| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
cu(1) uses these.
ok deraadt@
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
not currently enforced but we want the kernel to be able to parse
it for an upcoming diff in the next few days.
|
|
|
|
|
| |
came out of a discussion regarding "sort foo -o foo".
ok semarie
|
| |
|
|
|
|
| |
refactoring inverted the checks; spotted by sthen in ping6.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
problem pointed out by Martin Natano (natano (at) natano.net)
Also, stop chaining assignments (foo = bar = baz) in vattr_null().
The exact meaning of those depends on the order of the sizes-and-
signednesses of the lvalues, making them fragile: a statement here
mixed *six* types, but managed to get them in a safe order. Delete
a 20+ year old XXX comment that was almost certainly bemoaning a bug
from when they were in an unsafe order.
ok deraadt@ miod@
|
|
|
|
| |
"add it" deraadt@
|
| |
|
|
|
|
|
| |
depending on what you need. inet/inet6 cmsg's come through unmolested --
that is something to consider later.
|
|
|
|
|
| |
that is an errno to pass up to the calling system call instead. test
case is "who < /dev/null", via ttyname().
|
|
|
|
| |
ok deraadt@
|
|
|
|
| |
refers to the process itself. pledge should allow it.
|
|
|
|
|
| |
because the "route' tests were placed between the two, creating
confusion. fix that while here.
|
|
|
|
|
|
|
| |
The more important use will be tmux(1) and other active window size
controlling programs. There seems little risk in exposing this small
tty setting alongside the tcsetattr() family.
ok millert
|
|
|
|
|
|
| |
Make it always available.
ok deraadt@
|
|
|
|
|
|
|
| |
to avoid looping in softclock()
based on diff by sthen@
ok sthen@
|
|
|
|
|
| |
so we should allow it for 'self'.
ok djm
|
|
|
|
| |
a refactoring being done for the bc/dc relationship with otto.
|
| |
|
| |
|
|
|
|
|
|
| |
"stdio rpath" this would fail to execve. pre-indicate exec actions to the
namei checker to allow them through.
ok semarie
|
|
|
|
|
| |
and readpassphrase() in particular use this.
ok millert tedu semarie
|
|
|
|
|
|
|
|
|
|
|
|
| |
by "getpw" because libc getpw*/getgr* use open() of /var/run/ypbind.lock plus
flock() to detect YP running. The kernel observes this dance to "open up" the
YP door (ugliness should drive us to rewrite this mechanism from SunOS later).
however, flock is also used independently. Current users are
htpasswd mail skeyinit tmux authpf pwd_mkdb ldapd smtpd ypbind
login_token mail.local lockspool
Let's enable flock() for "cpath", and see if that helps these programs,
otherwise we'll try "wpath" next.
|
| |
|
| |
|
|
|
|
|
| |
be called against a non-tty fd, so as to test "is this a tty". Discovered
by sthen and rob pierce at the same time.
|
| |
|
| |
|
|
|
|
|
|
| |
strict than anticipated. It allows a programmer to pledge/promise/covenant
that their program will operate within an easily defined subset of the
Unix environment, or it pays the price.
|
| |
|
|
|
|
|
|
| |
strict than anticipated. It allows a programmer to pledge/promise/covenant
that their program will operate within an easily defined subset of the
Unix environment, or it pays the price.
|
|
|
|
|
|
| |
This will be used by a few daemons. If they lack this feature, then
they would need to operate without tame.
Discussed with renato
|
|
|
|
|
| |
only in TAME_UNIX, stop trying after servicing SOL_SOCKET.
discussion with claudio
|
|
|
|
|
|
| |
because many routing daemon processes with this attribute need to fetch
that information to work.
discussed with claudio and renato
|
|
|
|
|
|
| |
is no point in keeping an unused level of abstraction.
ok mikeb@, claudio@
|
|
|
|
|
|
|
|
| |
new tame "route" request. Now routing daemons and tools (such as arp),
can narrowly ask for either feature. One thing remains available in
both cases -- support for getifaddr()'s, since libc and programs often
use that in close association with socket creation.
ok benno sthen beck, some discussion with renato
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The routing table is not an optional component of the network stack
and initializing it inside the "routing domain" requires some ugly
introspection in the domain interface.
This put the rtable* layer at the same level of the if* level. These
two subsystem are organized around the two global data structure used
in the network stack:
- the global &ifnet list, to be used in process context only, and
- the routing table which can be read in interrupt context.
This change makes the rtable_* layer domain-aware and extends the
"struct domain" such that INET, INET6 and MPLS can specify the length
of the binary key used in lookups. This allows us to keep, or move
towards, AF-free route and rtable layers.
While here stop the madness and pass the size of the maximum key length
in *byte* to rn_inithead0().
ok claudio@, mikeb@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"exec" to call execve(2), potentially fork(2) beforehands if they
asked for "proc". Calling execve is what "shells" (ksh, tmux, etc)
have as their primary purpose. But meantime, if such a shell has a
nasty bug, we want to mitigate the process from opening a socket or
calling 100+ other system calls. Unfortunately silver bullets are in
short supply, so if our goal is to stay in a POSIX-y environment, we
have to let shells call execve(). POSIX ate the world, so choices do
we all have?
Warning for many: silver bullets are even more rare in other OS
ecosystems, so please accept this as a narrow lowering of the bar in a
very raised environment.
Commited from a machine running tame "proc exec" ksh, make, etc.
|
| |
|
| |
|