| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Minsoo Choo <minsoochoo0122@proton.me>
Reviewed by: emaste
Pull Request: https://github.com/freebsd/freebsd-src/pull/1914
(cherry picked from commit 907cf3e4378f9d114af41d05a59ef4a075d3efb0)
|
|
This enables additional searching the manual by sysctl variable.
This syntax is standardized in style.mdoc(5).
Reported by: bapt
MFC after: 3 days
|
|
ioctls can fail with EACCES, see sys/kern/tty.c
PR: 239504
MFC after: 3 days
Reviewed by: ziaee
Reported by: Brennan Vincent <brennan@umanwizard.com>
Differential Revision: https://reviews.freebsd.org/D49072
|
|
MFC after: 3 days
Signed-off-by: Seth Hoffert <seth.hoffert@gmail.com>
Closes: https://github.com/freebsd/freebsd-src/pull/1919
|
|
Signed-off-by: Minsoo Choo <minsoochoo0122@proton.me>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1903
|
|
Signed-off-by: Ricardo Branco <rbranco@suse.de>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1891
|
|
This was a minor oversight from their introduction.
Commit message by kevans@.
Fixes: 851dc7f859c23 ("jail: add jail descriptors")
Reviewed by: kevans
|
|
ZFS has since been changed to use EOPNOTSUPP instead of EINVAL, and
fusefs/nfs are following suit. POSIX Issue 8 had also made this move,
so it makes sense for us to standardize on EOPNOTSUPP.
Note in the HISTORY section where we're diverging from our previous
versions to align with the new standard.
Reviewed by: asomers, imp (both previous version), kib
Differential Revision: https://reviews.freebsd.org/D53537
|
|
Also add kexec reboot flag to the reboot man page.
|
|
Commit d6864221d8 added support for the _PC_CASE_INSENSITIVE
name for pathconf, to indicate if case insensitive lookups
are configured.
This patch documents this new name and also updates
the description for _PC_HAS_HIDDENSYSTEM to also
include UF_ARCHIVE.
This is a content change.
Reviewed by: kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D53508
|
|
Block devices are a thing of a past in FreeBSD.
Reviewed by: ziaee
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D53332
|
|
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53240
|
|
|
|
Also provide the pointer to the latest POSIX standard that justifies the
requirement.
Reviewed by: emaste
Discussed with: rmacklem
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D53361
|
|
Add 14.2, as this was cherry-picked prior to release.
Reported by: Harald Eilertsen
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53320
|
|
|
|
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D52045
|
|
|
|
Create a chapter on every important socket type: stream, datagram,
seqpacket. Always list what protocol families do support what kinds of
sockets. Improve some statements possessing language from the
specification [1]. Reduce some statements that are mostly specific to
TCP. Provide more external links and references to various important
syscalls that can be used on sockets.
Add a paragrph on non-blocking mode.
The big factual change is documentation of SOCK_SEQPACKET. In FreeBSD 15
this socket now fully follows the specification and is a stream socket
with record boundaries.
[1] https://pubs.opengroup.org/onlinepubs/9799919799/functions/V2_chap02.html#tag_16_10_06
Differential Revision: https://reviews.freebsd.org/D52771
|
|
Just make it like all other sockets that have PF_FOO -> AF_FOO alias.
|
|
In the STANDARDS section, stop mentioning behavior that is not
prescribed by POSIX and make sure to specify which alternative we
implement (as POSIX allows to return or not the effective group ID).
Say more clearly that programs treating specially the first slot of the
returned array must be modified.
Consistently use "group ID" instead of "GID".
These changes are going to be MFCed into stable/14 as part of MFCing
commit 4be38acc826f ("getgroups.2: Clarify, mention ascending order, add
SECURITY CONSIDERATIONS"), so the current commit will be MFCed to
stable/15 only.
MFC after: 1 hour
MFC to: stable/15
Sponsored by: The FreeBSD Foundation
|
|
after libc is switched to use public symbols for pre-ino64 syscalls.
Reviewed by: olce
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D52687
|
|
Clarify and be more precise about the behavior of getgroups(2), in
particular with respect to 'gidsetlen'.
Prefer a terminology referring to POSIX terms, i.e., use "supplementary
groups" instead of "group access list".
Say that getgroups(2) reports the supplementary groups in strictly
ascending order and returns the cardinal of the set they form (and
mention this has been the case since FreeBSD 14.3).
Add a new SECURITY CONSIDERATIONS section contrasting the new behavior
after commit 9da2fe96ff2e ("kern: fix setgroups(2) and getgroups(2) to
match other platforms") with the historical one.
While here, fix some style.
Note for MFC to stable/14: The content will have to be revised as the
new behavior is not in place. The latter should be mentioned as
upcoming in 15.
Reviewed by: gbe (older version)
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52286
|
|
Reviewed by: gbe
Fixes: 9da2fe96ff2e ("kern: fix setgroups(2) and getgroups(2) to match other platforms")
MFC after: 5 days
MFC to: stable/15
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52285
|
|
Add a new SECURITY CONSIDERATIONS section describing in details what the
new behavior is after commit 9da2fe96ff2e ("kern: fix setgroups(2) and
getgroups(2) to match other platforms"), what setgroups(2) does not
do anymore, and how programs using it are affected.
Fix the groups limit after commit 9da2fe96ff2e ("kern: fix setgroups(2)
and getgroups(2) to match other platforms").
Prefer a terminology referring to POSIX terms, i.e., use "effective
group list" instead of "group access list".
While here, fix some style.
Note for MFC to stable/14: The content will have to be revised as the
new behavior is not in place. The latter should still be mentioned as
upcoming in 15.
Fixes: 9da2fe96ff2e ("kern: fix setgroups(2) and getgroups(2) to match other platforms")
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52284
|
|
The manual page does not directly mention this reason for getting EPERM,
instead referring the reader to chroot(2). We have had some questions
about it recently, in part due to a bug (fixed), and this case is not an
obvious permission/problem, so let's be more explicit.
PR: 280809
Reviewed by: jamie
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52319
|
|
Give jail descriptors the same kevent flags as jails. Also fix the
event reporting in jails, where it was including data for events the
user didn't ask for.
MFC after: 3 days
|
|
Instead of using the EVFILT_PROC model of attempting to automatically
register new events when a child jail is created, just give a single
event when a child jail is created. As was already done with jail
attach events, make a best-effort report of the added jail's id in
kn_data. If the are multiple NOTE_JAIL_CHILD and/or NOTE_JAIL_ATTACH
events, set the NOTE_JAIL_MULTI flag, and don't report anything in
data, indicating that the caller will need to query the system state
on their own.
MFC after: 3 days
|
|
Jail descriptors were given a file-like mode, user, and group, for the
purpose of controlling how the descriptor may be used. This is too far
removed from the file paradigm to make sense. Remove it in favor of a
better access control method to be added, such as Capsicum.
Also add missing code in jaildesc_fill_kinfo.
Reported by: crest at rlwinm.de, kib
MFC after: 3 days
|
|
Following fd9e09cb, EBADF is not the suitable error code for a non-
jail descriptor passed to jail_set, jail_get, jail_attach_fd, and
jail_remove_fd.
Reported by: kib
|
|
Similar to process descriptors, jail desriptors are allow jail
administration using the file descriptor interface instead of JIDs.
They come from and can be used by jail_set(2) and jail_get(2),
and there are two new system calls, jail_attach_jd(2) and
jail_remove_jd(2).
Reviewed by: bz, brooks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D43696
|
|
Add kqueue tracking to jails, inspired by how it's done with processes.
EVFILT_JAIL takes a jail ID, and tracks with NOTE_JAIL_SET,
NOTE_JAIL_ATTACH, NOTE_JAIL_REMOVE, and NOTE_JAIL_CHILD. It also uses
the NOTE_TRACK mechanism that EVFILT_PROC uses, using the same result
flags (NOTE_CHILD and NOTE_TRACKERR).
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D51940
|
|
Commit 37b2cb5ecb0f added support for the
COPY_FILE_RANGE_CLONE flags argument to
copy_file_range(2).
This patch documents this flags argument.
This is a content change.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D51938
Fixes: 37b2cb5ecb0f ("vfs: Add support for file cloning to VOP_COPY_FILE_RANGE")
|
|
MFC after: 1 week
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Reviewed by: bcr
Differential Revision: https://reviews.freebsd.org/D51946
|
|
|
|
On most other platforms observed, including OpenBSD, NetBSD, and Linux,
these system calls have long since been converted to only touching the
supplementary groups of the process. This poses both portability and
security concerns in porting software to and from FreeBSD, as this
subtle difference is a landmine waiting to happen. Bugs have been
discovered even in FreeBSD-local sources, since this behavior is
somewhat unintuitive (see, e.g., fix 48fd05999b0f for chroot(8)).
Now that the egid is tracked outside of cr_groups in our ucred, convert
the syscalls to deal with only supplementary groups. Some remaining
stragglers in base that had baked in assumptions about these syscalls
are fixed in the process to avoid heartburn in conversion.
For relnotes: application developers should audit their use of both
setgroups(2) and getgroups(2) for signs that they had assumed the
previous FreeBSD behavior of using the first element for the egid. Any
calls to setgroups() to clear groups that used a single array of the
now or soon-to-be egid can be converted to setgroups(0, NULL) calls to
clear the supplementary groups entirely on all FreeBSD versions.
Co-authored-by: olce (but bugs are likely mine)
Relnotes: yes (see last paragraph)
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D51648
|
|
Commit 37b2cb5ecb0f added VFS support for
cloning, including a new pathconf name to
acquire the clone block size called
_PC_CLONE_BLKSIZE.
This patch documents this new name.
This is a content change.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D51851
Fixes: 37b2cb5ecb0f ("vfs: Add support for file cloning to VOP_COPY_FILE_RANGE")
|
|
Signed-off-by: Ricardo Branco <rbranco@suse.de>
Reviewed by: kib
Pull Request: https://github.com/freebsd/freebsd-src/pull/1802
|
|
There is no need to support pre-12.0 (and thus pre-ino64) kernels in a
15.x libc.
Continue to check if the CPU supports these features before using them
and fall back as required.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D50732
|
|
|
|
|
|
exit(3) is implemented by the runtime and performs a number of shutdown
actions before ultimately calling _exit(2) to terminate the program. We
historically named the syscall table entry `exit` rather than `_exit`,
but this requires special handling in libc/libsys to cause the `_exit`
symbol to exist while implementing `exit` in libc.
Declare the syscall as `_exit` and flow that through the system.
Because syscall(SYS_exit, code) is fairly widely used, allow a
configured extra line in syscall.h to define SYS_exit to SYS__exit.
I've found no external uses of __sys_exit() so I've not bothered to
create a compatability version of this private symbol.
Reviewed by: imp, kib, emaste
Differential Revision: https://reviews.freebsd.org/D51672
|
|
Make syscall stubs generated by lib/libsys/Makefile.sys depend on it.
This will have some false positives, but generating and assembling them
is fast. Also add slightly dubious dependencies on compat.h and SYS.h.
While here, fix the comment documenting the assembly origin.
Reviewed by: kib, emaste
Differential Revision: https://reviews.freebsd.org/D51671
|
|
Include errors common to chroot and fchroot in a single list, followed
by errors unique to each.
Unprivileged chroot is permitted if the security.bsd.unprivileged_chroot
sysctl is set to 1. Make note of this and update the EPERM description.
Reported by: kevans
Reviewed by: kevans, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D51703
|
|
|
|
Add select(2), poll(2), or kqueue(2) source socket semantics and close
behavior.
Reported by: Udip Pant <upant@netflix.com>
Reviewed by: manpages (ziaee), markj
Obtained from: OpenBSD
MFC after: 3 days
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D51547
|
|
PR: 286064
MFC after: 3 days
Reviewed by: mckusick
|
|
This is a content change.
Fixes: 964d0fd62431 ("statfs.2: Update man page for the MNT_NAMEDATTR flag")
|
|
This is a content change.
Fixes: dedbb972d294 ("fhopen.2: Update man page for O_NAMEDATTR flag")
|
|
This is both more logical and more useful than EINVAL.
While here, also check for VBAD and return EBADF in that case. This can
happen if the underlying filesystem got forcibly unmounted after the
directory was opened. Previously, this would also have returned EINVAL,
which wasn't right but wasn't wrong either; however, ENOTDIR would not
be appropriate.
MFC after: never
Sponsored by: Klara, Inc.
Reviewed by: kevans, kib
Differential Revision: https://reviews.freebsd.org/D51209
|
