summaryrefslogtreecommitdiffstats
path: root/lib/libc/sys
Commit message (Collapse)AuthorAgeFilesLines
* Introduce the extensible jail framework, using the same "name=value"jamie2009-04-293-11/+262
| | | | | | | | | | | | | | interface as nmount(2). Three new system calls are added: * jail_set, to create jails and change the parameters of existing jails. This replaces jail(2). * jail_get, to read the parameters of existing jails. This replaces the security.jail.list sysctl. * jail_remove to kill off a jail's processes and remove the jail. Most jail parameters may now be changed after creation, and jails may be set to exist without any attached processes. The current jail(2) system call still exists, though it is now a stub to jail_set(2). Approved by: bz (mentor)
* With the permission of phk@ change the license on remaining jail codejamie2009-04-291-6/+22
| | | | | | | to a 2 clause BSD license. Approved by: phk Approved by: bz (mentor)
* Correct the information about when the respective functionality firstbrueffer2009-04-231-1/+1
| | | | | | | | appeared in FreeBSD. PR: 133785 Submitted by: Ulrich Spoerlein <uqs@spoerlein.net> MFC after: 3 days
* Sort man page cross references by section, no need for a comma after therwatson2009-04-133-4/+4
| | | | | | last cross reference. MFC after: 3 days
* Properly update the shm_open/shm_unlink symbol versioning metadata afterjhb2009-04-021-0/+6
| | | | | | | these functions were moved into the kernel: - Move the version entries from gen/ to sys/. Since the ABI of the actual routines did not change, I'm still exporting them as FBSD 1.0 on purpose. - Add FBSD-private versions for the _ and __sys_ variants.
* Document missing requests.dds2009-03-271-2/+18
|
* Hopefully, improve the grammar and wording in the changes to shmctl(2)kib2009-03-051-4/+5
| | | | | | | manpage and UPDATING entry 20090302. UPDATING changes suggested by bf2006a yahoo com. man page corrections by bde.
* Correct types of variables used to track amount of allocated SysV sharedkib2009-03-021-0/+9
| | | | | | | | | | | | | | memory from int to size_t. Implement a workaround for current ABI not allowing to properly save size for and report more then 2Gb sized segment of shared memory. This makes it possible to use > 2 Gb shared memory segments on 64bit architectures. Please note the new BUGS section in shmctl(2) and UPDATING note for limitations of this temporal solution. Reviewed by: csjp Tested by: Nikolay Dzham <i levsha org ua> MFC after: 2 weeks
* Add missing POSIX 1003.1-2008 open(2) flag; O_TTY_INIT.ed2009-02-281-1/+15
| | | | | | | On FreeBSD, this is the default behaviour. According to the spec, we may give this flag a value of zero, but I'd rather not do this. If we define it to a non-zero value, we can always change default behaviour without changing the ABI. This is very unlikely to happen, though.
* Standardize the various prison_foo_ip[46] functions and prison_if tojamie2009-02-051-2/+2
| | | | | | | | | | | | | | | return zero on success and an error code otherwise. The possible errors are EADDRNOTAVAIL if an address being checked for doesn't match the prison, and EAFNOSUPPORT if the prison doesn't have any addresses in that address family. For most callers of these functions, use the returned error code instead of e.g. a hard-coded EADDRNOTAVAIL or EINVAL. Always include a jailed() check in these functions, where a non-jailed cred always returns success (and makes no changes). Remove the explicit jailed() checks that preceded many of the function calls. Approved by: bz (mentor)
* - add missing includedanger2009-01-121-2/+3
| | | | | | | | - fix struct memeber's name [1] PR: docs/130413 [1] Submitted by: Thomas Mueller <tmueller@sysgo.com> [1] MFC after: 3 days
* Document the special loopback address behaviour of jails.bz2009-01-061-1/+7
| | | | | | | PR: kern/103464 Submitted by: brueffer (correct markup) Reviewed by: brueffer MFC after: 2 weeks
* Note that the protocol argument can be set to 0.trhodes2009-01-051-1/+6
| | | | | PR: 127890 Reviewed by: rwatson
* Document that kldunloadf can return EINVAL.trhodes2008-12-251-1/+5
| | | | PR: 125639
* It's silly to claim recv(2) is to be removed in favour of recvfrom(2)ivoras2008-11-301-1/+0
| | | | | | (at least at this time :) ). Approved by: gnn (mentor)
* MFp4:bz2008-11-292-9/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bring in updated jail support from bz_jail branch. This enhances the current jail implementation to permit multiple addresses per jail. In addtion to IPv4, IPv6 is supported as well. Due to updated checks it is even possible to have jails without an IP address at all, which basically gives one a chroot with restricted process view, no networking,.. SCTP support was updated and supports IPv6 in jails as well. Cpuset support permits jails to be bound to specific processor sets after creation. Jails can have an unrestricted (no duplicate protection, etc.) name in addition to the hostname. The jail name cannot be changed from within a jail and is considered to be used for management purposes or as audit-token in the future. DDB 'show jails' command was added to aid debugging. Proper compat support permits 32bit jail binaries to be used on 64bit systems to manage jails. Also backward compatibility was preserved where possible: for jail v1 syscalls, as well as with user space management utilities. Both jail as well as prison version were updated for the new features. A gap was intentionally left as the intermediate versions had been used by various patches floating around the last years. Bump __FreeBSD_version for the afore mentioned and in kernel changes. Special thanks to: - Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches and Olivier Houchard (cognet) for initial single-IPv6 patches. - Jeff Roberson (jeff) and Randall Stewart (rrs) for their help, ideas and review on cpuset and SCTP support. - Robert Watson (rwatson) for lots and lots of help, discussions, suggestions and review of most of the patch at various stages. - John Baldwin (jhb) for his help. - Simon L. Nielsen (simon) as early adopter testing changes on cluster machines as well as all the testers and people who provided feedback the last months on freebsd-jail and other channels. - My employer, CK Software GmbH, for the support so I could work on this. Reviewed by: (see above) MFC after: 3 months (this is just so that I get the mail) X-MFC Before: 7.2-RELEASE if possible
* Several cleanups related to pipe(2).ed2008-11-111-6/+1
| | | | | | | | | | | | | | | | | | - Use `fildes[2]' instead of `*fildes' to make more clear that pipe(2) fills an array with two descriptors. - Remove EFAULT from the manual page. Because of the current calling convention, pipe(2) raises a segmentation fault when an invalid address is passed. - Introduce kern_pipe() to make it easier for binary emulations to implement pipe(2). - Make Linux binary emulation use kern_pipe(), which means we don't have to recover td_retval after calling the FreeBSD system call. Approved by: rdivacky Discussed on: arch
* Add one more EACCES clause to rename.2.trasz2008-11-071-0/+5
| | | | Approved by: rwatson (mentor)
* Implement support for RPCSEC_GSS authentication to both the NFS clientdfr2008-11-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and server. This replaces the RPC implementation of the NFS client and server with the newer RPC implementation originally developed (actually ported from the userland sunrpc code) to support the NFS Lock Manager. I have tested this code extensively and I believe it is stable and that performance is at least equal to the legacy RPC implementation. The NFS code currently contains support for both the new RPC implementation and the older legacy implementation inherited from the original NFS codebase. The default is to use the new implementation - add the NFS_LEGACYRPC option to fall back to the old code. When I merge this support back to RELENG_7, I will probably change this so that users have to 'opt in' to get the new code. To use RPCSEC_GSS on either client or server, you must build a kernel which includes the KGSSAPI option and the crypto device. On the userland side, you must build at least a new libc, mountd, mount_nfs and gssd. You must install new versions of /etc/rc.d/gssd and /etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf. As long as gssd is running, you should be able to mount an NFS filesystem from a server that requires RPCSEC_GSS authentication. The mount itself can happen without any kerberos credentials but all access to the filesystem will be denied unless the accessing user has a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There is currently no support for situations where the ticket file is in a different place, such as when the user logged in via SSH and has delegated credentials from that login. This restriction is also present in Solaris and Linux. In theory, we could improve this in future, possibly using Brooks Davis' implementation of variant symlinks. Supporting RPCSEC_GSS on a server is nearly as simple. You must create service creds for the server in the form 'nfs/<fqdn>@<REALM>' and install them in /etc/krb5.keytab. The standard heimdal utility ktutil makes this fairly easy. After the service creds have been created, you can add a '-sec=krb5' option to /etc/exports and restart both mountd and nfsd. The only other difference an administrator should notice is that nfsd doesn't fork to create service threads any more. In normal operation, there will be two nfsd processes, one in userland waiting for TCP connections and one in the kernel handling requests. The latter process will create as many kthreads as required - these should be visible via 'top -H'. The code has some support for varying the number of service threads according to load but initially at least, nfsd uses a fixed number of threads according to the value supplied to its '-n' option. Sponsored by: Isilon Systems MFC after: 1 month
* Finish what revision 1.40 started. Revision 1.40 removed a false statementalc2008-10-241-8/+6
| | | | | | | from the description but not the errors section. This revision removes it from the errors statement. Add a statement about the non-portability of non-page-aligned offsets.
* Support for CPU sets is going to appear in 7.1 before 8.0.jhb2008-09-292-2/+2
| | | | MFC after: 3 days
* Implement WNOWAIT flag for wait4(2). It specifies that process whose statuskib2008-08-261-2/+10
| | | | | | | | | is returned shall be kept in the waitable state. Add WSTOPPED as an alias for WUNTRACED. Submitted by: Jukka Ukkonen <jau at iki fi> PR: standards/116221 MFC after: 2 weeks
* When calculating arguments to the interpreter for the shebang scriptkib2008-08-261-1/+18
| | | | | | | | executed by fexecve(2), imgp->args->fname is NULL. Moreover, there is no way to recover the path to the script being executed. Do what some other U*ixes do unconditionally, namely supply /dev/fd/n as the script path when called from fexecve(). Document requirement of having fdescfs mounted as caveat.
* Integrate the new MPSAFE TTY layer to the FreeBSD operating system.ed2008-08-204-3/+141
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The last half year I've been working on a replacement TTY layer for the FreeBSD kernel. The new TTY layer was designed to improve the following: - Improved driver model: The old TTY layer has a driver model that is not abstract enough to make it friendly to use. A good example is the output path, where the device drivers directly access the output buffers. This means that an in-kernel PPP implementation must always convert network buffers into TTY buffers. If a PPP implementation would be built on top of the new TTY layer (still needs a hooks layer, though), it would allow the PPP implementation to directly hand the data to the TTY driver. - Improved hotplugging: With the old TTY layer, it isn't entirely safe to destroy TTY's from the system. This implementation has a two-step destructing design, where the driver first abandons the TTY. After all threads have left the TTY, the TTY layer calls a routine in the driver, which can be used to free resources (unit numbers, etc). The pts(4) driver also implements this feature, which means posix_openpt() will now return PTY's that are created on the fly. - Improved performance: One of the major improvements is the per-TTY mutex, which is expected to improve scalability when compared to the old Giant locking. Another change is the unbuffered copying to userspace, which is both used on TTY device nodes and PTY masters. Upgrading should be quite straightforward. Unlike previous versions, existing kernel configuration files do not need to be changed, except when they reference device drivers that are listed in UPDATING. Obtained from: //depot/projects/mpsafetty/... Approved by: philip (ex-mentor) Discussed: on the lists, at BSDCan, at the DevSummit Sponsored by: Snow B.V., the Netherlands dcons(4) fixed by: kan
* Add prototype defination for setfib(2) to sys/socket.h.delphij2008-08-081-1/+2
|
* Add EPERM to the ERRORS section.trhodes2008-08-041-1/+3
| | | | PR: 125746
* Add EAGAIN to the ERRORS list, as found in kern_jail.c.trhodes2008-08-031-1/+3
| | | | | PR: 125253 Submitted by: Mateusz Guzik <mjguzik@gmail.com> (original version)
* remove whitespace bug (8 spaces into one tab)remko2008-08-021-1/+1
| | | | Submitted by: ed
* Fix cut-n-paste-ojulian2008-07-251-1/+1
| | | | Submitted by: Kostik Belousov
* Update the definition of modspecific structuredanger2008-07-151-3/+3
| | | | PR: docs/125630
* Update the ktr_header structure, which changed over time.remko2008-07-131-4/+4
| | | | | | PR: 125546 Submitted by: Mateusz Guzik <mjguzik at gmail dot com> MFC after: 3 days
* Put the _cpuset* symbols in FBSDprivate_1.0 instead of trying to putbrooks2008-07-111-5/+5
| | | | nonexistant __cpuset* there.
* - Forgot to bump a date after last changedanger2008-06-301-1/+1
|
* Make it clearer that it is possible to disable the generation ofdas2008-06-291-4/+4
| | | | | | SIGPIPE for individual sockets (PR: kern/118626). While here, s/insure/ensure/.
* - add description of the MLINK errordanger2008-06-261-0/+3
| | | | | PR: docs/123019 MFC after: 3 days
* Add Xr to getsockname(2)phk2008-06-201-0/+1
|
* Make it clearer that privilege is needed to reduce as well asfanf2008-06-161-1/+1
| | | | increase group membership.
* Bring missing getsockopt(2) options: SO_LABEL SO_PEERLABEL SO_LISTENQLIMITwkoszek2008-06-121-2/+29
| | | | | | | | SO_LISTENQLEN SO_LISTENINCQLEN to the manual page. Till now those were only present in sys/socket.h file. Reviewed by: rwatson, gnn, keramida (with mdoc hat)
* Call the fcntl compatiblity wrapper from the thread library fcntl wrappersdfr2008-05-302-2/+3
| | | | | | so that they get the benefit of the (limited) forward ABI compatibility. MFC after: 1 week
* Make fcntl() a weak symbol so that it can be overridden by thread libraries.dfr2008-05-271-1/+3
| | | | MFC after: 2 days
* Misc mdoc improvements and a typo fix.brueffer2008-05-101-6/+10
|
* Add setfib.2 to the list of man pages to addjulian2008-05-091-1/+1
|
* setfib.2 got left out of the last commitjulian2008-05-091-0/+79
|
* Add code to allow the system to handle multiple routing tables.julian2008-05-092-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This particular implementation is designed to be fully backwards compatible and to be MFC-able to 7.x (and 6.x) Currently the only protocol that can make use of the multiple tables is IPv4 Similar functionality exists in OpenBSD and Linux. From my notes: ----- One thing where FreeBSD has been falling behind, and which by chance I have some time to work on is "policy based routing", which allows different packet streams to be routed by more than just the destination address. Constraints: ------------ I want to make some form of this available in the 6.x tree (and by extension 7.x) , but FreeBSD in general needs it so I might as well do it in -current and back port the portions I need. One of the ways that this can be done is to have the ability to instantiate multiple kernel routing tables (which I will now refer to as "Forwarding Information Bases" or "FIBs" for political correctness reasons). Which FIB a particular packet uses to make the next hop decision can be decided by a number of mechanisms. The policies these mechanisms implement are the "Policies" referred to in "Policy based routing". One of the constraints I have if I try to back port this work to 6.x is that it must be implemented as a EXTENSION to the existing ABIs in 6.x so that third party applications do not need to be recompiled in timespan of the branch. This first version will not have some of the bells and whistles that will come with later versions. It will, for example, be limited to 16 tables in the first commit. Implementation method, Compatible version. (part 1) ------------------------------- For this reason I have implemented a "sufficient subset" of a multiple routing table solution in Perforce, and back-ported it to 6.x. (also in Perforce though not always caught up with what I have done in -current/P4). The subset allows a number of FIBs to be defined at compile time (8 is sufficient for my purposes in 6.x) and implements the changes needed to allow IPV4 to use them. I have not done the changes for ipv6 simply because I do not need it, and I do not have enough knowledge of ipv6 (e.g. neighbor discovery) needed to do it. Other protocol families are left untouched and should there be users with proprietary protocol families, they should continue to work and be oblivious to the existence of the extra FIBs. To understand how this is done, one must know that the current FIB code starts everything off with a single dimensional array of pointers to FIB head structures (One per protocol family), each of which in turn points to the trie of routes available to that family. The basic change in the ABI compatible version of the change is to extent that array to be a 2 dimensional array, so that instead of protocol family X looking at rt_tables[X] for the table it needs, it looks at rt_tables[Y][X] when for all protocol families except ipv4 Y is always 0. Code that is unaware of the change always just sees the first row of the table, which of course looks just like the one dimensional array that existed before. The entry points rtrequest(), rtalloc(), rtalloc1(), rtalloc_ign() are all maintained, but refer only to the first row of the array, so that existing callers in proprietary protocols can continue to do the "right thing". Some new entry points are added, for the exclusive use of ipv4 code called in_rtrequest(), in_rtalloc(), in_rtalloc1() and in_rtalloc_ign(), which have an extra argument which refers the code to the correct row. In addition, there are some new entry points (currently called rtalloc_fib() and friends) that check the Address family being looked up and call either rtalloc() (and friends) if the protocol is not IPv4 forcing the action to row 0 or to the appropriate row if it IS IPv4 (and that info is available). These are for calling from code that is not specific to any particular protocol. The way these are implemented would change in the non ABI preserving code to be added later. One feature of the first version of the code is that for ipv4, the interface routes show up automatically on all the FIBs, so that no matter what FIB you select you always have the basic direct attached hosts available to you. (rtinit() does this automatically). You CAN delete an interface route from one FIB should you want to but by default it's there. ARP information is also available in each FIB. It's assumed that the same machine would have the same MAC address, regardless of which FIB you are using to get to it. This brings us as to how the correct FIB is selected for an outgoing IPV4 packet. Firstly, all packets have a FIB associated with them. if nothing has been done to change it, it will be FIB 0. The FIB is changed in the following ways. Packets fall into one of a number of classes. 1/ locally generated packets, coming from a socket/PCB. Such packets select a FIB from a number associated with the socket/PCB. This in turn is inherited from the process, but can be changed by a socket option. The process in turn inherits it on fork. I have written a utility call setfib that acts a bit like nice.. setfib -3 ping target.example.com # will use fib 3 for ping. It is an obvious extension to make it a property of a jail but I have not done so. It can be achieved by combining the setfib and jail commands. 2/ packets received on an interface for forwarding. By default these packets would use table 0, (or possibly a number settable in a sysctl(not yet)). but prior to routing the firewall can inspect them (see below). (possibly in the future you may be able to associate a FIB with packets received on an interface.. An ifconfig arg, but not yet.) 3/ packets inspected by a packet classifier, which can arbitrarily associate a fib with it on a packet by packet basis. A fib assigned to a packet by a packet classifier (such as ipfw) would over-ride a fib associated by a more default source. (such as cases 1 or 2). 4/ a tcp listen socket associated with a fib will generate accept sockets that are associated with that same fib. 5/ Packets generated in response to some other packet (e.g. reset or icmp packets). These should use the FIB associated with the packet being reponded to. 6/ Packets generated during encapsulation. gif, tun and other tunnel interfaces will encapsulate using the FIB that was in effect withthe proces that set up the tunnel. thus setfib 1 ifconfig gif0 [tunnel instructions] will set the fib for the tunnel to use to be fib 1. Routing messages would be associated with their process, and thus select one FIB or another. messages from the kernel would be associated with the fib they refer to and would only be received by a routing socket associated with that fib. (not yet implemented) In addition Netstat has been edited to be able to cope with the fact that the array is now 2 dimensional. (It looks in system memory using libkvm (!)). Old versions of netstat see only the first FIB. In addition two sysctls are added to give: a) the number of FIBs compiled in (active) b) the default FIB of the calling process. Early testing experience: ------------------------- Basically our (IronPort's) appliance does this functionality already using ipfw fwd but that method has some drawbacks. For example, It can't fully simulate a routing table because it can't influence the socket's choice of local address when a connect() is done. Testing during the generating of these changes has been remarkably smooth so far. Multiple tables have co-existed with no notable side effects, and packets have been routes accordingly. ipfw has grown 2 new keywords: setfib N ip from anay to any count ip from any to any fib N In pf there seems to be a requirement to be able to give symbolic names to the fibs but I do not have that capacity. I am not sure if it is required. SCTP has interestingly enough built in support for this, called VRFs in Cisco parlance. it will be interesting to see how that handles it when it suddenly actually does something. Where to next: -------------------- After committing the ABI compatible version and MFCing it, I'd like to proceed in a forward direction in -current. this will result in some roto-tilling in the routing code. Firstly: the current code's idea of having a separate tree per protocol family, all of the same format, and pointed to by the 1 dimensional array is a bit silly. Especially when one considers that there is code that makes assumptions about every protocol having the same internal structures there. Some protocols don't WANT that sort of structure. (for example the whole idea of a netmask is foreign to appletalk). This needs to be made opaque to the external code. My suggested first change is to add routing method pointers to the 'domain' structure, along with information pointing the data. instead of having an array of pointers to uniform structures, there would be an array pointing to the 'domain' structures for each protocol address domain (protocol family), and the methods this reached would be called. The methods would have an argument that gives FIB number, but the protocol would be free to ignore it. When the ABI can be changed it raises the possibilty of the addition of a fib entry into the "struct route". Currently, the structure contains the sockaddr of the desination, and the resulting fib entry. To make this work fully, one could add a fib number so that given an address and a fib, one can find the third element, the fib entry. Interaction with the ARP layer/ LL layer would need to be revisited as well. Qing Li has been working on this already. This work was sponsored by Ironport Systems/Cisco PR: Reviewed by: several including rwatson, bz and mlair (parts each) Approved by: Obtained from: Ironport systems/Cisco MFC after: Security: PR: Submitted by: Reviewed by: Approved by: Obtained from: MFC after: Security:
* Correct minor typos in SCTP man pages.rwatson2008-04-282-2/+1
| | | | MFC after: 3 days
* Have the man page catch up with the namespace pollution cleanup thatscf2008-04-261-1/+0
| | | | | | | | | | occurred between 2001-2003. Thanks to bde for the history lesson[1] concerning sys/types.h and the many system calls that at one time (pre-2001) were required by POSIX to include it. 1. http://lists.freebsd.org/pipermail/freebsd-arch/2008-April/008126.html MFC after: 3 days
* Document that you must include <sys/param.h> before <sys/cpuset.h>.antoine2008-04-202-0/+2
| | | | Approved by: rwatson (mentor)
* Sort MAN and MLINKS.ru2008-04-161-25/+26
|
* Connect newly added manpages to the build.ru2008-04-161-5/+15
| | | | Submitted by: kib
* Man pages for the openat(2), fexecve(2) and related syscalls.kib2008-04-1615-40/+1098
| | | | Reviewed by: ru
OpenPOWER on IntegriCloud