-demand access to the user
accounting database. Logging to F_CONSOLE requires access to the
console. Logging to F_PIPE prompts execution of a command outside
of capability mode.
These operations cannot be performed in capability mode, so the
"p_open", "ttymsg", and "wallmsg" commands may be sent to libcasper to
circumvent these limitations.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D41465
show more ...
|
| #
2567168d |
| 27-Nov-2024 |
Jake Freeland <jfree@FreeBSD.org> |
syslogd: Refresh configuration using libcasper
When a SIGHUP signal is sent to syslogd, the configuration is reparsed,
leading to new resource acquisition.
If syslogd is running in capability mode
syslogd: Refresh configuration using libcasper
When a SIGHUP signal is sent to syslogd, the configuration is reparsed,
leading to new resource acquisition.
If syslogd is running in capability mode and a SIGHUP is received, new
resources cannot be acquired. To mitigate this issue, libcasper is used
to parse the configuration.
The libcasper process runs outside of capability mode and is capable of
parsing syslogd's configuration and obtaining new resources. These
resources are then sent to the syslogd process via nvlist.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D41464
show more ...
|
| #
96468787 |
| 27-Nov-2024 |
Jake Freeland <jfree@FreeBSD.org> |
syslogd: Create syslogd libcasper service
Once in capability mode, resource acquisition is not possible. To
mitigate this, introduce a libcasper service that is responsible for
fetching and returnin
syslogd: Create syslogd libcasper service
Once in capability mode, resource acquisition is not possible. To
mitigate this, introduce a libcasper service that is responsible for
fetching and returning new, requested resources to syslogd.
Some resources must be packed into an nvlist to be properly transferred
between syslogd and the libcasper process. The filed_to_nvlist() and
nvlist_to_filed() functions are included to ease the packing process for
filed structures.
Two additional syslogd.h and syslogd_cap.h header files are included
with shared declarations.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D41463
show more ...
|