svn commit: r252618 - head/sbin/dhclient

2013-07-03 Thread Pawel Jakub Dawidek
Author: pjd Date: Wed Jul 3 21:57:24 2013 New Revision: 252618 URL: http://svnweb.freebsd.org/changeset/base/252618 Log: MFp4 @229473: No caller checks send_packet() return value, so make it void. Reviewed by: brooks Sponsored by: The FreeBSD Foundation Modified:

svn commit: r252619 - head/sbin/dhclient

2013-07-03 Thread Pawel Jakub Dawidek
Author: pjd Date: Wed Jul 3 21:58:26 2013 New Revision: 252619 URL: http://svnweb.freebsd.org/changeset/base/252619 Log: MFp4 @229474: iov_base field is 'void *' in FreeBSD, no need to cast. Reviewed by: brooks Sponsored by: The FreeBSD Foundation Modified:

svn commit: r252620 - head/sbin/dhclient

2013-07-03 Thread Pawel Jakub Dawidek
Author: pjd Date: Wed Jul 3 22:01:52 2013 New Revision: 252620 URL: http://svnweb.freebsd.org/changeset/base/252620 Log: MFp4 @229476,229478: Make use of two fields: rfdesc and wfdesc to keep bpf descriptor open for reading only in rfdesc and bpf descriptor open for writing only in

svn commit: r252621 - head/sbin/dhclient

2013-07-03 Thread Pawel Jakub Dawidek
Author: pjd Date: Wed Jul 3 22:03:19 2013 New Revision: 252621 URL: http://svnweb.freebsd.org/changeset/base/252621 Log: Remove redundant white-spaces. Modified: head/sbin/dhclient/dhclient.c Modified: head/sbin/dhclient/dhclient.c

svn commit: r252623 - head/sbin/dhclient

2013-07-03 Thread Pawel Jakub Dawidek
Author: pjd Date: Wed Jul 3 22:05:36 2013 New Revision: 252623 URL: http://svnweb.freebsd.org/changeset/base/252623 Log: MFp4 @229477: The gethostname(3) function won't work in capability mode, because reading kern.hostname sysctl is not permitted there. Cache hostname early and use

svn commit: r252624 - head/sbin/dhclient

2013-07-03 Thread Pawel Jakub Dawidek
Author: pjd Date: Wed Jul 3 22:07:55 2013 New Revision: 252624 URL: http://svnweb.freebsd.org/changeset/base/252624 Log: MFp4 @229479: - Add new request (IMSG_SEND_PACKET) that will be handled by privileged process. - Add $FreeBSD$. Reviewed by: brooks Sponsored by: The FreeBSD

svn commit: r252625 - head/sbin/dhclient

2013-07-03 Thread Pawel Jakub Dawidek
Author: pjd Date: Wed Jul 3 22:09:02 2013 New Revision: 252625 URL: http://svnweb.freebsd.org/changeset/base/252625 Log: MFp4 @229480: Shutdown write direction of the routing socket. We only need to read from it. Reviewed by: brooks Sponsored by: The FreeBSD Foundation Modified:

svn commit: r252626 - head/sbin/dhclient

2013-07-03 Thread Pawel Jakub Dawidek
Author: pjd Date: Wed Jul 3 22:12:54 2013 New Revision: 252626 URL: http://svnweb.freebsd.org/changeset/base/252626 Log: MFp4 @229481: Currently it was allowed to send any UDP packets from unprivileged process and possibly any packets because /dev/bpf was open for writing. Move

svn commit: r252628 - head/sbin/dhclient

2013-07-03 Thread Pawel Jakub Dawidek
Author: pjd Date: Wed Jul 3 22:16:02 2013 New Revision: 252628 URL: http://svnweb.freebsd.org/changeset/base/252628 Log: MFp4 @229482: - Limit bpf descriptor in unprivileged process to CAP_POLL_EVENT, CAP_READ and allow for SIOCGIFFLAGS, SIOCGIFMEDIA ioctls. - While here limit bpf

svn commit: r252629 - head/sbin/dhclient

2013-07-03 Thread Pawel Jakub Dawidek
Author: pjd Date: Wed Jul 3 22:17:29 2013 New Revision: 252629 URL: http://svnweb.freebsd.org/changeset/base/252629 Log: MFp4 @229483: Limit communication pipe with privileged process to CAP_READ and CAP_WRITE. Reviewed by: brooks Sponsored by: The FreeBSD Foundation Modified:

svn commit: r252630 - head/sbin/dhclient

2013-07-03 Thread Pawel Jakub Dawidek
Author: pjd Date: Wed Jul 3 22:18:40 2013 New Revision: 252630 URL: http://svnweb.freebsd.org/changeset/base/252630 Log: MFp4 @229484: Limit routing socket so only poll(2) and read(2) are allowed (CAP_POLL_EVENT and CAP_READ). This prevents unprivileged process from adding, removing or

svn commit: r252631 - head/sbin/dhclient

2013-07-03 Thread Pawel Jakub Dawidek
Author: pjd Date: Wed Jul 3 22:19:43 2013 New Revision: 252631 URL: http://svnweb.freebsd.org/changeset/base/252631 Log: MFp4 @229485: Only allow to overwrite lease file. Reviewed by: brooks Sponsored by: The FreeBSD Foundation Modified: head/sbin/dhclient/dhclient.c Modified:

svn commit: r252632 - head/sbin/dhclient

2013-07-03 Thread Pawel Jakub Dawidek
Author: pjd Date: Wed Jul 3 22:21:11 2013 New Revision: 252632 URL: http://svnweb.freebsd.org/changeset/base/252632 Log: MFp4 @229486: Once PID is written to the pidfile, revoke all capability rights. We just want to keep the pidfile open. Reviewed by: brooks Sponsored by: The

svn commit: r252633 - head/sbin/dhclient

2013-07-03 Thread Pawel Jakub Dawidek
Author: pjd Date: Wed Jul 3 22:22:29 2013 New Revision: 252633 URL: http://svnweb.freebsd.org/changeset/base/252633 Log: MFp4 @229487: Revoke all capability rights from STDIN and allow only for write to STDOUT and STDERR. All those descriptors are redirected to /dev/null. Reviewed

svn commit: r252634 - head/sbin/dhclient

2013-07-03 Thread Pawel Jakub Dawidek
Author: pjd Date: Wed Jul 3 22:23:25 2013 New Revision: 252634 URL: http://svnweb.freebsd.org/changeset/base/252634 Log: MFp4 @229488: Sandbox unprivileged process using capability mode. Reviewed by: brooks Sponsored by: The FreeBSD Foundation Modified:

Re: svn commit: r251796 - head/sbin/hastd

2013-06-18 Thread Pawel Jakub Dawidek
On Sun, Jun 16, 2013 at 11:42:21AM +0200, Ed Schouten wrote: Hello Pawel, 2013/6/16 Pawel Jakub Dawidek p...@freebsd.org: Hmm, I don't like HAST to be a victim of bad LLVM import. This is not the kind of software you run on HEAD (so it might go unnoticed initially) and this is the kind

Re: svn commit: r251796 - head/sbin/hastd

2013-06-15 Thread Pawel Jakub Dawidek
= atomic_fetchadd_int(count, -1); + old = atomic_fetch_sub(count, 1); PJDLOG_ASSERT(old 0); return (old - 1); } -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http

Re: svn commit: r251590 - in head/sys: kern sys

2013-06-09 Thread Pawel Jakub Dawidek
, vfs_unmounted_notify_fn); + +/* * exported vnode operations */ -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com pgpNaE4TWQkJS.pgp Description: PGP

Re: svn commit: r251197 - head/lib/libc/sys

2013-05-31 Thread Pawel Jakub Dawidek
? -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com pgpwEnuidtJWH.pgp Description: PGP signature

svn commit: r251167 - head/usr.bin/kdump

2013-05-30 Thread Pawel Jakub Dawidek
Author: pjd Date: Thu May 30 21:59:29 2013 New Revision: 251167 URL: http://svnweb.freebsd.org/changeset/base/251167 Log: If the -r option is given we cannot enter capability mode. The option tells kdump to convert numeric UIDs and GIDs into user and group names plus to convert times and

Re: svn commit: r251088 - head/crypto/openssh

2013-05-29 Thread Pawel Jakub Dawidek
== 1) { -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com pgpf15mnMf1jM.pgp Description: PGP signature

Re: svn commit: r251088 - head/crypto/openssh

2013-05-29 Thread Pawel Jakub Dawidek
On Wed, May 29, 2013 at 02:36:17PM +0200, Dag-Erling Smørgrav wrote: Pawel Jakub Dawidek p...@freebsd.org writes: Which library is needed for AES-NI? I don't see any engine in /usr/lib/ that implements AES-NI support. Could you be more specific? Ah, you're right. Bryan (cc:ed) did

Re: svn commit: r251088 - head/crypto/openssh

2013-05-29 Thread Pawel Jakub Dawidek
On Wed, May 29, 2013 at 05:03:05PM +0200, Dag-Erling Smørgrav wrote: Pawel Jakub Dawidek p...@freebsd.org writes: AES-NI doesn't have to go through kernel at all and doing so is much slower. Not sure if our OpenSSL version already has native AES-NI support. If not it would be best

svn commit: r251072 - head/usr.bin/kdump

2013-05-28 Thread Pawel Jakub Dawidek
Author: pjd Date: Tue May 28 21:21:46 2013 New Revision: 251072 URL: http://svnweb.freebsd.org/changeset/base/251072 Log: MFp4 @229085: Rearrange the code so we don't call ioctl(TIOCGWINSZ) if the -s option is given, as the result won't be used then. Sponsored by: The FreeBSD

svn commit: r251073 - head/usr.bin/kdump

2013-05-28 Thread Pawel Jakub Dawidek
Author: pjd Date: Tue May 28 21:25:28 2013 New Revision: 251073 URL: http://svnweb.freebsd.org/changeset/base/251073 Log: MFp4 @229086: Make use of Capsicum to protect kdump(1), as it might be used to parse data from untrusted sources: - Sandbox kdump(1) using capability mode. -

Re: svn commit: r250972 - head/usr.bin/patch

2013-05-26 Thread Pawel Jakub Dawidek
that it is really ugly and without any comment it looks like a typo. -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com pgpwwJw8W5Md7.pgp Description: PGP

svn commit: r250944 - head/sys/kern

2013-05-23 Thread Pawel Jakub Dawidek
Author: pjd Date: Thu May 23 21:07:26 2013 New Revision: 250944 URL: http://svnweb.freebsd.org/changeset/base/250944 Log: Use proper malloc type for ioctls white-list. Reported by: pho Tested by:pho Modified: head/sys/kern/sys_capability.c Modified:

svn commit: r250816 - head/sys/sys

2013-05-19 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun May 19 23:28:28 2013 New Revision: 250816 URL: http://svnweb.freebsd.org/changeset/base/250816 Log: Protect SDT_PROBE() with do { } while (0) loop. Modified: head/sys/sys/sdt.h Modified: head/sys/sys/sdt.h

svn commit: r250817 - head/sys/kern

2013-05-19 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun May 19 23:29:22 2013 New Revision: 250817 URL: http://svnweb.freebsd.org/changeset/base/250817 Log: Use SDT_PROBE1() instead of SDT_PROBE(). Modified: head/sys/kern/kern_priv.c Modified: head/sys/kern/kern_priv.c

svn commit: r250818 - head/sys/kern

2013-05-19 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun May 19 23:30:24 2013 New Revision: 250818 URL: http://svnweb.freebsd.org/changeset/base/250818 Log: Style nits. Modified: head/sys/kern/kern_priv.c Modified: head/sys/kern/kern_priv.c == ---

Re: svn commit: r250379 - in head/usr.sbin/bsnmpd/modules: . snmp_hast

2013-05-10 Thread Pawel Jakub Dawidek
. It looks both solutions work for me and I personally prefer the second one. Me too. -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com pgpibIQ2kP5s3.pgp

Re: svn commit: r250027 - head/sys/kern

2013-05-06 Thread Pawel Jakub Dawidek
) @@ -2281,6 +2281,8 @@ retry_space: } } + VOP_UNLOCK(vp, 0); + /* Add the buffer chain to the socket buffer. */ if (m != NULL) { int mlen, err; -- Pawel Jakub Dawidek http

Re: svn commit: r250027 - head/sys/kern

2013-05-06 Thread Pawel Jakub Dawidek
On Mon, May 06, 2013 at 11:05:30PM +0300, Konstantin Belousov wrote: On Mon, May 06, 2013 at 08:16:11PM +0200, Pawel Jakub Dawidek wrote: On Sun, Apr 28, 2013 at 07:12:09PM +, Konstantin Belousov wrote: Author: kib Date: Sun Apr 28 19:12:09 2013 New Revision: 250027 URL: http

svn commit: r249594 - head/tools/regression/pjdfstest

2013-04-17 Thread Pawel Jakub Dawidek
Author: pjd Date: Wed Apr 17 21:08:18 2013 New Revision: 249594 URL: http://svnweb.freebsd.org/changeset/base/249594 Log: Style cleanups. Modified: head/tools/regression/pjdfstest/pjdfstest.c Modified: head/tools/regression/pjdfstest/pjdfstest.c

svn commit: r249547 - head/cddl/contrib/opensolaris/lib/libzfs/common

2013-04-16 Thread Pawel Jakub Dawidek
Author: pjd Date: Tue Apr 16 12:31:16 2013 New Revision: 249547 URL: http://svnweb.freebsd.org/changeset/base/249547 Log: Correct error message. Reported by: Dirk Engling erdge...@erdgeist.org Modified: head/cddl/contrib/opensolaris/lib/libzfs/common/libzfs_dataset.c Modified:

Re: svn commit: r249035 - head/lib/libc/stdlib

2013-04-03 Thread Pawel Jakub Dawidek
() are unlikely to fail, [...] They are very likely to fail when the process is sandboxed. -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl

svn commit: r248610 - in head/sys: fs/tmpfs kern

2013-03-22 Thread Pawel Jakub Dawidek
Author: pjd Date: Fri Mar 22 07:40:34 2013 New Revision: 248610 URL: http://svnweb.freebsd.org/changeset/base/248610 Log: - Constify local path variable for chflagsat(). - Use correct format characters (%lx) for u_long. This fixes the build broken in r248599. Modified:

Re: svn commit: r248519 - in head/sys/cam: . ata scsi

2013-03-21 Thread Pawel Jakub Dawidek
* 1000); -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl pgpkWiNr6xlHM.pgp Description: PGP signature

Re: svn commit: r248519 - in head/sys/cam: . ata scsi

2013-03-21 Thread Pawel Jakub Dawidek
On Thu, Mar 21, 2013 at 05:30:44PM +0100, Pawel Jakub Dawidek wrote: On Tue, Mar 19, 2013 at 03:01:51PM +, Konstantin Belousov wrote: Author: kib Date: Tue Mar 19 15:01:50 2013 New Revision: 248519 URL: http://svnweb.freebsd.org/changeset/base/248519 Log: Support unmapped i/o

svn commit: r248597 - in head: bin/chflags bin/mv lib/libc/sys sys/compat/freebsd32 sys/fs/tmpfs sys/kern sys/sys tools/regression/pjdfstest

2013-03-21 Thread Pawel Jakub Dawidek
Author: pjd Date: Thu Mar 21 22:44:33 2013 New Revision: 248597 URL: http://svnweb.freebsd.org/changeset/base/248597 Log: - Make 'flags' argument to chflags(2), fchflags(2) and lchflags(2) of type u_long. Before this change it was of type int for syscalls, but prototypes in sys/stat.h

svn commit: r248598 - in head/sys: compat/freebsd32 kern sys

2013-03-21 Thread Pawel Jakub Dawidek
Author: pjd Date: Thu Mar 21 22:47:03 2013 New Revision: 248598 URL: http://svnweb.freebsd.org/changeset/base/248598 Log: Regenerate after r248597. Sponsored by: The FreeBSD Foundation Modified: head/sys/compat/freebsd32/freebsd32_systrace_args.c head/sys/kern/systrace_args.c

svn commit: r248599 - in head: contrib/openbsm/etc lib/libc/sys sys/bsm sys/compat/freebsd32 sys/kern sys/sys

2013-03-21 Thread Pawel Jakub Dawidek
Author: pjd Date: Thu Mar 21 22:59:01 2013 New Revision: 248599 URL: http://svnweb.freebsd.org/changeset/base/248599 Log: Implement chflagsat(2) system call, similar to fchmodat(2), but operates on file flags. Reviewed by: kib, jilles Sponsored by: The FreeBSD Foundation Modified:

svn commit: r248600 - in head/sys: compat/freebsd32 kern sys

2013-03-21 Thread Pawel Jakub Dawidek
Author: pjd Date: Thu Mar 21 23:02:19 2013 New Revision: 248600 URL: http://svnweb.freebsd.org/changeset/base/248600 Log: Regenerate after r248599. Sponsored by: The FreeBSD Foundation Modified: head/sys/compat/freebsd32/freebsd32_proto.h head/sys/compat/freebsd32/freebsd32_syscall.h

svn commit: r248601 - head/lib/libc/sys

2013-03-21 Thread Pawel Jakub Dawidek
Author: pjd Date: Thu Mar 21 23:05:44 2013 New Revision: 248601 URL: http://svnweb.freebsd.org/changeset/base/248601 Log: Document chflagsat(2). Obtained from:jilles Modified: head/lib/libc/sys/Makefile.inc head/lib/libc/sys/cap_rights_limit.2 head/lib/libc/sys/chflags.2

svn commit: r248603 - in head/tools/regression: pjdfstest security/cap_test

2013-03-21 Thread Pawel Jakub Dawidek
Author: pjd Date: Thu Mar 21 23:07:04 2013 New Revision: 248603 URL: http://svnweb.freebsd.org/changeset/base/248603 Log: Update regression tests after adding chflagsat(2). Sponsored by: The FreeBSD Foundation Modified: head/tools/regression/pjdfstest/Makefile

svn commit: r248475 - head/sbin/geom/class/eli

2013-03-18 Thread Pawel Jakub Dawidek
Author: pjd Date: Mon Mar 18 21:11:31 2013 New Revision: 248475 URL: http://svnweb.freebsd.org/changeset/base/248475 Log: Reduce stack usage. Modified: head/sbin/geom/class/eli/geom_eli.c Modified: head/sbin/geom/class/eli/geom_eli.c

svn commit: r248386 - head/sys/kern

2013-03-16 Thread Pawel Jakub Dawidek
Author: pjd Date: Sat Mar 16 22:36:24 2013 New Revision: 248386 URL: http://svnweb.freebsd.org/changeset/base/248386 Log: Style: Remove redundant space. Modified: head/sys/kern/vfs_syscalls.c Modified: head/sys/kern/vfs_syscalls.c

svn commit: r248387 - head/sys/kern

2013-03-16 Thread Pawel Jakub Dawidek
Author: pjd Date: Sat Mar 16 22:37:30 2013 New Revision: 248387 URL: http://svnweb.freebsd.org/changeset/base/248387 Log: Style: Whitespace fixes. Modified: head/sys/kern/vfs_syscalls.c Modified: head/sys/kern/vfs_syscalls.c

svn commit: r248391 - head/lib/libc/sys

2013-03-16 Thread Pawel Jakub Dawidek
Author: pjd Date: Sat Mar 16 22:44:14 2013 New Revision: 248391 URL: http://svnweb.freebsd.org/changeset/base/248391 Log: Add a note to the HISTORY section about lchflags(2) being introduced in FreeBSD 5.0. Modified: head/lib/libc/sys/chflags.2 Modified: head/lib/libc/sys/chflags.2

svn commit: r248394 - head/tools/regression/security/cap_test

2013-03-16 Thread Pawel Jakub Dawidek
Author: pjd Date: Sat Mar 16 23:10:40 2013 New Revision: 248394 URL: http://svnweb.freebsd.org/changeset/base/248394 Log: The mode argument for open(2)/openat(2) only makes sense if the O_CREAT flag was given. Sponsored by: The FreeBSD Foundation Modified:

svn commit: r248396 - head/tools/regression/security/cap_test

2013-03-16 Thread Pawel Jakub Dawidek
Author: pjd Date: Sat Mar 16 23:13:49 2013 New Revision: 248396 URL: http://svnweb.freebsd.org/changeset/base/248396 Log: Update the tests now that absence of the O_APPEND flag requires CAP_SEEK capability. Add some more tests. Sponsored by: The FreeBSD Foundation Modified:

svn commit: r248397 - head/sys/kern

2013-03-16 Thread Pawel Jakub Dawidek
Author: pjd Date: Sat Mar 16 23:19:13 2013 New Revision: 248397 URL: http://svnweb.freebsd.org/changeset/base/248397 Log: Require CAP_SEEK if both O_APPEND and O_TRUNC flags are absent. In other words we don't require CAP_SEEK if either O_APPEND or O_TRUNC flag is given, because O_APPEND

svn commit: r248359 - head/sys/kern

2013-03-15 Thread Pawel Jakub Dawidek
Author: pjd Date: Fri Mar 15 23:00:13 2013 New Revision: 248359 URL: http://svnweb.freebsd.org/changeset/base/248359 Log: Sort syscalls properly. Modified: head/sys/kern/capabilities.conf Modified: head/sys/kern/capabilities.conf

svn commit: r248281 - head/lib/libutil

2013-03-14 Thread Pawel Jakub Dawidek
Author: pjd Date: Thu Mar 14 20:22:52 2013 New Revision: 248281 URL: http://svnweb.freebsd.org/changeset/base/248281 Log: When pidptr was passed as NULL to pidfile_open(3), we were returning EAGAIN/EWOULDBLOCK when another daemon was running and had the pidfile open. We should return EEXIST

svn commit: r248286 - head/sbin/hastctl

2013-03-14 Thread Pawel Jakub Dawidek
Author: pjd Date: Thu Mar 14 21:21:14 2013 New Revision: 248286 URL: http://svnweb.freebsd.org/changeset/base/248286 Log: Removed redundant includes. Modified: head/sbin/hastctl/hastctl.c Modified: head/sbin/hastctl/hastctl.c

svn commit: r248294 - head/sbin/hastd

2013-03-14 Thread Pawel Jakub Dawidek
Author: pjd Date: Thu Mar 14 23:03:48 2013 New Revision: 248294 URL: http://svnweb.freebsd.org/changeset/base/248294 Log: Delete requests can be larger than MAXPHYS. Modified: head/sbin/hastd/secondary.c Modified: head/sbin/hastd/secondary.c

svn commit: r248295 - head/sys/geom/gate

2013-03-14 Thread Pawel Jakub Dawidek
Author: pjd Date: Thu Mar 14 23:07:01 2013 New Revision: 248295 URL: http://svnweb.freebsd.org/changeset/base/248295 Log: We don't need buffer to handle BIO_DELETE, so don't check buffer size for it. This fixes handling BIO_DELETE larger than MAXPHYS. Modified: head/sys/geom/gate/g_gate.c

svn commit: r248296 - head/sbin/hastd

2013-03-14 Thread Pawel Jakub Dawidek
Author: pjd Date: Thu Mar 14 23:11:52 2013 New Revision: 248296 URL: http://svnweb.freebsd.org/changeset/base/248296 Log: Minor corrections. Modified: head/sbin/hastd/hastd.8 Modified: head/sbin/hastd/hastd.8 == ---

svn commit: r248297 - head/sbin/hastd

2013-03-14 Thread Pawel Jakub Dawidek
Author: pjd Date: Thu Mar 14 23:14:47 2013 New Revision: 248297 URL: http://svnweb.freebsd.org/changeset/base/248297 Log: Now that ioctl(2) is allowed in capability mode and we can limit ioctls for the given descriptors, use Capsicum sandboxing for hastd in primary and secondary modes.

svn commit: r248304 - head/tools/regression/pjdfstest/tests

2013-03-14 Thread Pawel Jakub Dawidek
Author: pjd Date: Fri Mar 15 00:10:38 2013 New Revision: 248304 URL: http://svnweb.freebsd.org/changeset/base/248304 Log: Make file name generation to work with both new and old versions of OpenSSL. Sponsored by: The FreeBSD Foundation Modified:

Re: svn commit: r247814 - in head: . sys/amd64/conf sys/cam/ctl sys/conf sys/i386/conf

2013-03-13 Thread Pawel Jakub Dawidek
On Wed, Mar 13, 2013 at 11:08:26AM -0400, John Baldwin wrote: On Tuesday, March 12, 2013 5:09:21 pm Pawel Jakub Dawidek wrote: On Mon, Mar 04, 2013 at 09:18:45PM +, Kenneth D. Merry wrote: Author: ken Date: Mon Mar 4 21:18:45 2013 New Revision: 247814 URL: http

Re: svn commit: r247814 - in head: . sys/amd64/conf sys/cam/ctl sys/conf sys/i386/conf

2013-03-13 Thread Pawel Jakub Dawidek
On Wed, Mar 13, 2013 at 03:23:13PM -0600, Kenneth D. Merry wrote: On Wed, Mar 13, 2013 at 22:09:51 +0100, Pawel Jakub Dawidek wrote: On Wed, Mar 13, 2013 at 11:08:26AM -0400, John Baldwin wrote: On Tuesday, March 12, 2013 5:09:21 pm Pawel Jakub Dawidek wrote: On Mon, Mar 04, 2013 at 09

Re: svn commit: r247814 - in head: . sys/amd64/conf sys/cam/ctl sys/conf sys/i386/conf

2013-03-12 Thread Pawel Jakub Dawidek
sysctl/tunable names and the consensus was, AFAIR, to use positive(?) names as they are more obvious. -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http

svn commit: r248176 - head/sys/kern

2013-03-11 Thread Pawel Jakub Dawidek
Author: pjd Date: Mon Mar 11 22:59:07 2013 New Revision: 248176 URL: http://svnweb.freebsd.org/changeset/base/248176 Log: Fix memory leak when one process send descriptor over UNIX domain socket, but the other process exited before receiving it. Modified: head/sys/kern/uipc_usrreq.c

svn commit: r247736 - in head/sys: kern sys

2013-03-03 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun Mar 3 23:23:35 2013 New Revision: 247736 URL: http://svnweb.freebsd.org/changeset/base/247736 Log: Plug memory leaks in file descriptors passing. Modified: head/sys/kern/kern_descrip.c head/sys/kern/uipc_usrreq.c head/sys/sys/filedesc.h Modified:

svn commit: r247737 - head/sys/kern

2013-03-03 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun Mar 3 23:25:45 2013 New Revision: 247737 URL: http://svnweb.freebsd.org/changeset/base/247737 Log: Use dedicated malloc type for filecaps-related data, so we can detect any memory leaks easier. Modified: head/sys/kern/kern_descrip.c Modified:

svn commit: r247740 - head/sys/kern

2013-03-03 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun Mar 3 23:39:30 2013 New Revision: 247740 URL: http://svnweb.freebsd.org/changeset/base/247740 Log: For some reason when I started to pass filedescent structures instead of pointers to the file structure receiving descriptors stopped to work when also at least few

svn commit: r247617 - head/sys/kern

2013-03-02 Thread Pawel Jakub Dawidek
Author: pjd Date: Sat Mar 2 09:58:47 2013 New Revision: 247617 URL: http://svnweb.freebsd.org/changeset/base/247617 Log: If the target file already exists, check for the CAP_UNLINKAT capabiity right on the target directory descriptor, but only if this is renameat(2) and real target

svn commit: r247667 - in head: contrib/openbsm/etc lib/libc/sys sys/bsm sys/compat/freebsd32 sys/kern sys/security/audit sys/sys usr.bin/procstat

2013-03-02 Thread Pawel Jakub Dawidek
was written by Pawel Jakub Dawidek under sponsorship from +.\ the FreeBSD Foundation. +.\ +.\ Redistribution and use in source and binary forms, with or without +.\ modification, are permitted provided that the following conditions +.\ are met: +.\ 1. Redistributions of source code must retain the above

svn commit: r247668 - in head/sys: compat/freebsd32 kern sys

2013-03-02 Thread Pawel Jakub Dawidek
Author: pjd Date: Sat Mar 2 21:12:54 2013 New Revision: 247668 URL: http://svnweb.freebsd.org/changeset/base/247668 Log: Regen after r247667. Modified: head/sys/compat/freebsd32/freebsd32_proto.h head/sys/compat/freebsd32/freebsd32_syscall.h

svn commit: r247669 - head/tools/regression/pjdfstest

2013-03-02 Thread Pawel Jakub Dawidek
Author: pjd Date: Sat Mar 2 21:16:40 2013 New Revision: 247669 URL: http://svnweb.freebsd.org/changeset/base/247669 Log: Add support for bindat(2) and connectat(2). Sponsored by: The FreeBSD Foundation Modified: head/tools/regression/pjdfstest/Makefile

svn commit: r247676 - head/tools/regression/capsicum/syscalls

2013-03-02 Thread Pawel Jakub Dawidek
Author: pjd Date: Sat Mar 2 23:40:42 2013 New Revision: 247676 URL: http://svnweb.freebsd.org/changeset/base/247676 Log: If all ioctls are allowed, cap_ioctls_get(2) will return CAP_IOCTLS_ALL. Update regression tests. Modified: head/tools/regression/capsicum/syscalls/cap_ioctls_limit.c

svn commit: r247584 - head/sys/kern

2013-03-01 Thread Pawel Jakub Dawidek
Author: pjd Date: Fri Mar 1 21:57:02 2013 New Revision: 247584 URL: http://svnweb.freebsd.org/changeset/base/247584 Log: Reduce lock scope a little. Modified: head/sys/kern/vfs_syscalls.c Modified: head/sys/kern/vfs_syscalls.c

svn commit: r247586 - head/sys/kern

2013-03-01 Thread Pawel Jakub Dawidek
Author: pjd Date: Fri Mar 1 21:58:56 2013 New Revision: 247586 URL: http://svnweb.freebsd.org/changeset/base/247586 Log: Remove unnecessary variables. Modified: head/sys/kern/vfs_vnops.c Modified: head/sys/kern/vfs_vnops.c

svn commit: r247598 - in head/lib/libc: gen sys

2013-03-01 Thread Pawel Jakub Dawidek
added) +++ head/lib/libc/gen/cap_sandboxed.3 Sat Mar 2 00:11:27 2013 (r247598) @@ -0,0 +1,70 @@ +.\ Copyright (c) 2012 The FreeBSD Foundation +.\ All rights reserved. +.\ +.\ This documentation was written by Pawel Jakub Dawidek under sponsorship +.\ from the FreeBSD Foundation

svn commit: r247602 - in head: contrib/openbsm/etc lib/libc/include lib/libc/sys lib/libprocstat sys/bsm sys/cddl/compat/opensolaris/sys sys/cddl/contrib/opensolaris/uts/common/fs/zfs sys/compat/fr...

2013-03-01 Thread Pawel Jakub Dawidek
file is newly added) +++ head/lib/libc/sys/cap_fcntls_limit.2Sat Mar 2 00:53:12 2013 (r247602) @@ -0,0 +1,127 @@ +.\ +.\ Copyright (c) 2012 The FreeBSD Foundation +.\ All rights reserved. +.\ +.\ This documentation was written by Pawel Jakub Dawidek under sponsorship +.\ the FreeBSD

svn commit: r247604 - in head/sys: compat/freebsd32 kern sys

2013-03-01 Thread Pawel Jakub Dawidek
Author: pjd Date: Sat Mar 2 00:55:09 2013 New Revision: 247604 URL: http://svnweb.freebsd.org/changeset/base/247604 Log: Regen after r247602. Modified: head/sys/compat/freebsd32/freebsd32_proto.h head/sys/compat/freebsd32/freebsd32_syscall.h

svn commit: r247605 - head/tools/regression/security/cap_test

2013-03-01 Thread Pawel Jakub Dawidek
. * + * Portions of this software were developed by Pawel Jakub Dawidek under + * sponsorship from the FreeBSD Foundation. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -43,6 +47,7 @@ __FBSDID

svn commit: r247606 - in head/tools/regression/capsicum: . syscalls

2013-03-01 Thread Pawel Jakub Dawidek
The FreeBSD Foundation + * All rights reserved. + * + * This software was developed by Pawel Jakub Dawidek under sponsorship from + * the FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions

svn commit: r247442 - head/contrib/openbsm/bin/auditdistd

2013-02-27 Thread Pawel Jakub Dawidek
Author: pjd Date: Thu Feb 28 01:24:24 2013 New Revision: 247442 URL: http://svnweb.freebsd.org/changeset/base/247442 Log: When we are waiting for new trail files we may have been disconnected and reconnected in the meantime. Check if reset is set before opening next trail file, as not doing

svn commit: r247283 - head/sys/kern

2013-02-25 Thread Pawel Jakub Dawidek
Author: pjd Date: Mon Feb 25 20:50:08 2013 New Revision: 247283 URL: http://svnweb.freebsd.org/changeset/base/247283 Log: After r237012, the fdgrowtable() doesn't drop the filedesc lock anymore, so update a stale comment. Reviewed by: kib, keramida Modified:

svn commit: r247284 - head/sys/kern

2013-02-25 Thread Pawel Jakub Dawidek
Author: pjd Date: Mon Feb 25 20:51:29 2013 New Revision: 247284 URL: http://svnweb.freebsd.org/changeset/base/247284 Log: Style. Suggested by: kib Modified: head/sys/kern/kern_descrip.c Modified: head/sys/kern/kern_descrip.c

svn commit: r247164 - head/usr.sbin/extattr

2013-02-22 Thread Pawel Jakub Dawidek
Author: pjd Date: Fri Feb 22 20:49:50 2013 New Revision: 247164 URL: http://svnweb.freebsd.org/changeset/base/247164 Log: Don't print an empty line for files with no attributes when -q is given for lsextattr(8). Modified: head/usr.sbin/extattr/rmextattr.c Modified:

svn commit: r247061 - in head/sys: crypto/aesni opencrypto

2013-02-20 Thread Pawel Jakub Dawidek
Pawel Jakub Dawidek pa...@dawidek.net * All rights reserved. Modified: head/sys/opencrypto/xform.c == --- head/sys/opencrypto/xform.c Wed Feb 20 22:51:42 2013(r247060) +++ head/sys/opencrypto/xform.c Wed Feb 20 22:59

svn commit: r246954 - head/sys/sys

2013-02-18 Thread Pawel Jakub Dawidek
Author: pjd Date: Mon Feb 18 23:58:05 2013 New Revision: 246954 URL: http://svnweb.freebsd.org/changeset/base/246954 Log: More white-space cleanups. Reported by: zont (the first one) Modified: head/sys/sys/protosw.h Modified: head/sys/sys/protosw.h

svn commit: r246902 - head/sys/sys

2013-02-17 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun Feb 17 11:36:13 2013 New Revision: 246902 URL: http://svnweb.freebsd.org/changeset/base/246902 Log: Remove trailing spaces. Modified: head/sys/sys/protosw.h Modified: head/sys/sys/protosw.h ==

svn commit: r246903 - head/sys/sys

2013-02-17 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun Feb 17 11:36:41 2013 New Revision: 246903 URL: http://svnweb.freebsd.org/changeset/base/246903 Log: Remove redundant space. Modified: head/sys/sys/namei.h Modified: head/sys/sys/namei.h == ---

svn commit: r246904 - head/sys/kern

2013-02-17 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun Feb 17 11:47:01 2013 New Revision: 246904 URL: http://svnweb.freebsd.org/changeset/base/246904 Log: Remove redundant parenthesis. Modified: head/sys/kern/kern_fork.c Modified: head/sys/kern/kern_fork.c

svn commit: r246905 - head/sys/kern

2013-02-17 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun Feb 17 11:47:30 2013 New Revision: 246905 URL: http://svnweb.freebsd.org/changeset/base/246905 Log: Don't treat pointers as booleans. Modified: head/sys/kern/kern_descrip.c Modified: head/sys/kern/kern_descrip.c

svn commit: r246906 - head/sys/kern

2013-02-17 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun Feb 17 11:47:58 2013 New Revision: 246906 URL: http://svnweb.freebsd.org/changeset/base/246906 Log: Add break to the default case. Modified: head/sys/kern/kern_sig.c Modified: head/sys/kern/kern_sig.c

svn commit: r246907 - head/sys/kern

2013-02-17 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun Feb 17 11:48:16 2013 New Revision: 246907 URL: http://svnweb.freebsd.org/changeset/base/246907 Log: Remove redundant space. Modified: head/sys/kern/sys_pipe.c Modified: head/sys/kern/sys_pipe.c

svn commit: r246908 - head/sys/kern

2013-02-17 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun Feb 17 11:49:21 2013 New Revision: 246908 URL: http://svnweb.freebsd.org/changeset/base/246908 Log: Remove redundant parenthesis. Modified: head/sys/kern/sys_capability.c Modified: head/sys/kern/sys_capability.c

svn commit: r246909 - head/sys/kern

2013-02-17 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun Feb 17 11:53:51 2013 New Revision: 246909 URL: http://svnweb.freebsd.org/changeset/base/246909 Log: - Require CAP_FSYNC capability right when opening a file with O_SYNC or O_FSYNC flags. - While here simplify check for locking flags. Sponsored by: The FreeBSD

svn commit: r246910 - head/sys/kern

2013-02-17 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun Feb 17 11:56:36 2013 New Revision: 246910 URL: http://svnweb.freebsd.org/changeset/base/246910 Log: Style. Modified: head/sys/kern/vfs_syscalls.c Modified: head/sys/kern/vfs_syscalls.c == ---

svn commit: r246911 - head/sys/security/audit

2013-02-17 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun Feb 17 11:57:47 2013 New Revision: 246911 URL: http://svnweb.freebsd.org/changeset/base/246911 Log: Remove redundant check. Modified: head/sys/security/audit/audit_bsm.c Modified: head/sys/security/audit/audit_bsm.c

svn commit: r246912 - head/sys/sys

2013-02-17 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun Feb 17 11:58:30 2013 New Revision: 246912 URL: http://svnweb.freebsd.org/changeset/base/246912 Log: Remove space before tab. Modified: head/sys/sys/filedesc.h Modified: head/sys/sys/filedesc.h

svn commit: r246922 - head/sbin/hastd

2013-02-17 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun Feb 17 21:12:34 2013 New Revision: 246922 URL: http://svnweb.freebsd.org/changeset/base/246922 Log: - Add support for 'memsync' mode. This is the fastest replication mode that's why it will now be the default. - Bump protocol version to 2 and add backward

svn commit: r246923 - head/sys/kern

2013-02-17 Thread Pawel Jakub Dawidek
Author: pjd Date: Sun Feb 17 21:37:32 2013 New Revision: 246923 URL: http://svnweb.freebsd.org/changeset/base/246923 Log: Update the comment: we do show the backtrace of misbehaving thread. Modified: head/sys/kern/subr_turnstile.c Modified: head/sys/kern/subr_turnstile.c

svn commit: r246925 - head/contrib/openbsm/bin/auditdistd

2013-02-17 Thread Pawel Jakub Dawidek
Author: pjd Date: Mon Feb 18 00:38:40 2013 New Revision: 246925 URL: http://svnweb.freebsd.org/changeset/base/246925 Log: Allow [] in remote address, which fixes IPv6 support. Reported by: simon Modified: head/contrib/openbsm/bin/auditdistd/token.l Modified:

svn commit: r246884 - in head/lib/libc: gen sys

2013-02-16 Thread Pawel Jakub Dawidek
Author: pjd Date: Sat Feb 16 22:21:46 2013 New Revision: 246884 URL: http://svnweb.freebsd.org/changeset/base/246884 Log: Put one file per line so it is easier to read diffs against those files. Modified: head/lib/libc/gen/Makefile.inc head/lib/libc/sys/Makefile.inc Modified:

<    1   2   3   4   5   6   7   8   9   10   >