Age | Commit message (Collapse) | Author |
|
|
|
unveil for each unveil in the process at unveil() time, and refactoring the
handling of current directory and ISDOTDOT to be much more sensible.
Worked out at ns2k18 with guenther@.
ok deraadt@
|
|
|
|
|
|
Handle both. From semarie@, tweaked by espie@
ok phessler@ espie@
|
|
|
|
|
|
ok robert@
|
|
of rediscovering them (possibly badly).
OK stsp@
|
|
based on the state of the joinlist
OK stsp@
|
|
OK stsp@
|
|
ok deraadt@ visa@ (as part of a larger diff)
|
|
While here, improve existing lockf debug routines and sprinkle some more logging
related to list manipulation.
ok deraadt@ visa@ (as part of a larger diff)
|
|
runs. This is a second attempt in which the lockf structure is turned into a
doubly linked list which makes it easier to ensure correctness during list
insertion and deletion.
ok deraadt@ visa@
|
|
|
|
we already do on arm64. Prevents using the framebuffer on the cubox-i as
regular memory for example.
|
|
method to let the ACPI implementation know what features we support.
|
|
otherwise if omitted we need to unveil(2) both _PATH_UNIX and _PATH_KSYMS with
same permissions.
Unconditionally we need to also unveil(2) dbdir, which by default is
_PATH_VARDB but can be changed via args (-o directory), with read/write/create
permissions. There are a couple of temp files that will be created but it's
inside dbdir so there's no need to unveil(2) them individually.
Since we already call pledge(2) before, twice, we need to add "unveil" promise
to both of them, and finally call pledge(2) once again with the needed promises
except "unveil".
OK millert@
|
|
with pledge(2), but since we know exactly what it is then we can go further and
also unveil(2) it with read permissions.
OK millert@ deraadt@
|
|
OK deraadt@
|
|
OK deraadt@
|
|
|
|
LOADADDR(.text) is only available after the description of the text
section. Instead simply use ENTRY(start) like we do on amd64. The
bootloader strips the high bits from the entry point address already,
so using the virtual address as the entry point address works.
with/ok kettenis@
|
|
by making all handlers consistent.
ok bluhm@, visa@
|
|
|
|
netbsd, with help from martijn@ and millert@.
|
|
ok kettenis@
|
|
The disk path wasn't updated so vmd tried to open the derived disk
image for each base over and over again.
OK ori@ mlarkin@
|
|
OK phessler@
|
|
handy if you type the path wrong or don't have permission...
ok deraadt@
|
|
rib_valid() check. The list of ribs can have holes.
OK benno@
|
|
and re-exec's itself. That locks the pledge 'exec' nicely.
|
|
|
|
From Andrew Daugherity
|
|
|
|
|
|
at start of doc
|
|
implement. Knock out the I915_PARAM_MMAP_VERSION parameter that advertises
this flag until we actually implement it.
Fixes GPU hangs on GM45 chipset graphics.
ok deraadt@
|
|
marking them const will keep a source change from silently moving them
back to .data
ok deraadt@ kettenis@
|
|
sizeof calculation that did not respect possible padding bytes.
OK sthen@ denis@
|
|
If a connection that is being accepted gets aborted early, or if the
user-supplied buffer is invalid, doaccept() leaks a socket. This is
a regression caused by r1.153 of uipc_syscalls.c.
Correct the issue by associating the socket with the file early enough.
In case soaccept() or copyaddrout() fails, the socket will be freed
as a result of the file closing. This logic was used by the pre-r1.153
code.
closef() may block, so it is hoisted outside the fdp lock.
OK bluhm@ mpi@
|
|
options for the terminal default colour, bypassing any inheritance from
other options. Prompted by a discussion with abieber@.
|
|
|
|
enhance PORTS_PRIVSEP documentation
ok espie@
|
|
greywatcher()) we know that the only files that it will ever access are
PATH_SPAMD_DB in rw mode, alloweddomains_file in r and that it will need to
execute PATH_PFCTL so we can unveil(2) them with those permissions.
OK deraadt@ millert@ beck@
|
|
PATH_SPAMD_DB, so unveil(2) it with O_RDWR permissions.
OK millert@ beck@
|
|
permissions:
_PATH_MASTERPASSWD_LOCK - write/create permissions
_PATH_MASTERPASSWD - read permission
_PATH_BSHELL - execute permission (required since we might need to spawn an
external passwordcheck program if defined in /etc/login.conf)
_PATH_PWD_MKDB - execute permission
OK millert@ deraadt@
|
|
for HTML output. Somewhat relevant because pod2man(1) relies on this.
Missing feature reported by Pali dot Rohar at gmail dot com.
Note that constant width font was already correctly selected before
this when required by semantic markup. Only attempting physical
markup with the low-level escape sequence was ineffective.
|
|
the timeout gets configured instead of gre_up().
this avoids complex gre_ioctl() ordering rules and
enables the sc_ka_hold timeout before the first packet
is received.
from markus@
|
|
is referenced from code being linked.
ok deraadt@, naddy@, guenther@
|