diff options
Diffstat (limited to 'lib/libc/sys')
60 files changed, 1825 insertions, 218 deletions
diff --git a/lib/libc/sys/Makefile.inc b/lib/libc/sys/Makefile.inc index 09d4016..61d1713 100644 --- a/lib/libc/sys/Makefile.inc +++ b/lib/libc/sys/Makefile.inc @@ -18,7 +18,10 @@ # Sources common to both syscall interfaces: SRCS+= stack_protector.c stack_protector_compat.c __error.c .if !defined(WITHOUT_SYSCALL_COMPAT) -SRCS+= fcntl.c ftruncate.c lseek.c mmap.c pread.c pwrite.c truncate.c +SYSCALL_COMPAT_SRCS= fcntl.c ftruncate.c lseek.c mmap.c pread.c \ + pwrite.c truncate.c +SRCS+= ${SYSCALL_COMPAT_SRCS} +NOASM+= ${SYSCALL_COMPAT_SRCS:S/.c/.o/} PSEUDO+= _fcntl.o .endif SRCS+= sigwait.c @@ -53,26 +56,35 @@ SYM_MAPS+= ${.CURDIR}/sys/Symbol.map # Generated files CLEANFILES+= ${SASM} ${SPSEUDO} +.if ${MACHINE_CPUARCH} == "amd64" || ${MACHINE_CPUARCH} == "i386" || \ + ${MACHINE_CPUARCH} == "powerpc" +NOTE_GNU_STACK='\t.section .note.GNU-stack,"",%%progbits\n' +.else +NOTE_GNU_STACK='' +.endif + ${SASM}: printf '#include "compat.h"\n' > ${.TARGET} printf '#include "SYS.h"\nRSYSCALL(${.PREFIX})\n' >> ${.TARGET} + printf ${NOTE_GNU_STACK} >>${.TARGET} ${SPSEUDO}: printf '#include "compat.h"\n' > ${.TARGET} printf '#include "SYS.h"\nPSEUDO(${.PREFIX:S/_//})\n' \ >> ${.TARGET} + printf ${NOTE_GNU_STACK} >>${.TARGET} MAN+= abort2.2 accept.2 access.2 acct.2 adjtime.2 \ aio_cancel.2 aio_error.2 aio_read.2 aio_return.2 \ aio_suspend.2 aio_waitcomplete.2 aio_write.2 \ - bind.2 brk.2 chdir.2 chflags.2 \ + bind.2 brk.2 cap_enter.2 cap_new.2 chdir.2 chflags.2 \ chmod.2 chown.2 chroot.2 clock_gettime.2 close.2 closefrom.2 \ connect.2 cpuset.2 cpuset_getaffinity.2 dup.2 execve.2 _exit.2 \ - extattr_get_file.2 fcntl.2 fhopen.2 flock.2 fork.2 fsync.2 \ + extattr_get_file.2 fcntl.2 ffclock.2 fhopen.2 flock.2 fork.2 fsync.2 \ getdirentries.2 getdtablesize.2 \ getfh.2 getfsstat.2 getgid.2 getgroups.2 getitimer.2 getlogin.2 \ - getpeername.2 getpgrp.2 getpid.2 getpriority.2 getrlimit.2 \ - getrusage.2 getsid.2 getsockname.2 \ + getloginclass.2 getpeername.2 getpgrp.2 getpid.2 getpriority.2 \ + getrlimit.2 getrusage.2 getsid.2 getsockname.2 \ getsockopt.2 gettimeofday.2 getuid.2 \ intro.2 ioctl.2 issetugid.2 jail.2 kenv.2 kill.2 \ kldfind.2 kldfirstmod.2 kldload.2 kldnext.2 kldstat.2 kldsym.2 \ @@ -84,7 +96,8 @@ MAN+= abort2.2 accept.2 access.2 acct.2 adjtime.2 \ mq_setattr.2 \ msgctl.2 msgget.2 msgrcv.2 msgsnd.2 \ msync.2 munmap.2 nanosleep.2 nfssvc.2 ntp_adjtime.2 open.2 \ - pathconf.2 pipe.2 poll.2 posix_openpt.2 profil.2 \ + pathconf.2 pdfork.2 pipe.2 poll.2 posix_fadvise.2 posix_fallocate.2 \ + posix_openpt.2 profil.2 \ pselect.2 ptrace.2 quotactl.2 \ read.2 readlink.2 reboot.2 recv.2 rename.2 revoke.2 rfork.2 rmdir.2 \ rtprio.2 @@ -106,6 +119,8 @@ MAN+= sctp_generic_recvmsg.2 sctp_generic_sendmsg.2 sctp_peeloff.2 \ MLINKS+=access.2 eaccess.2 access.2 faccessat.2 MLINKS+=brk.2 sbrk.2 +MLINKS+=cap_enter.2 cap_getmode.2 +MLINKS+=cap_new.2 cap_getrights.2 MLINKS+=chdir.2 fchdir.2 MLINKS+=chflags.2 fchflags.2 chflags.2 lchflags.2 MLINKS+=chmod.2 fchmod.2 chmod.2 fchmodat.2 chmod.2 lchmod.2 @@ -127,6 +142,8 @@ MLINKS+=extattr_get_file.2 extattr.2 \ extattr_get_file.2 extattr_set_fd.2 \ extattr_get_file.2 extattr_set_file.2 \ extattr_get_file.2 extattr_set_link.2 +MLINKS+=ffclock.2 ffclock_getcounter.2 ffclock.2 ffclock_getestimate.2 \ + ffclock.2 ffclock_setestimate.2 MLINKS+=fhopen.2 fhstat.2 fhopen.2 fhstatfs.2 MLINKS+=getdirentries.2 getdents.2 MLINKS+=getfh.2 lgetfh.2 @@ -134,6 +151,7 @@ MLINKS+=getgid.2 getegid.2 MLINKS+=getitimer.2 setitimer.2 MLINKS+=getlogin.2 getlogin_r.3 MLINKS+=getlogin.2 setlogin.2 +MLINKS+=getloginclass.2 setloginclass.2 MLINKS+=getpgrp.2 getpgid.2 MLINKS+=getpid.2 getppid.2 MLINKS+=getpriority.2 setpriority.2 @@ -147,7 +165,7 @@ MLINKS+=jail.2 jail_attach.2 \ jail.2 jail_remove.2 \ jail.2 jail_set.2 MLINKS+=kldunload.2 kldunloadf.2 -MLINKS+=kqueue.2 kevent.2 +MLINKS+=kqueue.2 kevent.2 kqueue.2 EV_SET.3 MLINKS+=link.2 linkat.2 MLINKS+=madvise.2 posix_madvise.2 MLINKS+=mkdir.2 mkdirat.2 @@ -163,10 +181,14 @@ MLINKS+=ntp_adjtime.2 ntp_gettime.2 MLINKS+=open.2 openat.2 MLINKS+=pathconf.2 fpathconf.2 MLINKS+=pathconf.2 lpathconf.2 +MLINKS+=pdfork.2 pdgetpid.2\ + pdfork.2 pdkill.2 \ + pdfork.2 pdwait4.2 MLINKS+=read.2 pread.2 read.2 preadv.2 read.2 readv.2 MLINKS+=readlink.2 readlinkat.2 MLINKS+=recv.2 recvfrom.2 recv.2 recvmsg.2 MLINKS+=rename.2 renameat.2 +MLINKS+=rtprio.2 rtprio_thread.2 .if !defined(NO_P1003_1B) MLINKS+=sched_get_priority_max.2 sched_get_priority_min.2 \ sched_get_priority_max.2 sched_rr_get_interval.2 diff --git a/lib/libc/sys/Symbol.map b/lib/libc/sys/Symbol.map index 74751f9..f1c1567 100644 --- a/lib/libc/sys/Symbol.map +++ b/lib/libc/sys/Symbol.map @@ -360,6 +360,31 @@ FBSD_1.1 { unlinkat; }; +FBSD_1.2 { + cap_enter; + cap_getmode; + cap_new; + cap_getrights; + ffclock_getcounter; + ffclock_getestimate; + ffclock_setestimate; + getloginclass; + pdfork; + pdgetpid; + pdkill; + posix_fallocate; + rctl_get_racct; + rctl_get_rules; + rctl_get_limits; + rctl_add_rule; + rctl_remove_rule; + setloginclass; +}; + +FBSD_1.3 { + posix_fadvise; +}; + FBSDprivate_1.0 { ___acl_aclcheck_fd; __sys___acl_aclcheck_fd; diff --git a/lib/libc/sys/cap_enter.2 b/lib/libc/sys/cap_enter.2 new file mode 100644 index 0000000..5454ec9 --- /dev/null +++ b/lib/libc/sys/cap_enter.2 @@ -0,0 +1,102 @@ +.\" +.\" Copyright (c) 2008-2009 Robert N. M. Watson +.\" All rights reserved. +.\" +.\" This software was developed at the University of Cambridge Computer +.\" Laboratory with support from a grant from Google, Inc. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd February 25, 2012 +.Dt CAP_ENTER 2 +.Os +.Sh NAME +.Nm cap_enter , +.Nm cap_getmode +.Nd Capability mode system calls +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/capability.h +.Ft int +.Fn cap_enter "void" +.Ft int +.Fn cap_getmode "u_int *modep" +.Sh DESCRIPTION +.Fn cap_enter +places the current process into capability mode, a mode of execution in which +processes may only issue system calls operating on file descriptors or +reading limited global system state. +Access to global name spaces, such as file system or IPC name spaces, is +prevented. +If the process is already in a capability mode sandbox, the system call is a +no-op. +Future process descendants create with +.Xr fork 2 +or +.Xr pdfork 2 +will be placed in capability mode from inception. +.Pp +When combined with capabilities created with +.Xr cap_new 2 , +.Fn cap_enter +may be used to create kernel-enforced sandboxes in which +appropriately-crafted applications or application components may be run. +.Pp +.Fn cap_getmode +returns a flag indicating whether or not the process is in a capability mode +sandbox. +.Sh CAVEAT +Creating effective process sandboxes is a tricky process that involves +identifying the least possible rights required by the process and then +passing those rights into the process in a safe manner. +See the CAVEAT +section of +.Xr cap_new 2 +for why this is particularly tricky with UNIX file descriptors as the +canonical representation of a right. +Consumers of +.Fn cap_enter +should also be aware of other inherited rights, such as access to VM +resources, memory contents, and other process properties that should be +considered. +It is advisable to use +.Xr fexecve 2 +to create a runtime environment inside the sandbox that has as few implicitly +acquired rights as possible. +.Sh RETURN VALUES +.Rv -std cap_enter cap_getmode +.Sh SEE ALSO +.Xr cap_new 2 , +.Xr fexecve 2 , +.Xr capsicum 4 +.Sh HISTORY +Support for capabilities and capabilities mode was developed as part of the +.Tn TrustedBSD +Project. +.Sh AUTHORS +These functions and the capability facility were created by +.An "Robert N. M. Watson" +at the University of Cambridge Computer Laboratory with support from a grant +from Google, Inc. diff --git a/lib/libc/sys/cap_new.2 b/lib/libc/sys/cap_new.2 new file mode 100644 index 0000000..a18fd3b --- /dev/null +++ b/lib/libc/sys/cap_new.2 @@ -0,0 +1,475 @@ +.\" +.\" Copyright (c) 2008-2010 Robert N. M. Watson +.\" All rights reserved. +.\" +.\" This software was developed at the University of Cambridge Computer +.\" Laboratory with support from a grant from Google, Inc. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd July 20, 2011 +.Dt CAP_NEW 2 +.Os +.Sh NAME +.Nm cap_new , +.Nm cap_getrights +.Nd System calls to manipulate capabilities +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/capability.h +.Ft int +.Fn cap_new "int fd" "cap_rights_t rights" +.Ft int +.Fn cap_getrights "int fd" "cap_rights_t *rightsp" +.Sh DESCRIPTION +Capabilities are special file descriptors derived from an existing file +descriptor, such as one returned by +.Xr fhopen 2 , +.Xr kqueue 2 , +.Xr mq_open 2 , +.Xr open 2 , +.Xr pipe 2 , +.Xr shm_open 2 , +.Xr socket 2 , +or +.Xr socketpair 2 , +but with a restricted set of permitted operations determined by a rights +mask set when the capability is created. +These restricted rights cannot be changed after the capability is created, +although further capabilities with yet more restricted rights may be created +from an existing capability. +In every other sense, a capability behaves in the same way as the file +descriptor it was created from. +.Pp +.Fn cap_new +creates a new capability for the existing file descriptor +.Fa fd , +and returns a file descriptor for it. +Operations on the capability will be limited to those permitted by +.Fa rights , +which is static for the lifetime of the capability. +If +.Fa fd +refers to an existing capability, then +.Fa rights +must be equal to or a subset of the rights on that capability. +As with +.Xr dup 2 +and +.Xr dup2 2 , +many properties are shared between the new capability and the existing file +descriptor, including open file flags, blocking disposition, and file offset. +Many applications will prefer to use the +.Xr cap_limitfd 3 +library call, part of +.Xr libcapsicum 3 , +as it offers a more convenient interface. +.Pp +.Fn cap_getrights +queries the rights associated with the capability referred to by file +descriptor +.Fa fd . +.Pp +These system calls, when combined with +.Xr cap_enter 2 , +may be used to construct process sandboxes with highly granular rights +assignment. +.Sh RIGHTS +The following rights may be specified in a new capability rights mask: +.Bl -tag -width CAP_EXTATTR_DELETE +.It Dv CAP_ACCEPT +Permit +.Xr accept 2 . +.It Dv CAP_ACL_CHECK +Permit checking of an ACL on a file descriptor; there is no cross-reference +for this system call. +.It Dv CAP_ACL_DELETE +Permit +.Xr acl_delete_fd_np 3 . +.It Dv CAP_ACL_GET +Permit +.Xr acl_get_fd 3 +and +.Xr acl_get_fd_np 3 . +.It Dv CAP_ACL_SET +Permit +.Xr acl_set_fd 3 +and +.Xr acl_set_fd_np 3 . +.It Dv CAP_BIND +Permit +.Xr bind 2 . +Note that sockets can also become bound implicitly as a result of +.Xr connect 2 +or +.Xr send 2 , +and that socket options set with +.Xr setsockopt 2 +may also affect binding behavior. +.It Dv CAP_CONNECT +Permit +.Xr connect 2 ; +also required for +.Xr sendto 2 +with a non-NULL destination address. +.It Dv CAP_EVENT +Permit +.Xr select 2 , +.Xr poll 2 , +and +.Xr kevent 2 +to be used in monitoring the file descriptor for events. +.It Dv CAP_FEXECVE +Permit +.Xr fexecve 2 ; +.Dv CAP_READ +will also be required. +.It Dv CAP_EXTATTR_DELETE +Permit +.Xr extattr_delete_fd 2 . +.It Dv CAP_EXTATTR_GET +Permit +.Xr extattr_get_fd 2 . +.It Dv CAP_EXTATTR_LIST +Permit +.Xr extattr_list_fd 2 . +.It Dv CAP_EXTATTR_SET +Permit +.Xr extattr_set_fd 2 . +.It Dv CAP_FCHDIR +Permit +.Xr fchdir 2 . +.It Dv CAP_FCHFLAGS +Permit +.Xr fchflags 2 . +.It Dv CAP_FCHMOD +Permit +.Xr fchmod 2 . +.It Dv CAP_FCHOWN +Permit +.Xr fchown 2 . +.It Dv CAP_FCNTL +Permit +.Xr fcntl 2 ; +be aware that this call provides indirect access to other operations, such as +.Xr flock 2 . +.It Dv CAP_FLOCK +Permit +.Xr flock 2 +and related calls. +.It Dv CAP_FPATHCONF +Permit +.Xr fpathconf 2 . +.It Dv CAP_FSCK +Permit UFS background-fsck operations on the descriptor. +.It Dv CAP_FSTAT +Permit +.Xr fstat 2 . +.It Dv CAP_FSTATFS +Permit +.Xr fstatfs 2 . +.It Dv CAP_FSYNC +Permit +.Xr aio_fsync 2 +and +.Xr fsync 2 . +.Pp +.It Dv CAP_FTRUNCATE +Permit +.Xr ftruncate 2 . +.It Dv CAP_FUTIMES +Permit +.Xr futimes 2 . +.It Dv CAP_GETPEERNAME +Permit +.Xr getpeername 2 . +.It Dv CAP_GETSOCKNAME +Permit +.Xr getsockname 2 . +.It Dv CAP_GETSOCKOPT +Permit +.Xr getsockopt 2 . +.It Dv CAP_IOCTL +Permit +.Xr ioctl 2 . +Be aware that this system call has enormous scope, including potentially +global scope for some objects. +.It Dv CAP_KEVENT +Permit +.Xr kevent 2 ; +.Dv CAP_EVENT +is also required on file descriptors that will be monitored using +.Xr kevent 2 . +.It Dv CAP_LISTEN +Permit +.Xr listen 2 ; +not much use (generally) without +.Dv CAP_BIND . +.It Dv CAP_LOOKUP +Permit the file descriptor to be used as a starting directory for calls such +as +.Xr linkat 2 , +.Xr openat 2 , +and +.Xr unlinkat 2 . +Note that these calls are not available in capability mode as they manipulate +a global name space; see +.Xr cap_enter 2 +for details. +.It Dv CAP_MAC_GET +Permit +.Xr mac_get_fd 3 . +.It Dv CAP_MAC_SET +Permit +.Xr mac_set_fd 3 . +.It Dv CAP_MMAP +Permit +.Xr mmap 2 ; +specific invocations may also require +.Dv CAP_READ +or +.Dv CAP_WRITE . +.Pp +.It Dv CAP_PDGETPID +Permit +.Xr pdgetpid 2 . +.It Dv CAP_PDKILL +Permit +.Xr pdkill 2 . +.It Dv CAP_PDWAIT +Permit +.Xr pdwait4 2 . +.It Dv CAP_PEELOFF +Permit +.Xr sctp_peeloff 2 . +.It Dv CAP_READ +Allow +.Xr aio_read 2 , +.Xr pread 2 , +.Xr read 2 , +.Xr recv 2 , +.Xr recvfrom 2 , +.Xr recvmsg 2 , +and related system calls. +.Pp +For files and other seekable objects, +.Dv CAP_SEEK +may also be required. +.It Dv CAP_REVOKE +Permit +.Xr frevoke 2 +in certain ABI compatibility modes that support this system call. +.It Dv CAP_SEEK +Permit operations that seek on the file descriptor, such as +.Xr lseek 2 , +but also required for I/O system calls that modify the file offset, such as +.Xr read 2 +and +.Xr write 2 . +.It Dv CAP_SEM_GETVALUE +Permit +.Xr sem_getvalue 3 . +.It Dv CAP_SEM_POST +Permit +.Xr sem_post 3 . +.It Dv CAP_SEM_WAIT +Permit +.Xr sem_wait 3 +and +.Xr sem_trywait 3 . +.It Dv CAP_SETSOCKOPT +Permit +.Xr setsockopt 2 ; +this controls various aspects of socket behavior and may affect binding, +connecting, and other behaviors with global scope. +.It Dv CAP_SHUTDOWN +Permit explicit +.Xr shutdown 2 ; +closing the socket will also generally shut down any connections on it. +.It Dv CAP_TTYHOOK +Allow configuration of TTY hooks, such as +.Xr snp 4 , +on the file descriptor. +.It Dv CAP_WRITE +Allow +.Xr aio_write 2 , +.Xr pwrite 2 , +.Xr send 2 , +.Xr sendmsg 2 , +.Xr sendto 2 , +.Xr write 2 , +and related system calls. +.Pp +For files and other seekable objects, +.Dv CAP_SEEK +may also be required. +.Pp +For +.Xr sendto 2 +with a non-NULL connection address, +.Dv CAP_CONNECT +is also required. +.El +.Sh CAVEAT +The +.Fn cap_new +system call and the capabilities it creates may be used to assign +fine-grained rights to sandboxed processes running in capability mode. +However, the semantics of objects accessed via file descriptors are complex, +so caution should be exercised in passing object capabilities into sandboxes. +.Sh RETURN VALUES +If successful, +.Fn cap_new +returns a non-negative integer, termed a file descriptor. +It returns -1 on failure, and sets +.Va errno +to indicate the error. +.Pp +.Rv -std cap_getrights +.Sh ERRORS +.Fn cap_new +may return the following errors: +.Bl -tag -width Er +.It Bq Er EBADF +The +.Fa fd +argument is not a valid active descriptor. +.It Bq Er EINVAL +An invalid right has been requested in +.Fa rights . +.It Bq Er EMFILE +The process has already reached its limit for open file descriptors. +.It Bq Er ENFILE +The system file table is full. +.It Bq Er EPERM +.Fa rights +contains requested rights not present in the current rights mask associated +with the capability referenced by +.Fa fd , +if any. +.El +.Pp +.Fn cap_getrights +may return the following errors: +.Bl -tag -width Er +.It Bq Er EBADF +The +.Fa fd +argument is not a valid active descriptor. +.It Bq Er EINVAL +The +.Fa fd +argument is not a capability. +.El +.Sh SEE ALSO +.Xr accept 2 , +.Xr aio_fsync 2 , +.Xr aio_read 2 , +.Xr aio_write 2 , +.Xr bind 2 , +.Xr cap_enter 2 , +.Xr connect 2 , +.Xr dup 2 , +.Xr dup2 2 , +.Xr extattr_delete_fd 2 , +.Xr extattr_get_fd 2 , +.Xr extattr_list_fd 2 , +.Xr extattr_set_fd 2 , +.Xr fchflags 2 , +.Xr fchown 2 , +.Xr fcntl 2 , +.Xr fexecve 2 , +.Xr fhopen 2 , +.Xr flock 2 , +.Xr fpathconf 2 , +.Xr fstat 2 , +.Xr fstatfs 2 , +.Xr fsync 2 , +.Xr ftruncate 2 , +.Xr futimes 2 , +.Xr getpeername 2 , +.Xr getsockname 2 , +.Xr getsockopt 2 , +.Xr ioctl 2 , +.Xr kevent 2 , +.Xr kqueue 2 , +.Xr linkat 2 , +.Xr listen 2 , +.Xr mmap 2 , +.Xr mq_open 2 , +.Xr open 2 , +.Xr openat 2 , +.Xr pdgetpid 2 , +.Xr pdkill 2 , +.Xr pdwait4 2 , +.Xr pipe 2 , +.Xr poll 2 , +.Xr pread 2 , +.Xr pwrite 2 , +.Xr read 2 , +.Xr recv 2 , +.Xr recvfrom 2 , +.Xr recvmsg 2 , +.Xr sctp_peeloff 2 , +.Xr select 2 , +.Xr send 2 , +.Xr sendmsg 2 , +.Xr sendto 2 , +.Xr setsockopt 2 , +.Xr shm_open 2 , +.Xr shutdown 2 , +.Xr socket 2 , +.Xr socketpair 2 , +.Xr unlinkat 2 , +.Xr write 2 , +.Xr acl_delete_fd_np 3 , +.Xr acl_get_fd 3 , +.Xr acl_get_fd_np 3 , +.Xr acl_set_fd_np 3 , +.Xr cap_limitfd 3 , +.Xr libcapsicum 3 , +.Xr mac_get_fd 3 , +.Xr mac_set_fd 3 , +.Xr sem_getvalue 3 , +.Xr sem_post 3 , +.Xr sem_trywait 3 , +.Xr sem_wait 3 , +.Xr capsicum 4 , +.Xr snp 4 +.Sh HISTORY +Support for capabilities and capabilities mode was developed as part of the +.Tn TrustedBSD +Project. +.Sh AUTHORS +These functions and the capability facility were created by +.An "Robert N. M. Watson" +at the University of Cambridge Computer Laboratory with support from a grant +from Google, Inc. +.Sh BUGS +This man page should list the set of permitted system calls more specifically +for each capability right. +.Pp +Capability rights sometimes have unclear indirect impacts, which should be +documented, or at least hinted at. diff --git a/lib/libc/sys/chflags.2 b/lib/libc/sys/chflags.2 index 7780427..1c2eb78 100644 --- a/lib/libc/sys/chflags.2 +++ b/lib/libc/sys/chflags.2 @@ -28,7 +28,7 @@ .\" @(#)chflags.2 8.3 (Berkeley) 5/2/95 .\" $FreeBSD$ .\" -.Dd May 16, 2006 +.Dd Apr 13, 2012 .Dt CHFLAGS 2 .Os .Sh NAME @@ -114,8 +114,7 @@ The and .Dv SF_ARCHIVED flags may only be set or unset by the super-user. -Attempts to set these flags by non-super-users are rejected, attempts by -non-superusers to clear flags that are already unset are silently ignored. +Attempts to toggle these flags by non-super-users are rejected. These flags may be set at any time, but normally may only be unset when the system is in single-user mode. (See @@ -124,7 +123,7 @@ for details.) .Pp The .Dv SF_SNAPSHOT -flag is maintained by the system and cannot be changed by any user. +flag is maintained by the system and cannot be toggled. .Sh RETURN VALUES .Rv -std .Sh ERRORS @@ -154,12 +153,12 @@ or is set and the user is either not the super-user or securelevel is greater than 0. .It Bq Er EPERM -A non-super-user tries to set one of -.Dv SF_IMMUTABLE , SF_APPEND , +A non-super-user attempted to toggle one of +.Dv SF_ARCHIVED , SF_IMMUTABLE , SF_APPEND , or .Dv SF_NOUNLINK . .It Bq Er EPERM -User tries to set or remove the +An attempt was made to toggle the .Dv SF_SNAPSHOT flag. .It Bq Er EROFS @@ -174,7 +173,9 @@ An .Tn I/O error occurred while reading from or writing to the file system. .It Bq Er EOPNOTSUPP -The underlying file system does not support file flags. +The underlying file system does not support file flags, or +does not support all of the flags set in +.Fa flags . .El .Pp The @@ -199,10 +200,14 @@ or is set and the user is either not the super-user or securelevel is greater than 0. .It Bq Er EPERM -A non-super-user tries to set one of -.Dv SF_IMMUTABLE , SF_APPEND , +A non-super-user attempted to toggle one of +.Dv SF_ARCHIVED , SF_IMMUTABLE , SF_APPEND , or .Dv SF_NOUNLINK . +.It Bq Er EPERM +An attempt was made to toggle the +.Dv SF_SNAPSHOT +flag. .It Bq Er EROFS The file resides on a read-only file system. .It Bq Er EIO @@ -210,7 +215,9 @@ An .Tn I/O error occurred while reading from or writing to the file system. .It Bq Er EOPNOTSUPP -The underlying file system does not support file flags. +The underlying file system does not support file flags, or +does not support all of the flags set in +.Fa flags . .El .Sh SEE ALSO .Xr chflags 1 , diff --git a/lib/libc/sys/chmod.2 b/lib/libc/sys/chmod.2 index 3547aec..997df88e 100644 --- a/lib/libc/sys/chmod.2 +++ b/lib/libc/sys/chmod.2 @@ -161,7 +161,7 @@ The sticky bit may be set by any user on a directory which the user owns or has appropriate permissions. For more details of the properties of the sticky bit, see -.Xr sticky 8 . +.Xr sticky 7 . .Pp If mode ISUID (set UID) is set on a directory, and the MNT_SUIDDIR option was used in the mount of the file system, @@ -289,7 +289,7 @@ nor a file descriptor associated with a directory. .Xr chown 2 , .Xr open 2 , .Xr stat 2 , -.Xr sticky 8 +.Xr sticky 7 .Sh STANDARDS The .Fn chmod diff --git a/lib/libc/sys/chroot.2 b/lib/libc/sys/chroot.2 index ecf2eb5..060d064 100644 --- a/lib/libc/sys/chroot.2 +++ b/lib/libc/sys/chroot.2 @@ -28,7 +28,7 @@ .\" @(#)chroot.2 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd June 4, 1993 +.Dd January 3, 2012 .Dt CHROOT 2 .Os .Sh NAME @@ -134,9 +134,27 @@ The .Fn chroot system call appeared in .Bx 4.2 . +It was marked as +.Dq legacy +in +.St -susv2 , +and was removed in subsequent standards. .Sh BUGS If the process is able to change its working directory to the target directory, but another access control check fails (such as a check for open directories, or a MAC check), it is possible that this system call may return an error, with the working directory of the process left changed. +.Sh SECURITY CONSIDERATIONS +The system have many hardcoded paths to files where it may load after +the process starts. +It is generally recommended to drop privileges immediately after a +successful +.Nm +call, +and restrict write access to a limited subtree of the +.Nm +root, +for instance, +setup the sandbox so that the sandboxed user will have no write +access to any well-known system directories. diff --git a/lib/libc/sys/close.2 b/lib/libc/sys/close.2 index 524322b..c3a0972 100644 --- a/lib/libc/sys/close.2 +++ b/lib/libc/sys/close.2 @@ -28,7 +28,7 @@ .\" @(#)close.2 8.2 (Berkeley) 4/19/94 .\" $FreeBSD$ .\" -.Dd December 4, 2006 +.Dd January 22, 2012 .Dt CLOSE 2 .Os .Sh NAME @@ -118,6 +118,10 @@ The underlying object did not fit, cached data was lost. The underlying object was a stream socket that was shut down by the peer before all pending data was delivered. .El +.Pp +In case of any error except +.Er EBADF , +the supplied file descriptor is deallocated and therefore is no longer valid. .Sh SEE ALSO .Xr accept 2 , .Xr closefrom 2 , diff --git a/lib/libc/sys/cpuset.2 b/lib/libc/sys/cpuset.2 index 1cdff68..652d3ae 100644 --- a/lib/libc/sys/cpuset.2 +++ b/lib/libc/sys/cpuset.2 @@ -77,7 +77,7 @@ while application developers will manipulate anonymous sets using To select the correct set a value of type .Ft cpulevel_t is used. -The following values for +The following values for .Fa level are supported: .Bl -column CPU_LEVEL_CPUSET -offset indent @@ -137,7 +137,7 @@ Children inherit this set after a call to .Xr fork 2 . .Pp .Fn cpuset_setid -attempts to set the id of the object specified by the +attempts to set the id of the object specified by the .Fa which argument. Currently @@ -149,12 +149,12 @@ Upon successful completion all of the threads in the target process will be running on CPUs permitted by the set. .Pp .Fn cpuset_getid -retrieves a set id from the object indicated by +retrieves a set id from the object indicated by .Fa which and stores it in the space pointed to by .Fa setid . The retrieved id may be that of either the root or assigned set -depending on the value of +depending on the value of .Fa level . .Fa level should be diff --git a/lib/libc/sys/cpuset_getaffinity.2 b/lib/libc/sys/cpuset_getaffinity.2 index 5c75b92..4fbbc4e 100644 --- a/lib/libc/sys/cpuset_getaffinity.2 +++ b/lib/libc/sys/cpuset_getaffinity.2 @@ -45,7 +45,7 @@ .Fn cpuset_getaffinity and .Fn cpuset_setaffinity -allow the manipulation of sets of CPUs available to processes, threads, +allow the manipulation of sets of CPUs available to processes, threads, interrupts, jails and other resources. These functions may manipulate sets of CPUs that contain many processes or per-object anonymous masks that effect only a single object. @@ -108,7 +108,6 @@ and .Fa id to the value in .Fa mask . -.Pp .Sh RETURN VALUES .Rv -std .Sh ERRORS diff --git a/lib/libc/sys/dup.2 b/lib/libc/sys/dup.2 index c87b386..d2a4b7e 100644 --- a/lib/libc/sys/dup.2 +++ b/lib/libc/sys/dup.2 @@ -28,7 +28,7 @@ .\" @(#)dup.2 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd June 4, 1993 +.Dd August 14, 2011 .Dt DUP 2 .Os .Sh NAME @@ -115,6 +115,11 @@ and is a valid descriptor, then .Fn dup2 is successful, and does nothing. +.Pp +The related +.Xr cap_new 2 +system call allows file descriptors to be duplicated with restrictions on +their use. .Sh RETURN VALUES The value -1 is returned if an error occurs in either call. The external variable @@ -123,22 +128,30 @@ indicates the cause of the error. .Sh ERRORS The .Fn dup -and -.Fn dup2 -system calls fail if: +system call fails if: .Bl -tag -width Er .It Bq Er EBADF The .Fa oldd -or -.Fa newd argument is not a valid active descriptor .It Bq Er EMFILE Too many descriptors are active. .El +The +.Fn dup2 +system call fails if: +.Bl -tag -width Er +.It Bq Er EBADF +The +.Fa oldd +argument is not a valid active descriptor or the +.Fa newd +argument is negative or exceeds the maximum allowable descriptor number +.El .Sh SEE ALSO .Xr accept 2 , +.Xr cap_new 2 , .Xr close 2 , .Xr fcntl 2 , .Xr getdtablesize 2 , diff --git a/lib/libc/sys/fcntl.2 b/lib/libc/sys/fcntl.2 index a801b60..beceb72 100644 --- a/lib/libc/sys/fcntl.2 +++ b/lib/libc/sys/fcntl.2 @@ -28,7 +28,7 @@ .\" @(#)fcntl.2 8.2 (Berkeley) 1/12/94 .\" $FreeBSD$ .\" -.Dd September 28, 2009 +.Dd January 28, 2012 .Dt FCNTL 2 .Os .Sh NAME @@ -143,6 +143,22 @@ process groups are specified by supplying as negative, otherwise .Fa arg is interpreted as a process ID. +.It Dv F_READAHEAD +Set or clear the read ahead amount for sequential access to the third +argument, +.Fa arg , +which is rounded up to the nearest block size. +A zero value in +.Fa arg +turns off read ahead. +.It Dv F_RDAHEAD +Equivalent to Darwin counterpart which sets read ahead amount of 128KB +when the third argument, +.Fa arg +is non-zero. +A zero value in +.Fa arg +turns off read ahead. .El .Pp The flags for the @@ -241,22 +257,6 @@ will be interrupted if the signal handler has not specified the .Dv SA_RESTART (see .Xr sigaction 2 ) . -.It Dv F_READAHEAD -Set or clear the read ahead amount for sequential access to the third -argument, -.Fa arg , -which is rounded up to the nearest block size. -A zero value in -.Fa arg -turns off read ahead. -.It Dv F_RDAHEAD -Equivalent to Darwin counterpart which sets read ahead amount of 128KB -when the third argument, -.Fa arg -is non-zero. -A zero value in -.Fa arg -turns off read ahead. .El .Pp When a shared lock has been set on a segment of a file, @@ -539,8 +539,6 @@ The argument .Fa cmd is .Dv F_DUPFD -or -.Dv F_DUP2FD and the maximum number of file descriptors permitted for the process are already in use, or no file descriptors greater than or equal to diff --git a/lib/libc/sys/ffclock.2 b/lib/libc/sys/ffclock.2 new file mode 100644 index 0000000..0e8f09b --- /dev/null +++ b/lib/libc/sys/ffclock.2 @@ -0,0 +1,177 @@ +.\" Copyright (c) 2011 The University of Melbourne +.\" All rights reserved. +.\" +.\" This documentation was written by Julien Ridoux at the University of +.\" Melbourne under sponsorship from the FreeBSD Foundation. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd November 21, 2011 +.Dt FFCLOCK 2 +.Os +.Sh NAME +.Nm ffclock_getcounter , +.Nm ffclock_getestimate , +.Nm ffclock_setestimate +.Nd Retrieve feed-forward counter, get and set feed-forward clock estimates. +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/timeffc.h +.Ft int +.Fn ffclock_getcounter "ffcounter *ffcount" +.Ft int +.Fn ffclock_getestimate "struct ffclock_estimate *cest" +.Ft int +.Fn ffclock_setestimate "struct ffclock_estimate *cest" +.Sh DESCRIPTION +The ffclock is an alternative method to synchronise the system clock. +The ffclock implements a feed-forward paradigm and decouples the timestamping +and timekeeping kernel functions. +This ensures that past clock errors do not affect current timekeeping, an +approach radically different from the feedback alternative implemented by the +ntpd daemon when adjusting the system clock. +The feed-forward approach has demonstrated better performance and higher +robustness than a feedback approach when synchronising over the network. +.Pp +In the feed-forward context, a +.Em timestamp +is a cumulative value of the ticks of the timecounter, which can be converted +into seconds by using the feed-forward +.Em clock estimates. +.Pp +The +.Fn ffclock_getcounter +system call allows the calling process to retrieve the current value of the +feed-forward counter maintained by the kernel. +.Pp +The +.Fn ffclock_getestimate +and +.Fn ffclock_setestimate +system calls allow the caller to get and set the kernel's feed-forward clock +parameter estimates respectively. +The +.Fn ffclock_setestimate +system call should be invoked by a single instance of a feed-forward +synchronisation daemon. +The +.Fn ffclock_getestimate +system call can be called by any process to retrieve the feed-forward clock +estimates. +.Pp +The feed-forward approach does not require that the clock estimates be retrieved +every time a timestamp is to be converted into seconds. +The number of system calls can therefore be greatly reduced if the calling +process retrieves the clock estimates from the clock synchronisation daemon +instead. +The +.Fn ffclock_getestimate +must be used when the feed-forward synchronisation daemon is not running +.Po see +.Sx USAGE +below +.Pc . +.Pp +The clock parameter estimates structure pointed to by +.Fa cest +is defined in +.In sys/timeffc.h +as: +.Bd -literal +struct ffclock_estimate { + struct bintime update_time; /* Time of last estimates update. */ + ffcounter update_ffcount; /* Counter value at last update. */ + ffcounter leapsec_next; /* Counter value of next leap second. */ + uint64_t period; /* Estimate of counter period. */ + uint32_t errb_abs; /* Bound on absolute clock error [ns]. */ + uint32_t errb_rate; /* Bound on counter rate error [ps/s]. */ + uint32_t status; /* Clock status. */ + int16_t leapsec_total; /* All leap seconds seen so far. */ + int8_t leapsec; /* Next leap second (in {-1,0,1}). */ +}; +.Ed +.Pp +Only the super-user may set the feed-forward clock estimates. +.Sh RETURN VALUES +.Rv -std +.Sh ERRORS +The following error codes may be set in +.Va errno : +.Bl -tag -width Er +.It Bq Er EFAULT +The +.Fa ffcount +or +.Fa cest +pointer referenced invalid memory. +.It Bq Er EPERM +A user other than the super-user attempted to set the feed-forward clock +parameter estimates. +.El +.Sh USAGE +The feed-forward paradigm enables the definition of specialised clock functions. +.Pp +In its simplest form, +.Fn ffclock_getcounter +can be used to establish strict order between events or to measure small time +intervals very accurately with a minimum performance cost. +.Pp +Different methods exist to access absolute time +.Po or +.Qq wall-clock time +.Pc tracked by the ffclock. +The simplest method uses the ffclock sysctl interface +.Va kern.ffclock +to make the system clock return the ffclock time. +The +.Xr clock_gettime 2 +system call can then be used to retrieve the current time seen by the +feed-forward clock. +Note that this setting affects the entire system and that a feed-forward +synchronisation daemon should be running. +.Pp +A less automated method consists of retrieving the feed-forward counter +timestamp from the kernel and using the feed-forward clock parameter estimates +to convert the timestamp into seconds. +The feed-forward clock parameter estimates can be retrieved from the kernel or +from the synchronisation daemon directly (preferred). +This method allows converting timestamps using different clock models as needed +by the application, while collecting meaningful upper bounds on current clock +error. +.Sh SEE ALSO +.Xr date 1 , +.Xr adjtime 2 , +.Xr clock_gettime 2 , +.Xr ctime 3 +.Sh HISTORY +Feed-forward clock support first appeared in +.Fx 10.0 . +.Sh AUTHORS +.An -nosplit +The feed-forward clock support was written by +.An Julien Ridoux Aq jridoux@unimelb.edu.au +in collaboration with +.An Darryl Veitch Aq dveitch@unimelb.edu.au +at the University of Melbourne under sponsorship from the FreeBSD Foundation. diff --git a/lib/libc/sys/flock.2 b/lib/libc/sys/flock.2 index 93f1f66..6106bf4 100644 --- a/lib/libc/sys/flock.2 +++ b/lib/libc/sys/flock.2 @@ -28,7 +28,7 @@ .\" @(#)flock.2 8.2 (Berkeley) 12/11/93 .\" $FreeBSD$ .\" -.Dd January 22, 2008 +.Dd November 9, 2011 .Dt FLOCK 2 .Os .Sh NAME @@ -154,6 +154,8 @@ refers to an object other than a file. The argument .Fa fd refers to an object that does not support file locking. +.It Bq Er ENOLCK +A lock was requested, but no locks are available. .El .Sh SEE ALSO .Xr close 2 , diff --git a/lib/libc/sys/getdirentries.2 b/lib/libc/sys/getdirentries.2 index e16e7f2..3fe1632 100644 --- a/lib/libc/sys/getdirentries.2 +++ b/lib/libc/sys/getdirentries.2 @@ -71,10 +71,10 @@ The data in the buffer is a series of .Vt dirent structures each containing the following entries: .Bd -literal -offset indent -u_int32_t d_fileno; -u_int16_t d_reclen; -u_int8_t d_type; -u_int8_t d_namlen; +uint32_t d_fileno; +uint16_t d_reclen; +uint8_t d_type; +uint8_t d_namlen; char d_name[MAXNAMELEN + 1]; /* see below */ .Ed .Pp diff --git a/lib/libc/sys/getfh.2 b/lib/libc/sys/getfh.2 index c8f6d9d..b44d4af 100644 --- a/lib/libc/sys/getfh.2 +++ b/lib/libc/sys/getfh.2 @@ -28,7 +28,7 @@ .\" @(#)getfh.2 8.1 (Berkeley) 6/9/93 .\" $FreeBSD$ .\" -.Dd April 6, 2004 +.Dd April 14, 2011 .Dt GETFH 2 .Os .Sh NAME @@ -104,6 +104,10 @@ An .Tn I/O error occurred while reading from or writing to the file system. .El +.Sh SEE ALSO +.Xr fhopen 2 , +.Xr open 2 , +.Xr stat 2 .Sh HISTORY The .Fn getfh diff --git a/lib/libc/sys/getgroups.2 b/lib/libc/sys/getgroups.2 index c02b229..66238a1 100644 --- a/lib/libc/sys/getgroups.2 +++ b/lib/libc/sys/getgroups.2 @@ -28,7 +28,7 @@ .\" @(#)getgroups.2 8.2 (Berkeley) 4/16/94 .\" $FreeBSD$ .\" -.Dd March 5, 1999 +.Dd January 21, 2011 .Dt GETGROUPS 2 .Os .Sh NAME @@ -37,7 +37,6 @@ .Sh LIBRARY .Lb libc .Sh SYNOPSIS -.In sys/param.h .In unistd.h .Ft int .Fn getgroups "int gidsetlen" "gid_t *gidset" @@ -66,6 +65,12 @@ is zero, returns the number of supplementary group IDs associated with the calling process without modifying the array pointed to by .Fa gidset . +.Pp +The value of +.Dv {NGROUPS_MAX} +should be obtained using +.Xr sysconf 3 +to avoid hard-coding it into the executable. .Sh RETURN VALUES A successful call returns the number of groups in the group set. A value of -1 indicates that an error occurred, and the error @@ -88,7 +93,8 @@ an invalid address. .El .Sh SEE ALSO .Xr setgroups 2 , -.Xr initgroups 3 +.Xr initgroups 3 , +.Xr sysconf 3 .Sh STANDARDS The .Fn getgroups diff --git a/lib/libc/sys/getloginclass.2 b/lib/libc/sys/getloginclass.2 new file mode 100644 index 0000000..6817330 --- /dev/null +++ b/lib/libc/sys/getloginclass.2 @@ -0,0 +1,97 @@ +.\"- +.\" Copyright (c) 2011 Edward Tomasz Napierala +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd March 6, 2011 +.Dt GETLOGINCLASS 2 +.Os +.Sh NAME +.Nm getloginclass , +.Nm setloginclass +.Nd get/set login class +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In unistd.h +.Ft int +.Fn getloginclass "char *name" "size_t len" +.Ft int +.Fn setloginclass "const char *name" +.Sh DESCRIPTION +The +.Fn getloginclass +routine returns the login class name associated with the calling process, +as previously set by +.Fn setloginclass . +The caller must provide the buffer +.Fa name +with length +.Fa len +bytes to hold the result. +The buffer should be at least +.Dv MAXLOGNAME +bytes in length. +.Pp +The +.Fn setloginclass +system call sets the login class of the calling process to +.Fa name . +This system call is restricted to the super-user, and is normally used +only when a new session is being created on behalf of the named user +(for example, at login time, or when a remote shell is invoked). +Processes inherit login class from their parents. +.Sh RETURN VALUES +.Rv -std +.Sh ERRORS +The following errors may be returned by these calls: +.Bl -tag -width Er +.It Bq Er EFAULT +The +.Fa name +argument gave an invalid address. +.It Bq Er EINVAL +The +.Fa name +argument pointed to a string that was too long. +Login class names are limited to +.Dv MAXLOGNAME +(from +.In sys/param.h ) +characters, currently 17 including null. +.It Bq Er EPERM +The caller tried to set the login class and was not the super-user. +.It Bq Er ENAMETOOLONG +The size of the buffer is smaller than the result to be returned. +.El +.Sh SEE ALSO +.Xr setusercontext 3 +.Sh HISTORY +The +.Fn getloginclass +and +.Fn setloginclass +system calls first appeared in +.Fx 9.0 . diff --git a/lib/libc/sys/getpriority.2 b/lib/libc/sys/getpriority.2 index 28d1f14..ae70f5f 100644 --- a/lib/libc/sys/getpriority.2 +++ b/lib/libc/sys/getpriority.2 @@ -129,10 +129,10 @@ or .Dv PRIO_USER . .El .Pp -.Bl -tag -width Er In addition to the errors indicated above, .Fn setpriority will fail if: +.Bl -tag -width Er .It Bq Er EPERM A process was located, but neither its effective nor real user ID matched the effective user ID of the caller. diff --git a/lib/libc/sys/getsockopt.2 b/lib/libc/sys/getsockopt.2 index d3472d0..1e0d3f91 100644 --- a/lib/libc/sys/getsockopt.2 +++ b/lib/libc/sys/getsockopt.2 @@ -28,7 +28,7 @@ .\" @(#)getsockopt.2 8.4 (Berkeley) 5/2/95 .\" $FreeBSD$ .\" -.Dd June 13, 2008 +.Dd February 26, 2012 .Dt GETSOCKOPT 2 .Os .Sh NAME @@ -172,6 +172,8 @@ for the socket .It Dv SO_BINTIME Ta "enables reception of a timestamp with datagrams" .It Dv SO_ACCEPTCONN Ta "get listening status of the socket (get only)" .It Dv SO_TYPE Ta "get the type of the socket (get only)" +.It Dv SO_PROTOCOL Ta "get the protocol number for the socket (get only)" +.It Dv SO_PROTOTYPE Ta "SunOS alias for the Linux SO_PROTOCOL (get only)" .It Dv SO_ERROR Ta "get and clear error on the socket (get only)" .It Dv SO_SETFIB Ta "set the associated FIB (routing table) for the socket (set only)" .El @@ -184,15 +186,18 @@ The following options are recognized in .It Dv SO_LISTENQLIMIT Ta "get backlog limit of the socket (get only)" .It Dv SO_LISTENQLEN Ta "get complete queue length of the socket (get only)" .It Dv SO_LISTENINCQLEN Ta "get incomplete queue length of the socket (get only)" +.It Dv SO_USER_COOKIE Ta "set the 'so_user_cookie' value for the socket (uint32_t, set only)" .El .Pp .Dv SO_DEBUG enables debugging in the underlying protocol modules. +.Pp .Dv SO_REUSEADDR indicates that the rules used in validating addresses supplied in a .Xr bind 2 system call should allow reuse of local addresses. +.Pp .Dv SO_REUSEPORT allows completely duplicate bindings by multiple processes if they all set @@ -200,6 +205,7 @@ if they all set before binding the port. This option permits multiple instances of a program to each receive UDP/IP multicast or broadcast datagrams destined for the bound port. +.Pp .Dv SO_KEEPALIVE enables the periodic transmission of messages on a connected socket. @@ -208,6 +214,7 @@ connected party fail to respond to these messages, the connection is considered broken and processes using the socket are notified via a .Dv SIGPIPE signal when attempting to send data. +.Pp .Dv SO_DONTROUTE indicates that outgoing messages should bypass the standard routing facilities. @@ -244,6 +251,7 @@ The option requests permission to send broadcast datagrams on the socket. Broadcast was a privileged operation in earlier versions of the system. +.Pp With protocols that support out-of-band data, the .Dv SO_OOBINLINE option @@ -256,6 +264,7 @@ calls without the .Dv MSG_OOB flag. Some protocols always behave as if this option is set. +.Pp .Dv SO_SNDBUF and .Dv SO_RCVBUF @@ -285,6 +294,7 @@ only if the low water mark amount could be processed. The default value for .Dv SO_SNDLOWAT is set to a convenient size for network efficiency, often 1024. +.Pp .Dv SO_RCVLOWAT is an option to set the minimum count for input operations. In general, receive calls will block until any (non-zero) amount of data @@ -317,6 +327,7 @@ In the current implementation, this timer is restarted each time additional data are delivered to the protocol, implying that the limit applies to output portions ranging in size from the low water mark to the high water mark for output. +.Pp .Dv SO_RCVTIMEO is an option to set a timeout value for input operations. It accepts a @@ -338,6 +349,15 @@ The value must be from 0 to one less than the number returned from the sysctl .Em net.fibs . .Pp +.Dv SO_USER_COOKIE +can be used to set the uint32_t so_user_cookie field in the socket. +The value is an uint32_t, and can be used in the kernel code that +manipulates traffic related to the socket. +The default value for the field is 0. +As an example, the value can be used as the skipto target or +pipe number in +.Nm ipfw/dummynet . +.Pp .Dv SO_ACCEPTFILTER places an .Xr accept_filter 9 @@ -431,7 +451,10 @@ and for .Ed .Pp .Dv SO_ACCEPTCONN , -.Dv SO_TYPE +.Dv SO_TYPE , +.Dv SO_PROTOCOL +(and its alias +.Dv SO_PROTOTYPE ) and .Dv SO_ERROR are options used only with @@ -445,6 +468,12 @@ system call was invoked on the socket. returns the type of the socket, such as .Dv SOCK_STREAM ; it is useful for servers that inherit sockets on startup. +.Dv SO_PROTOCOL +returns the protocol number for the socket, for +.Dv AF_INET +and +.Dv AF_INET6 +address families. .Dv SO_ERROR returns any pending error on the socket and clears the error status. @@ -515,7 +544,9 @@ on a non-listening socket was attempted. .Sh HISTORY The .Fn getsockopt -system call appeared in +and +.Fn setsockopt +system calls appeared in .Bx 4.2 . .Sh BUGS Several of the socket options should be handled at lower levels of the system. diff --git a/lib/libc/sys/intro.2 b/lib/libc/sys/intro.2 index e5ff9df..1a22ea2 100644 --- a/lib/libc/sys/intro.2 +++ b/lib/libc/sys/intro.2 @@ -467,6 +467,8 @@ A device or socket encountered an unrecoverable protocol error. .It Er 93 ENOTCAPABLE Em "Capabilities insufficient" . An operation on a capability file descriptor requires greater privilege than the capability allows. +.It Er 94 ECAPMODE Em "Not permitted in capability mode" . +The system call or operation is not permitted for capability mode processes. .El .Sh DEFINITIONS .Bl -tag -width Ds diff --git a/lib/libc/sys/jail.2 b/lib/libc/sys/jail.2 index 74b0dde..a2d692a 100644 --- a/lib/libc/sys/jail.2 +++ b/lib/libc/sys/jail.2 @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 23, 2009 +.Dd February 8, 2012 .Dt JAIL 2 .Os .Sh NAME @@ -59,7 +59,7 @@ system call sets up a jail and locks the current process in it. The argument is a pointer to a structure describing the prison: .Bd -literal -offset indent struct jail { - u_int32_t version; + uint32_t version; char *path; char *hostname; char *jailname; @@ -296,7 +296,7 @@ flag is not set. The jail referred to by a .Va jid is not accessible by the process, because the process is in a different -jail. +jail. .It Bq Er EEXIST The jail referred to by a .Va jid @@ -344,7 +344,7 @@ parameter does not exist. The jail referred to by a .Va jid is not accessible by the process, because the process is in a different -jail. +jail. .It Bq Er ENOENT The .Va lastjid @@ -362,6 +362,8 @@ and system calls will fail if: .Bl -tag -width Er +.It Bq Er EPERM +A user other than the super-user attempted to attach to or remove a jail. .It Bq Er EINVAL The jail specified by .Fa jid diff --git a/lib/libc/sys/kill.2 b/lib/libc/sys/kill.2 index d46dc1f..0389559 100644 --- a/lib/libc/sys/kill.2 +++ b/lib/libc/sys/kill.2 @@ -28,7 +28,7 @@ .\" @(#)kill.2 8.3 (Berkeley) 4/19/94 .\" $FreeBSD$ .\" -.Dd April 19, 1994 +.Dd March 15, 2012 .Dt KILL 2 .Os .Sh NAME @@ -121,11 +121,8 @@ The argument is not a valid signal number. .It Bq Er ESRCH -No process can be found corresponding to that specified by +No process or process group can be found corresponding to that specified by .Fa pid . -.It Bq Er ESRCH -The process id was given as 0 -but the sending process does not have a process group. .It Bq Er EPERM The sending process is not the super-user and its effective user id does not match the effective user-id of the receiving process. @@ -137,6 +134,7 @@ of the group could not be signaled. .Xr getpid 2 , .Xr killpg 2 , .Xr sigaction 2 , +.Xr sigqueue 2 , .Xr raise 3 , .Xr init 8 .Sh STANDARDS diff --git a/lib/libc/sys/kldstat.2 b/lib/libc/sys/kldstat.2 index 0d28928..8b4e532 100644 --- a/lib/libc/sys/kldstat.2 +++ b/lib/libc/sys/kldstat.2 @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 3, 1999 +.Dd March 28, 2012 .Dt KLDSTAT 2 .Os .Sh NAME @@ -47,12 +47,12 @@ into .Fa stat . .Bd -literal struct kld_file_stat { - int version; /* set to sizeof(linker_file_stat) */ + int version; /* set to sizeof(struct kld_file_stat) */ char name[MAXPATHLEN]; int refs; int id; - caddr_t address; /* load address */ - size_t size; /* size in bytes */ + caddr_t address; + size_t size; char pathname[MAXPATHLEN]; }; .Ed @@ -76,7 +76,7 @@ The id of the file specified in .It address The load address of the kld file. .It size -The size of the file. +The amount of memory in bytes allocated by the file. .It pathname The full name of the file referred to by .Fa fileid , diff --git a/lib/libc/sys/kqueue.2 b/lib/libc/sys/kqueue.2 index a1b6177..63a662f 100644 --- a/lib/libc/sys/kqueue.2 +++ b/lib/libc/sys/kqueue.2 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 15, 2009 +.Dd February 15, 2012 .Dt KQUEUE 2 .Os .Sh NAME @@ -203,7 +203,7 @@ will not return it. The filter itself is not disabled. .It EV_DISPATCH Disable the event source immediately after delivery of an event. -See +See .Dv EV_DISABLE above. .It EV_DELETE @@ -217,7 +217,7 @@ any pending events. When passed as input, it forces .Dv EV_ERROR to always be returned. -When a filter is successfully added the +When a filter is successfully added the .Va data field will be zero. .It EV_ONESHOT @@ -322,6 +322,9 @@ The sigevent portion of the AIO request is filled in, with .Va sigev_notify_kqueue containing the descriptor of the kqueue that the event should be attached to, +.Va sigev_notify_kevent_flags +containing the kevent flags which should be EV_ONESHOT, EV_CLEAR or +EV_DISPATCH, .Va sigev_value containing the udata value, and .Va sigev_notify @@ -446,10 +449,10 @@ Establishes a user event identified by .Va ident which is not associated with any kernel mechanism but is triggered by user level code. -The lower 24 bits of the +The lower 24 bits of the .Va fflags may be used for user defined flags and manipulated using the following: -.Bl -tag -width XXNOTE_FFLAGSMASK +.Bl -tag -width XXNOTE_FFLAGSMASK .It Dv NOTE_FFNOP Ignore the input .Va fflags . @@ -459,7 +462,7 @@ Bitwise AND .It Dv NOTE_FFOR Bitwise OR .Va fflags . -.It Dv NOTE_COPY +.It Dv NOTE_FFCOPY Copy .Va fflags . .It Dv NOTE_FFCTRLMASK diff --git a/lib/libc/sys/kse.2 b/lib/libc/sys/kse.2 index 92c1de2..41fcc37 100644 --- a/lib/libc/sys/kse.2 +++ b/lib/libc/sys/kse.2 @@ -676,4 +676,4 @@ This manual page was written by .An "Archie Cobbs" Aq archie@FreeBSD.org . .Sh BUGS The KSE code is -.Ud . +.Ud diff --git a/lib/libc/sys/ktrace.2 b/lib/libc/sys/ktrace.2 index aaf6192..1740d75 100644 --- a/lib/libc/sys/ktrace.2 +++ b/lib/libc/sys/ktrace.2 @@ -28,7 +28,7 @@ .\" @(#)ktrace.2 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd July 13, 2008 +.Dd October 10, 2011 .Dt KTRACE 2 .Os .Sh NAME @@ -67,12 +67,12 @@ The argument specifies the requested ktrace operation. The defined operations are: .Bl -column KTRFLAG_DESCENDXXX -offset indent -.It "KTROP_SET Enable trace points specified in" +.It KTROP_SET Ta "Enable trace points specified in" .Fa trpoints . -.It "KTROP_CLEAR Disable trace points specified in +.It KTROP_CLEAR Ta "Disable trace points specified in" .Fa trpoints . -.It "KTROP_CLEARFILE Stop all tracing." -.It "KTRFLAG_DESCEND The tracing change should apply to the" +.It KTROP_CLEARFILE Ta "Stop all tracing." +.It KTRFLAG_DESCEND Ta "The tracing change should apply to the" specified process and all its current children. .El .Pp @@ -80,15 +80,21 @@ The .Fa trpoints argument specifies the trace points of interest. The defined trace points are: -.Bl -column KTRFAC_SYSCALLXXX -offset indent -.It "KTRFAC_SYSCALL Trace system calls." -.It "KTRFAC_SYSRET Trace return values from system calls." -.It "KTRFAC_NAMEI Trace name lookup operations." -.It "KTRFAC_GENIO Trace all I/O (note that this option can" +.Bl -column KTRFAC_PROCCTORXXX -offset indent +.It KTRFAC_SYSCALL Ta "Trace system calls." +.It KTRFAC_SYSRET Ta "Trace return values from system calls." +.It KTRFAC_NAMEI Ta "Trace name lookup operations." +.It KTRFAC_GENIO Ta "Trace all I/O (note that this option can" generate much output). -.It "KTRFAC_PSIG Trace posted signals." -.It "KTRFAC_CSW Trace context switch points." -.It "KTRFAC_INHERIT Inherit tracing to future children." +.It KTRFAC_PSIG Ta "Trace posted signals." +.It KTRFAC_CSW Ta "Trace context switch points." +.It KTRFAC_USER Ta "Trace application-specific events." +.It KTRFAC_STRUCT Ta "Trace certain data structures." +.It KTRFAC_SYSCTL Ta "Trace sysctls." +.It KTRFAC_PROCCTOR Ta "Trace process construction." +.It KTRFAC_PROCDTOR Ta "Trace process destruction." +.It KTRFAC_CAPFAIL Ta "Trace capability failures." +.It KTRFAC_INHERIT Ta "Inherit tracing to future children." .El .Pp Each tracing event outputs a record composed of a generic header @@ -96,12 +102,12 @@ followed by a trace point specific structure. The generic header is: .Bd -literal struct ktr_header { - int ktr_len; /* length of buf */ - short ktr_type; /* trace record type */ - pid_t ktr_pid; /* process id */ - char ktr_comm[MAXCOMLEN+1]; /* command name */ - struct timeval ktr_time; /* timestamp */ - intptr_t ktr_tid; /* was ktr_buffer */ + int ktr_len; /* length of buf */ + short ktr_type; /* trace record type */ + pid_t ktr_pid; /* process id */ + char ktr_comm[MAXCOMLEN+1]; /* command name */ + struct timeval ktr_time; /* timestamp */ + intptr_t ktr_tid; /* was ktr_buffer */ }; .Ed .Pp diff --git a/lib/libc/sys/madvise.2 b/lib/libc/sys/madvise.2 index 48f0e5a..b5ea6b2 100644 --- a/lib/libc/sys/madvise.2 +++ b/lib/libc/sys/madvise.2 @@ -169,7 +169,8 @@ was specified and the process does not have superuser privileges. .Xr mincore 2 , .Xr mprotect 2 , .Xr msync 2 , -.Xr munmap 2 +.Xr munmap 2 , +.Xr posix_fadvise 2 .Sh STANDARDS The .Fn posix_madvise diff --git a/lib/libc/sys/mknod.2 b/lib/libc/sys/mknod.2 index 0fc8771..a406068 100644 --- a/lib/libc/sys/mknod.2 +++ b/lib/libc/sys/mknod.2 @@ -28,7 +28,7 @@ .\" @(#)mknod.2 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd April 10, 2008 +.Dd January 16, 2011 .Dt MKNOD 2 .Os .Sh NAME @@ -38,7 +38,7 @@ .Sh LIBRARY .Lb libc .Sh SYNOPSIS -.In unistd.h +.In sys/stat.h .Ft int .Fn mknod "const char *path" "mode_t mode" "dev_t dev" .Ft int diff --git a/lib/libc/sys/mmap.2 b/lib/libc/sys/mmap.2 index 0b1f35f..73ffb2e 100644 --- a/lib/libc/sys/mmap.2 +++ b/lib/libc/sys/mmap.2 @@ -28,7 +28,7 @@ .\" @(#)mmap.2 8.4 (Berkeley) 5/11/95 .\" $FreeBSD$ .\" -.Dd August 28, 2010 +.Dd March 18, 2012 .Dt MMAP 2 .Os .Sh NAME @@ -205,7 +205,7 @@ command and system call generally do not flush dirty NOSYNC VM data. The .Xr msync 2 -system call is obsolete since +system call is usually not needed since .Bx implements a coherent file system buffer cache. However, it may be @@ -346,9 +346,6 @@ was specified and the argument was not available. .Dv MAP_ANON was specified and insufficient memory was available. -The system has reached the per-process mmap limit specified in the -.Va vm.max_proc_mmap -sysctl. .El .Sh SEE ALSO .Xr madvise 2 , @@ -359,8 +356,7 @@ sysctl. .Xr msync 2 , .Xr munlock 2 , .Xr munmap 2 , -.Xr getpagesize 3 , -.Xr make.conf 5 +.Xr getpagesize 3 .Sh BUGS The .Fa len diff --git a/lib/libc/sys/mq_setattr.2 b/lib/libc/sys/mq_setattr.2 index 2e5a6b1..79e523d 100644 --- a/lib/libc/sys/mq_setattr.2 +++ b/lib/libc/sys/mq_setattr.2 @@ -37,7 +37,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 29, 2005 +.Dd May 17, 2011 .Dt MQ_SETATTR 2 .Os .Sh NAME @@ -50,7 +50,7 @@ .Ft int .Fo mq_setattr .Fa "mqd_t mqdes" -.Fa "struct mq_attr *restrict mqstat" +.Fa "const struct mq_attr *restrict mqstat" .Fa "struct mq_attr *restrict omqstat" .Fc .Sh DESCRIPTION diff --git a/lib/libc/sys/msync.2 b/lib/libc/sys/msync.2 index cb15925..42d8005 100644 --- a/lib/libc/sys/msync.2 +++ b/lib/libc/sys/msync.2 @@ -28,7 +28,7 @@ .\" @(#)msync.2 8.2 (Berkeley) 6/21/94 .\" $FreeBSD$ .\" -.Dd June 21, 1994 +.Dd March 18, 2012 .Dt MSYNC 2 .Os .Sh NAME @@ -98,6 +98,9 @@ The argument was both MS_ASYNC and MS_INVALIDATE. Only one of these flags is allowed. +.It Bq Er EIO + An error occurred while writing at least one of the pages in +the specified region. .El .Sh SEE ALSO .Xr madvise 2 , @@ -113,7 +116,7 @@ system call first appeared in .Sh BUGS The .Fn msync -system call is obsolete since +system call is usually not needed since .Bx implements a coherent file system buffer cache. However, it may be used to associate dirty VM pages with file system diff --git a/lib/libc/sys/nfssvc.2 b/lib/libc/sys/nfssvc.2 index cf52187..f816231 100644 --- a/lib/libc/sys/nfssvc.2 +++ b/lib/libc/sys/nfssvc.2 @@ -143,14 +143,14 @@ and a pointer to a struct nfsd_srvargs { struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */ uid_t nsd_uid; /* Effective uid mapped to cred */ - u_int32_t nsd_haddr; /* Ip address of client */ + uint32_t nsd_haddr; /* Ip address of client */ struct ucred nsd_cr; /* Cred. uid maps to */ int nsd_authlen; /* Length of auth string (ret) */ u_char *nsd_authstr; /* Auth string (ret) */ int nsd_verflen; /* and the verifier */ u_char *nsd_verfstr; struct timeval nsd_timestamp; /* timestamp from verifier */ - u_int32_t nsd_ttl; /* credential ttl (sec) */ + uint32_t nsd_ttl; /* credential ttl (sec) */ NFSKERBKEY_T nsd_key; /* Session key */ }; .Ed diff --git a/lib/libc/sys/open.2 b/lib/libc/sys/open.2 index deca8bc..041f9dc 100644 --- a/lib/libc/sys/open.2 +++ b/lib/libc/sys/open.2 @@ -28,7 +28,7 @@ .\" @(#)open.2 8.2 (Berkeley) 11/16/93 .\" $FreeBSD$ .\" -.Dd February 28, 2009 +.Dd March 25, 2011 .Dt OPEN 2 .Os .Sh NAME @@ -118,6 +118,7 @@ O_NOFOLLOW do not follow symlinks O_NOCTTY don't assign controlling terminal O_TTY_INIT restore default terminal attributes O_DIRECTORY error if file is not a directory +O_CLOEXEC set FD_CLOEXEC upon open .Ed .Pp Opening a file with @@ -231,6 +232,11 @@ from opening files which are even unsafe to open with .Dv O_RDONLY , such as device nodes. .Pp +.Dv O_CLOEXEC +may be used to set +.Dv FD_CLOEXEC +flag for the newly returned file descriptor. +.Pp If successful, .Fn open returns a non-negative integer, termed a file descriptor. @@ -241,12 +247,17 @@ file is set to the beginning of the file. When a new file is created it is given the group of the directory which contains it. .Pp -The new descriptor is set to remain open across +Unless +.Dv O_CLOEXEC +flag was specified, +the new descriptor is set to remain open across .Xr execve 2 system calls; see -.Xr close 2 +.Xr close 2 , +.Xr fcntl 2 and -.Xr fcntl 2 . +.Dv O_CLOEXEC +description. .Pp The system imposes a limit on the number of file descriptors open simultaneously by one process. @@ -404,7 +415,7 @@ of .Dv O_WRONLY , .Dv O_RDWR and -.Dv O_EXEC. +.Dv O_EXEC . .It Bq Eq EBADF The .Fa path diff --git a/lib/libc/sys/pathconf.2 b/lib/libc/sys/pathconf.2 index 495bc65..8bdd5b8 100644 --- a/lib/libc/sys/pathconf.2 +++ b/lib/libc/sys/pathconf.2 @@ -87,9 +87,7 @@ while returns information about the file the link references. .Pp The available values are as follows: -.Pp .Bl -tag -width 6n -.Pp .It Li _PC_LINK_MAX The maximum file link count. .It Li _PC_MAX_CANON @@ -175,7 +173,7 @@ return a positive number that represents the minimum hole size returned in bytes. The offsets of holes returned will be aligned to this same value. A special value of 1 is returned if the file system does not specify the minimum -hole size but still reports holes. +hole size but still reports holes. .El .Sh RETURN VALUES If the call to @@ -234,11 +232,11 @@ Too many symbolic links were encountered in translating the pathname. An I/O error occurred while reading from or writing to the file system. .El .Pp -.Bl -tag -width Er The .Fn fpathconf system call will fail if: +.Bl -tag -width Er .It Bq Er EBADF The .Fa fd diff --git a/lib/libc/sys/pdfork.2 b/lib/libc/sys/pdfork.2 new file mode 100644 index 0000000..0808fbc --- /dev/null +++ b/lib/libc/sys/pdfork.2 @@ -0,0 +1,183 @@ +.\" +.\" Copyright (c) 2009-2010 Robert N. M. Watson +.\" All rights reserved. +.\" +.\" This software was developed at the University of Cambridge Computer +.\" Laboratory with support from a grant from Google, Inc. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd February 25, 2012 +.Dt PDFORK 2 +.Os +.Sh NAME +.Nm pdfork , +.Nm pdgetpid , +.Nm pdkill , +.Nm pdwait4 +.Nd System calls to manage process descriptors +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/procdesc.h +.Ft int +.Fn pdfork "int *fdp" "int flags" +.Ft int +.Fn pdgetpid "int fd" "pid_t *pidp" +.Ft int +.Fn pdkill "int fd" "int signum" +.Ft int +.Fn pdwait4 "int fd" "int *status" "int options" "struct rusage *rusage" +.Sh DESCRIPTION +Process descriptors are special file descriptors that represent processes, +and are created using +.Fn pdfork , +a variant of +.Xr fork 2 , +which, if successful, returns a process descriptor in the integer pointed to +by +.Fa pidp . +Processes created via +.Fn pdfork +will not cause +.Dv SIGCHLD +on termination. +.Fn pdfork +can accept the flags: +.Bl -tag -width ".Dv PD_DAEMON" +.It Dv PD_DAEMON +Instead of the default terminate-on-close behaviour, allow the process to +live until it is explicitly killed with +.Xr kill 2 . +.Pp +This option is not permitted in Capsicum capability mode (see +.Xr cap_enter 2 ) . +.El +.Pp +.Fn pdgetpid +queries the process ID (PID) if the process descriptor +.Fa fd . +.Pp +.Fn pdkill +is functionally identical to +.Xr kill 2 , +except that it accepts a process descriptor, +.Fa fd , +rather than a PID. +.Pp +.Fn pdwait4 +behaves identically to +.Xr wait4 2 , +but operates with respect to a process descriptor argument rather than a PID. +.Pp +The following system calls also have effects specific to process descriptors: +.Pp +.Xr fstat 2 +queries status of a process descriptor; currently only the +.Fa st_mode , +.Fa st_birthtime , +.Fa st_atime , +.Fa st_ctime +and +.Fa st_mtime +fields are defined. +If the owner read, write, and execute bits are set then the +process represented by the process descriptor is still alive. +.Pp +.Xr poll 2 +and +.Xr select 2 +allow waiting for process state transitions; currently only +.Dv POLLHUP +is defined, and will be raised when the process dies. +.Pp +.Xr close 2 +will close the process descriptor unless +.Dv PD_DAEMON +is set; if the process is still alive and this is +the last reference to the process descriptor, the process will be terminated +with the signal +.Dv SIGKILL . +.Sh RETURN VALUES +.Fn pdfork +returns a PID, 0 or -1, as +.Xr fork 2 +does. +.Pp +.Fn pdgetpid +and +.Fn pdkill +return 0 on success and -1 on failure. +.Pp +.Fn pdwait4 +returns a PID on success and -1 on failure. +.Sh ERRORS +These functions may return the same error numbers as their PID-based equivalents +(e.g. +.Fn pdfork +may return the same error numbers as +.Xr fork 2 ) , +with the following additions: +.Bl -tag -width Er +.It Bq Er EINVAL +The signal number given to +.Fn pdkill +is invalid. +.It Bq Er ENOTCAPABLE +The process descriptor being operated on has insufficient rights (e.g. +.Dv CAP_PDKILL +for +.Fn pdkill ) . +.El +.Sh SEE ALSO +.Xr close 2 , +.Xr fork 2 , +.Xr fstat 2 , +.Xr kill 2 , +.Xr poll 2 , +.Xr wait4 2 +.Sh HISTORY +The +.Fn pdfork , +.Fn pdgetpid , +.Fn pdkill +and +.Fn pdwait4 +system calls first appeared in +.Fx 9.0 . +.Pp +Support for process descriptors mode was developed as part of the +.Tn TrustedBSD +Project. +.Sh AUTHORS +.An -nosplit +These functions and the capability facility were created by +.An "Robert N. M. Watson" Aq rwatson@FreeBSD.org +and +.An "Jonathan Anderson" Aq jonathan@FreeBSD.org +at the University of Cambridge Computer Laboratory with support from a grant +from Google, Inc. +.Sh BUGS +.Fn pdwait4 +has not yet been implemented. diff --git a/lib/libc/sys/posix_fadvise.2 b/lib/libc/sys/posix_fadvise.2 new file mode 100644 index 0000000..37453ff --- /dev/null +++ b/lib/libc/sys/posix_fadvise.2 @@ -0,0 +1,138 @@ +.\" Copyright (c) 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)madvise.2 8.1 (Berkeley) 6/9/93 +.\" $FreeBSD$ +.\" +.Dd February 25, 2012 +.Dt POSIX_FADVISE 2 +.Os +.Sh NAME +.Nm posix_fadvise +.Nd give advice about use of file data +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In fcntl.h +.Ft int +.Fn posix_fadvise "int fd" "off_t offset" "off_t len" "int advice" +.Sh DESCRIPTION +The +.Fn posix_fadvise +system call +allows a process to describe to the system its data access behavior for an +open file descriptor +.Fa fd . +The advice covers the data starting at offset +.Fa offset +and continuing for +.Fa len +bytes. +If +.Fa len +is zero, +all data from +.Fa offset +to the end of the file is covered. +.Pp +The behavior is specified by the +.Fa advice +parameter and may be one of: +.Bl -tag -width POSIX_FADV_SEQUENTIAL +.It Dv POSIX_FADV_NORMAL +Tells the system to revert to the default data access behavior. +.It Dv POSIX_FADV_RANDOM +Is a hint that file data will be accessed randomly, +and prefetching is likely not advantageous. +.It Dv POSIX_FADV_SEQUENTIAL +Tells the system that file data will be accessed sequentially. +This currently does nothing as the default behavior uses heuristics to +detect sequential behavior. +.It Dv POSIX_FADV_WILLNEED +Tells the system that the specified data will be accessed in the near future. +The system may initiate an asynchronous read of the data if it is not already +present in memory. +.It Dv POSIX_FADV_DONTNEED +Tells the system that the specified data will not be accessed in the near +future. +The system may decrease the in-memory priority of clean data within the +specified range and future access to this data may require a read operation. +.It Dv POSIX_FADV_NOREUSE +Tells the system that the specified data will only be accessed once and +then not reused. +Accesses to data within the specified range are treated as if the file +descriptor has the +.Dv O_DIRECT +flag enabled. +.El +.Sh RETURN VALUES +.Rv -std posix_fadvise +.Sh ERRORS +The +.Fn posix_fadvise +system call will fail if: +.Bl -tag -width Er +.It Bq Er EBADF +The +.Fa fd +argument is not a valid file descriptor. +.It Bq Er EINVAL +The +.Fa advice +argument is not valid. +.It Bq Er EINVAL +The +.Fa offset +or +.Fa len +arguments are negative, +or +.Fa offset ++ +.Fa len +is greater than the maximum file size. +.It Bq Er ENODEV +The +.Fa fd +argument does not refer to a regular file. +.It Bq Er ESPIPE +The +.Fa fd +argument is associated with a pipe or FIFO. +.El +.Sh SEE ALSO +.Xr madvise 2 +.Sh STANDARDS +The +.Fn posix_fadvise +interface conforms to +.St -p1003.1-2001 . +.Sh HISTORY +The +.Fn posix_fadvise +system call first appeared in +.Fx 10.0 . diff --git a/lib/libc/sys/posix_fallocate.2 b/lib/libc/sys/posix_fallocate.2 new file mode 100644 index 0000000..087c68c --- /dev/null +++ b/lib/libc/sys/posix_fallocate.2 @@ -0,0 +1,145 @@ +.\" Copyright (c) 1980, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)open.2 8.2 (Berkeley) 11/16/93 +.\" $FreeBSD$ +.\" +.Dd February 25, 2012 +.Dt POSIX_FALLOCATE 2 +.Os +.Sh NAME +.Nm posix_fallocate +.Nd pre-allocate storage for a range in a file +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In fcntl.h +.Ft int +.Fn posix_fallocate "int fd" "off_t offset" "off_t len" +.Sh DESCRIPTION +Required storage for the range +.Fa offset +to +.Fa offset + +.Fa len +in the file referenced by +.Fa fd +is guaranteed to be allocated upon successful return. +That is, if +.Fn posix_fallocate +returns successfully, subsequent writes to the specified file data +will not fail due to lack of free space on the file system storage +media. +Any existing file data in the specified range is unmodified. +If +.Fa offset + +.Fa len +is beyond the current file size, then +.Fn posix_fallocate +will adjust the file size to +.Fa offset + +.Fa len . +Otherwise, the file size will not be changed. +.Pp +Space allocated by +.Fn posix_fallocate +will be freed by a successful call to +.Xr creat 2 +or +.Xr open 2 +that truncates the size of the file. +Space allocated via +.Fn posix_fallocate +may be freed by a successful call to +.Xr ftruncate 2 +that reduces the file size to a size smaller than +.Fa offset + +.Fa len . +.Sh RETURN VALUES +If successful, +.Fn posix_fallocate +returns zero. +It returns -1 on failure, and sets +.Va errno +to indicate the error. +.Sh ERRORS +Possible failure conditions: +.Bl -tag -width Er +.It Bq Er EBADF +The +.Fa fd +argument is not a valid file descriptor. +.It Bq Er EBADF +The +.Fa fd +argument references a file that was opened without write permission. +.It Bq Er EFBIG +The value of +.Fa offset + +.Fa len +is greater than the maximum file size. +.It Bq Er EINTR +A signal was caught during execution. +.It Bq Er EINVAL +The +.Fa len +argument was zero or the +.Fa offset +argument was less than zero. +.It Bq Er EIO +An I/O error occurred while reading from or writing to a file system. +.It Bq Er ENODEV +The +.Fa fd +argument does not refer to a regular file. +.It Bq Er ENOSPC +There is insufficient free space remaining on the file system storage +media. +.It Bq Er ESPIPE +The +.Fa fd +argument is associated with a pipe or FIFO. +.El +.Sh SEE ALSO +.Xr creat 2 , +.Xr ftruncate 2 , +.Xr open 2 , +.Xr unlink 2 +.Sh STANDARDS +The +.Fn posix_fallocate +system call conforms to +.St -p1003.1-2004 . +.Sh HISTORY +The +.Fn posix_fallocate +function appeared in +.Fx 9.0 . +.Sh AUTHORS +.Fn posix_fallocate +and this manual page were initially written by +.An Matthew Fleming Aq mdf@FreeBSD.org . diff --git a/lib/libc/sys/ptrace.2 b/lib/libc/sys/ptrace.2 index f40574b..9dda8ee 100644 --- a/lib/libc/sys/ptrace.2 +++ b/lib/libc/sys/ptrace.2 @@ -2,7 +2,7 @@ .\" $NetBSD: ptrace.2,v 1.2 1995/02/27 12:35:37 cgd Exp $ .\" .\" This file is in the public domain. -.Dd July 10, 2010 +.Dd February 19, 2012 .Dt PTRACE 2 .Os .Sh NAME @@ -295,6 +295,8 @@ struct ptrace_lwpinfo { sigset_t pl_sigmask; sigset_t pl_siglist; siginfo_t pl_siginfo; + char pl_tdname[MAXCOMLEN + 1]; + int pl_child_pid; }; .Ed .Pp @@ -345,6 +347,19 @@ Indicates that member of .Vt "struct ptrace_lwpinfo" contains valid information. +.It PL_FLAG_FORKED +Indicates that the process is returning from a call to +.Fn fork 2 +that created a new child process. +The process identifier of the new process is available in the +.Va pl_child_pid +member of +.Vt "struct ptrace_lwpinfo" . +.It PL_FLAG_CHILD +The flag is set for first event reported from a new child, which is +automatically attached due to +.Dv PT_FOLLOW_FORK +enabled. .El .It pl_sigmask The current signal mask of the LWP @@ -356,11 +371,20 @@ on an LWP siglist until the thread is selected for delivery. The siginfo that accompanies the signal pending. Only valid for .Dv PL_EVENT_SIGNAL -kind of stop, when -.Va pl_flags -has +stop when .Dv PL_FLAG_SI -set. +is set in +.Va pl_flags . +.It pl_tdname +The name of the thread. +.It pl_child_pid +The process identifier of the new child process. +Only valid for a +.Dv PL_EVENT_SIGNAL +stop when +.Dv PL_FLAG_FORKED +is set in +.Va pl_flags . .El .It PT_GETNUMLWPS This request returns the number of kernel threads associated with the @@ -391,6 +415,21 @@ This request will trace the specified process on each system call exit. .It PT_SYSCALL This request will trace the specified process on each system call entry and exit. +.It PT_FOLLOW_FORK +This request controls tracing for new child processes of a traced process. +If +.Fa data +is non-zero, +then new child processes will enable tracing and stop before executing their +first instruction. +If +.Fa data +is zero, then new child processes will execute without tracing enabled. +By default, tracing is not enabled for new child processes. +Child processes do not inherit this property. +The traced process will set the +.Dv PL_FLAG_FORKED +flag upon exit from a system call that creates a new process. .It PT_VM_TIMESTAMP This request returns the generation number or timestamp of the memory map of the traced process as the return value from @@ -402,7 +441,7 @@ This request is used to iterate over the entries of the VM map of the traced process. The .Fa addr -argument specifies a pointer to a +argument specifies a pointer to a .Vt "struct ptrace_vm_entry" , which is defined as follows: .Bd -literal @@ -565,10 +604,3 @@ The .Fn ptrace function appeared in .At v7 . -.Sh BUGS -The -.Dv PL_FLAG_SCE , -.Dv PL_FLAG_SCX -and -.Dv PL_FLAG_EXEC -are not implemented for MIPS and ARM architectures. diff --git a/lib/libc/sys/quotactl.2 b/lib/libc/sys/quotactl.2 index ff3cb4b..6dabff0 100644 --- a/lib/libc/sys/quotactl.2 +++ b/lib/libc/sys/quotactl.2 @@ -113,7 +113,7 @@ Only the super-user may turn quotas off. .It Dv Q_GETQUOTASIZE Get the wordsize used to represent the quotas for the user or group (as determined by the command type). -Possible values are 32 for the old-style quota file +Possible values are 32 for the old-style quota file and 64 for the new-style quota file. The .Fa addr @@ -199,7 +199,7 @@ The .Fa id argument to .Dv Q_GETQUOTA , -.Dv Q_SETQUOTA +.Dv Q_SETQUOTA or .Dv Q_SETUSE is a negative value. diff --git a/lib/libc/sys/read.2 b/lib/libc/sys/read.2 index 19e4ffe..06e0ef1 100644 --- a/lib/libc/sys/read.2 +++ b/lib/libc/sys/read.2 @@ -28,7 +28,7 @@ .\" @(#)read.2 8.4 (Berkeley) 2/26/94 .\" $FreeBSD$ .\" -.Dd October 11, 2006 +.Dd January 22, 2012 .Dt READ 2 .Os .Sh NAME @@ -41,12 +41,12 @@ .Lb libc .Sh SYNOPSIS .In sys/types.h -.In sys/uio.h .In unistd.h .Ft ssize_t .Fn read "int d" "void *buf" "size_t nbytes" .Ft ssize_t .Fn pread "int d" "void *buf" "size_t nbytes" "off_t offset" +.In sys/uio.h .Ft ssize_t .Fn readv "int d" "const struct iovec *iov" "int iovcnt" .Ft ssize_t diff --git a/lib/libc/sys/rfork.2 b/lib/libc/sys/rfork.2 index c0f264a..222bac4 100644 --- a/lib/libc/sys/rfork.2 +++ b/lib/libc/sys/rfork.2 @@ -5,7 +5,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 14, 2007 +.Dd July 12, 2011 .Dt RFORK 2 .Os .Sh NAME @@ -80,11 +80,22 @@ the new process to run on the provided stack. See .Xr rfork_thread 3 for information. +Note that a lot of code will not run correctly in such an environment. .It Dv RFSIGSHARE If set, the kernel will force sharing the sigacts structure between the child and the parent. +.It Dv RFTSIGZMB +If set, the kernel will deliver a specified signal to the parent +upon the child exit, instead of default SIGCHLD. +The signal number +.Dv signum +is specified by oring the +.Dv RFTSIGFLAGS(signum) +expression into +.Fa flags . +Specifying signal number 0 disables signal delivery upon the child exit. .It Dv RFLINUXTHPN -If set, the kernel will return SIGUSR1 instead of SIGCHILD upon thread +If set, the kernel will deliver SIGUSR1 instead of SIGCHLD upon thread exit for the child. This is intended to mimic certain Linux clone behaviour. .El @@ -163,6 +174,8 @@ would be exceeded (see Both the RFFDG and the RFCFDG flags were specified. .It Bq Er EINVAL Any flags not listed above were specified. +.It Bq Er EINVAL +An invalid signal number was specified. .It Bq Er ENOMEM There is insufficient swap space for the new process. .El @@ -171,24 +184,9 @@ There is insufficient swap space for the new process. .Xr intro 2 , .Xr minherit 2 , .Xr vfork 2 , +.Xr pthread_create 3 , .Xr rfork_thread 3 .Sh HISTORY The .Fn rfork function first appeared in Plan9. -.Sh BUGS -.Fx -does not yet implement a native -.Fn clone -library call, and the current pthreads implementation does not use -.Fn rfork -with RFMEM. -A native port of the linux threads library, -.Pa /usr/ports/devel/linuxthreads , -contains a working -.Fn clone -call that utilizes RFMEM. -The -.Xr rfork_thread 3 -function can often be used instead of -.Fn clone . diff --git a/lib/libc/sys/rtprio.2 b/lib/libc/sys/rtprio.2 index afed81e..faad941 100644 --- a/lib/libc/sys/rtprio.2 +++ b/lib/libc/sys/rtprio.2 @@ -1,3 +1,4 @@ +.\"- .\" Copyright (c) 1994, Henrik Vestergaard Draboel .\" All rights reserved. .\" @@ -26,15 +27,40 @@ .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. +.\"- +.\" Copyright (c) 2011 Xin LI <delphij@FreeBSD.org> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" -.Dd July 23, 1994 +.Dd December 27, 2011 .Dt RTPRIO 2 .Os .Sh NAME -.Nm rtprio -.Nd examine or modify a process realtime or idle priority +.Nm rtprio , +.Nm rtprio_thread +.Nd examine or modify realtime or idle priority .Sh LIBRARY .Lb libc .Sh SYNOPSIS @@ -42,11 +68,18 @@ .In sys/rtprio.h .Ft int .Fn rtprio "int function" "pid_t pid" "struct rtprio *rtp" +.Ft int +.Fn rtprio_thread "int function" "lwpid_t lwpid" "struct rtprio *rtp" .Sh DESCRIPTION The .Fn rtprio system call -is used to lookup or change the realtime or idle priority of a process. +is used to lookup or change the realtime or idle priority of a process, +or the calling thread. +The +.Fn rtprio_thread +system call +is used to lookup or change the realtime or idle priority of a thread. .Pp The .Fa function @@ -54,10 +87,31 @@ argument specifies the operation to be performed. RTP_LOOKUP to lookup the current priority, and RTP_SET to set the priority. -The +.Pp +For the +.Fn rtprio +system call, +the .Fa pid argument -specifies the process to be used, 0 for the current process. +specifies the process to operate on, +0 for the calling thread. +When +.Fa pid +is non-zero, +the system call reports the highest priority in the process, +or sets all threads' priority in the process, +depending on value of the +.Fa function +argument. +.Pp +For the +.Fn rtprio_thread +system call, +the +.Fa lwpid +specifies the thread to operate on, +0 for the calling thread. .Pp The .Fa *rtp @@ -83,12 +137,12 @@ field ranges between 0 and .Pp Realtime and idle priority is inherited through fork() and exec(). .Pp -A realtime process can only be preempted by a process of equal or -higher priority, or by an interrupt; idle priority processes will run only -when no other real/normal priority process is runnable. -Higher real/idle priority processes -preempt lower real/idle priority processes. -Processes of equal real/idle priority are run round-robin. +A realtime thread can only be preempted by a thread of equal or +higher priority, or by an interrupt; idle priority threads will run only +when no other real/normal priority thread is runnable. +Higher real/idle priority threads +preempt lower real/idle priority threads. +Threads of equal real/idle priority are run round-robin. .Sh RETURN VALUES .Rv -std rtprio .Sh ERRORS @@ -102,12 +156,17 @@ The specified .Fa prio was out of range. .It Bq Er EPERM -The calling process is not allowed to set the realtime priority. +The calling thread is not allowed to set the realtime priority. Only -root is allowed to change the realtime priority of any process, and non-root -may only change the idle priority of the current process. +root is allowed to change the realtime priority of any thread, and non-root +may only change the idle priority of threads the user owns, +when the +.Xr sysctl 8 +variable +.Va security.bsd.unprivileged_idprio +is set to non-zero. .It Bq Er ESRCH -The specified process was not found. +The specified process or thread was not found or visible. .El .Sh SEE ALSO .Xr nice 1 , @@ -115,7 +174,8 @@ The specified process was not found. .Xr rtprio 1 , .Xr setpriority 2 , .Xr nice 3 , -.Xr renice 8 +.Xr renice 8 , +.Xr p_cansee 9 . .Sh AUTHORS .An -nosplit The original author was @@ -124,3 +184,7 @@ This implementation in .Fx was substantially rewritten by .An David Greenman . +The +.Fn rtprio_thread +system call was implemented by +.An David Xu . diff --git a/lib/libc/sys/sctp_generic_sendmsg.2 b/lib/libc/sys/sctp_generic_sendmsg.2 index fee4211..1a2b128 100644 --- a/lib/libc/sys/sctp_generic_sendmsg.2 +++ b/lib/libc/sys/sctp_generic_sendmsg.2 @@ -54,7 +54,7 @@ and .Fn sctp_generic_sendmsg_iov are the true system calls used by the .Xr sctp_sendmsg 3 -and +and .Xr sctp_send 3 function calls. These are more efficient since they are @@ -68,7 +68,7 @@ For detailed usage please see either the .Xr sctp_send 3 or .Xr sctp_sendmsg 3 -function calls. +function calls. .Sh RETURN VALUES The call returns the number of bytes written on success and -1 upon failure. .Sh ERRORS diff --git a/lib/libc/sys/sctp_peeloff.2 b/lib/libc/sys/sctp_peeloff.2 index d94f280..40a026d 100644 --- a/lib/libc/sys/sctp_peeloff.2 +++ b/lib/libc/sys/sctp_peeloff.2 @@ -51,7 +51,6 @@ The system call attempts detach the association specified by .Fa id into its own separate socket. -.Pp .Sh RETURN VALUES The call returns -1 on failure and the new socket descriptor upon success. @@ -61,7 +60,7 @@ The system call can return the following errors: .Bl -tag -width Er .It Bq Er ENOTCONN -The +The .Fa id given to the call does not map to a valid association. diff --git a/lib/libc/sys/select.2 b/lib/libc/sys/select.2 index 2435e37..59a7998 100644 --- a/lib/libc/sys/select.2 +++ b/lib/libc/sys/select.2 @@ -222,6 +222,6 @@ Thus, it is unwise to assume that the timeout value will be unmodified by the .Fn select system call. -.Fx +.Fx does not modify the return value, which can cause problems for applications ported from other systems. diff --git a/lib/libc/sys/sendfile.2 b/lib/libc/sys/sendfile.2 index d9f8cab..9d1fba5 100644 --- a/lib/libc/sys/sendfile.2 +++ b/lib/libc/sys/sendfile.2 @@ -104,7 +104,7 @@ variable pointed to by The .Fa flags argument is a bitmap of these values: -.Bl -item -offset indent +.Bl -item -offset indent .It .Dv SF_NODISKIO . This flag causes any diff --git a/lib/libc/sys/setfib.2 b/lib/libc/sys/setfib.2 index a65a064..ef561d2 100644 --- a/lib/libc/sys/setfib.2 +++ b/lib/libc/sys/setfib.2 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 8, 2008 +.Dd March 19, 2012 .Dt SETFIB 2 .Os .Sh NAME @@ -45,11 +45,30 @@ subsequent to the call, to be that of the argument The .Fa fib argument -may be between 0 and the current system maximum which -may be retrieved by the +must be greater than or equal to 0 +and less than the current system maximum which +may be retrieved by the .Va net.fibs sysctl. -The default fib of the process will be applied to all protocol families +The system maximum is set in the kernel configuration file with +.Bd -ragged -offset indent +.Cd "options ROUTETABLES=" Ns Em N +.Ed +.Pp +or in +.Pa /boot/loader.conf +with +.Pp +.Dl net.fibs= Ns Qq Em N +.Pp +where +.Em N +is an integer. +However, this maximum is capped at 16 due to the implementation storing +the fib number in a 4-bit field in +.Xr mbuf 9 +flags. +The default fib of the process will be applied to all protocol families that support multiple fibs, and ignored by those that do not. The default fib for a process may be overridden for a socket with the use of the diff --git a/lib/libc/sys/setuid.2 b/lib/libc/sys/setuid.2 index 4bb4a68..4c7d5ad 100644 --- a/lib/libc/sys/setuid.2 +++ b/lib/libc/sys/setuid.2 @@ -170,7 +170,7 @@ potentially sensitive data. .Pp To prevent these files from remaining open after an .Xr exec 3 -call, be sure to set the close-on-exec flag is set: +call, be sure to set the close-on-exec flag: .Bd -literal void pseudocode(void) diff --git a/lib/libc/sys/shm_open.2 b/lib/libc/sys/shm_open.2 index a2fa502..cc12132 100644 --- a/lib/libc/sys/shm_open.2 +++ b/lib/libc/sys/shm_open.2 @@ -139,7 +139,6 @@ The .Fn shm_unlink system call removes a shared memory object named .Fa path . -.Pp .Sh RETURN VALUES If successful, .Fn shm_open diff --git a/lib/libc/sys/shmat.2 b/lib/libc/sys/shmat.2 index 8fe340c..fd1db93 100644 --- a/lib/libc/sys/shmat.2 +++ b/lib/libc/sys/shmat.2 @@ -35,7 +35,6 @@ .Sh LIBRARY .Lb libc .Sh SYNOPSIS -.In machine/param.h .In sys/types.h .In sys/ipc.h .In sys/shm.h diff --git a/lib/libc/sys/shmctl.2 b/lib/libc/sys/shmctl.2 index d3299af..98ddf13 100644 --- a/lib/libc/sys/shmctl.2 +++ b/lib/libc/sys/shmctl.2 @@ -34,7 +34,6 @@ .Sh LIBRARY .Lb libc .Sh SYNOPSIS -.In machine/param.h .In sys/types.h .In sys/ipc.h .In sys/shm.h diff --git a/lib/libc/sys/shmget.2 b/lib/libc/sys/shmget.2 index e7fd6d1..3094345 100644 --- a/lib/libc/sys/shmget.2 +++ b/lib/libc/sys/shmget.2 @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 3, 1995 +.Dd December 17, 2010 .Dt SHMGET 2 .Os .Sh NAME @@ -34,7 +34,6 @@ .Sh LIBRARY .Lb libc .Sh SYNOPSIS -.In machine/param.h .In sys/types.h .In sys/ipc.h .In sys/shm.h @@ -80,17 +79,17 @@ the following constants into the .Fa flag argument: .Bl -tag -width XSHM_WXX6XXX -.It Dv SHM_R -Read access for user. -.It Dv SHM_W -Write access for user. -.It Dv ( SHM_R>>3 ) +.It Dv S_IRUSR +Read access for owner. +.It Dv S_IWUSR +Write access for owner. +.It Dv S_IRGRP Read access for group. -.It Dv ( SHM_W>>3 ) +.It Dv S_IWGRP Write access for group. -.It Dv ( SHM_R>>6 ) +.It Dv S_IROTH Read access for other. -.It Dv ( SHM_W>>6 ) +.It Dv S_IWOTH Write access for other. .El .\" @@ -143,4 +142,5 @@ already exists. .Xr shmat 2 , .Xr shmctl 2 , .Xr shmdt 2 , +.Xr stat 2 , .Xr ftok 3 diff --git a/lib/libc/sys/sigqueue.2 b/lib/libc/sys/sigqueue.2 index 780b6a0..9e6a4c5 100644 --- a/lib/libc/sys/sigqueue.2 +++ b/lib/libc/sys/sigqueue.2 @@ -27,7 +27,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 11, 2005 +.Dd March 10, 2012 .Dt SIGQUEUE 2 .Os .Sh NAME @@ -126,6 +126,7 @@ The process does not exist. .El .Sh SEE ALSO +.Xr kill 2 , .Xr sigaction 2 , .Xr sigpending 2 , .Xr sigqueue 2 , diff --git a/lib/libc/sys/sigwait.2 b/lib/libc/sys/sigwait.2 index 8c00cf4..a9e605c 100644 --- a/lib/libc/sys/sigwait.2 +++ b/lib/libc/sys/sigwait.2 @@ -27,7 +27,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 11, 2005 +.Dd August 24, 2011 .Dt SIGWAIT 2 .Os .Sh NAME @@ -82,6 +82,14 @@ selected, it will be the lowest numbered one. The selection order between realtime and non-realtime signals, or between multiple pending non-realtime signals, is unspecified. +.Sh IMPLEMENTATION NOTES +The +.Fn sigwait +function is implemented as a wrapper around the +.Fn __sys_sigwait +system call, which retries the call on +.Er EINTR +error. .Sh RETURN VALUES If successful, .Fn sigwait diff --git a/lib/libc/sys/sigwaitinfo.2 b/lib/libc/sys/sigwaitinfo.2 index 41be9e2..a83de06 100644 --- a/lib/libc/sys/sigwaitinfo.2 +++ b/lib/libc/sys/sigwaitinfo.2 @@ -27,7 +27,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 11, 2005 +.Dd August 24, 2011 .Dt SIGTIMEDWAIT 2 .Os .Sh NAME @@ -116,6 +116,16 @@ except that the selected signal number shall be stored in the member, and the cause of the signal shall be stored in the .Va si_code member. +Besides this, the +.Fn sigwaitinfo +and +.Fn sigtimedwait +system calls may return +.Er EINTR +if interrupted by signal, which is not allowed for the +.Fn sigwait +function. +.Pp If any value is queued to the selected signal, the first such queued value is dequeued and, if the info argument is .Pf non- Dv NULL , diff --git a/lib/libc/sys/stat.2 b/lib/libc/sys/stat.2 index 85f0cf0..b6c03ab 100644 --- a/lib/libc/sys/stat.2 +++ b/lib/libc/sys/stat.2 @@ -28,7 +28,7 @@ .\" @(#)stat.2 8.4 (Berkeley) 5/1/95 .\" $FreeBSD$ .\" -.Dd March 28, 2010 +.Dd November 17, 2011 .Dt STAT 2 .Os .Sh NAME @@ -345,10 +345,10 @@ represented correctly in the structure pointed to by .Fa sb . .El .Pp -.Bl -tag -width Er The .Fn fstat system call will fail if: +.Bl -tag -width Er .It Bq Er EBADF The .Fa fd @@ -401,8 +401,8 @@ nor a file descriptor associated with a directory. .Xr fhstat 2 , .Xr statfs 2 , .Xr utimes 2 , -.Xr symlink 7 , -.Xr sticky 8 +.Xr sticky 7 , +.Xr symlink 7 .Sh STANDARDS The .Fn stat @@ -411,7 +411,7 @@ and system calls are expected to conform to .St -p1003.1-90 . The -.Fn fchownat +.Fn fstatat system call follows The Open Group Extended API Set 2 specification. .Sh HISTORY The diff --git a/lib/libc/sys/timer_create.2 b/lib/libc/sys/timer_create.2 index 3fb415c..316cea3 100644 --- a/lib/libc/sys/timer_create.2 +++ b/lib/libc/sys/timer_create.2 @@ -151,7 +151,7 @@ memory protection fault. .Sh SEE ALSO .Xr clock_getres 2 , .Xr timer_delete 2 , -.Xr timer_getoverun 2 , +.Xr timer_getoverrun 2 , .Xr siginfo 3 .Sh STANDARDS The diff --git a/lib/libc/sys/wait.2 b/lib/libc/sys/wait.2 index 2e084d2..e4812fc 100644 --- a/lib/libc/sys/wait.2 +++ b/lib/libc/sys/wait.2 @@ -66,6 +66,19 @@ the .Fa status area contains termination information about the process that exited as defined below. +The +.Fn wait +call is the same as +.Fn wait4 +with a +.Fa wpid +value of -1, +with an +.Fa options +value of zero, +and a +.Fa rusage +value of zero. .Pp The .Fn wait4 diff --git a/lib/libc/sys/write.2 b/lib/libc/sys/write.2 index 6d60835..d22b985 100644 --- a/lib/libc/sys/write.2 +++ b/lib/libc/sys/write.2 @@ -28,7 +28,7 @@ .\" @(#)write.2 8.5 (Berkeley) 4/2/94 .\" $FreeBSD$ .\" -.Dd July 7, 2005 +.Dd January 22, 2012 .Dt WRITE 2 .Os .Sh NAME @@ -41,12 +41,12 @@ .Lb libc .Sh SYNOPSIS .In sys/types.h -.In sys/uio.h .In unistd.h .Ft ssize_t .Fn write "int d" "const void *buf" "size_t nbytes" .Ft ssize_t .Fn pwrite "int d" "const void *buf" "size_t nbytes" "off_t offset" +.In sys/uio.h .Ft ssize_t .Fn writev "int d" "const struct iovec *iov" "int iovcnt" .Ft ssize_t |
