| Age | Commit message (Collapse) | Author |
|---|
|
getlogin_r() API; keep existing syscall as getlogin59 for temporary compat.
ok kettenis@ deraadt@
|
|
are passed uninitialized to free(9) only when pointers are NULL.
found by jsg@
ok deraadt@
|
|
system call. discussed with semarie and everyone else during
the 5.9 lock.
|
|
as osendsyslog for a while. The three argument variant is the only
one that will stay.
input kettenis@; OK deraadt@
|
|
set and get parameters. This is much simpler.
ok semarie, armani, tweaks from jmc
|
|
prepend chroot value *after* canonization and not before.
|
|
order ("a += b > c" is the same as "a += (b > c)" which is wrong here)
ok jca@
|
|
considered.
ok deraadt@
|
|
|
|
|
|
it factorizes path resolution in resolvpath() function, and use it in
sys_pledge() and pledge_namei().
please note that wl_paths is still disabled.
|
|
- rewrite canonpath() to not require extra byte before shrinking
- make canonpath() error not fatal for the caller (proposition from tedu@)
ok millert@ tedu@ deraadt@
|
|
don't want to change the current value"
it changes only the `request' argument behaviour when NULL is passed:
previously it was traited as "" was passed.
with help from jmc@ for man-page
OK tb@ on previous version
|
|
not a tty. Fixes a pledge failure in telnet when piping the output.
OK deraadt@
|
|
usb devices) and return ENOTTY rather than terminating the
caller program. Found by Michael Reed <m.reed at mykolab.com>
ok semarie, deraadt
|
|
|
|
The current code has already setted it by default since 1.74
any pledge failure tries to make a coredump (default rules for coredump still
applies: so setuid binaries don't create them locally).
ok deraadt@
|
|
This will allow to pledge vmd(8)'s vmm and vm processes, so that VMs
themselves run "sandboxed", including their host-side virtio layer.
It will remain disabled for now (in userland) to not get into the way
of ongoing development and upcoming changes in vmd and the ioctl
interface.
OK mlarkin@ deraadt@ "kernel side in, but not the callers in userland"
|
|
ok deraadt
|
|
|
|
basically only the ioctls that Linux allows on the so-called "render nodes".
For now, it also allows DRM_IOCTL_GET_MAGIC and DRM_IOCTL_GEM_OPEN, as we
don't implement prime/dma-buf yet in OpenBSD. That still leaves a big gaping
hole, so they will be removed as soon as we can.
Based on a diff by robert@, who did all the heavy lifting by studying the
behaviour of the chromium GPU process, with some further suggestions by
deraadt@.
ok jsg@, deraadt@, robert@
|
|
|
|
timo.myyra () wickedbsd ! net, thanks!
While there, remove extraneous "pty.h".
ok deraadt@
|
|
GENERIC kernels which lack audio drivers.
|
|
|
|
to use raw audio devices.
ok deraadt, semarie
|
|
extensions). This change is exposed in ktrace.out files
ok semarie
|
|
"route", which krw and mestre will be able to use in dhclient(8).
|
|
conversation with jsg
|
|
it makes PLEDGE_YPACTIVE enough for doing required networking with YP. It
should permit to bring YP internals into the light.
discuted with deraadt@
|
|
This will be required to keep pax/tar/cpio at otherwise very high levels
of pledge (and we will see where else it is beneficial).
Allocate a bit for pledge "audio", which will be coming soon.
good discussions with semarie
|
|
ps_pledge to become 64-bits over the next few days (things are getting
a bit tight; most newer pledges will be quite device-driver specific)
|
|
native language support was deleted a month ago at u2k15.
OK semarie@ deraadt@
|
|
ok deaadt@
|
|
the device node (since it does not exist...)
|
|
relayd and other programs manipulating the packet filter.
ok deraadt@
|
|
then relayd's host check engine can be pledged.
ok reyk@, approach suggested by deraadt@ weeks ago.
|
|
Committing on behalf of tb@, problem reported by Rolf Sommerhalder on misc@.
|
|
|
|
LOG_CONS. If syslogd is not accepting messages, direct them to the console.
This allows us to remove the direct /dev/console opening code from the
bowels of libc. Of course, that forgotten code was exposed by pledge.
ok kettenis millert beck
|
|
getpass(3), so don't specifically allow it for "rpath" (rpath will
accept it in the end, unless it is on the whitelist)
|
|
|
|
also, to satisfy midlayers that some fs/install tools need.
|
|
discovered by rpe
|
|
to mmap, but thinking about it nothing feels risky
Long discussions with florian
|
|
few disklabel ioctls, and the DIOCMAP ioctl against /dev/diskmap used
to translate duid numbers into partitions.
This will allow pledging of at least 12 disk/filesystem aware
programs; due to the negative impact that diff will wait a bit so
everyone has a chance to update their kernels.
ok semarie
|
|
check. You cannot open a socket in a domain unless permitted -- but
you need to be able to accept one if the code flow asks for that to
happen. The most recent check is too tight. We may need to iterate the
policy here until we hit the right vibe...
|
|
ok deraadt@
|
|
ports using base gcc with PCH include: boost, keepassx, wxWidgets, jdk
|
|
and kern.posix1version. Enough to satisfy getconf, and I hope we
don't need to add much more after this.
Largely from jca
|
