src/lib/libcasper/services/cap_sysctl/cap_sysctl.h, branch main FreeBSD source tree Remove "All Rights Reserved" from FreeBSD Foundation copyrights 2024-07-30T16:16:36+00:00 Ed Maste emaste@FreeBSD.org 2024-07-30T16:02:17+00:00 5c2bc3db201a4fe8d7911cf816bea104d5dc2138 These ones were unambiguous cases where the Foundation was the only listed copyright holder. Sponsored by: The FreeBSD Foundation 
These ones were unambiguous cases where the Foundation was the only
listed copyright holder.

Sponsored by:	The FreeBSD Foundation
Remove $FreeBSD$: two-line .h pattern 2023-08-16T17:54:16+00:00 Warner Losh imp@FreeBSD.org 2023-08-16T17:54:16+00:00 b3e7694832e81d7a904a10f525f8797b753bf0d3 Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/ 
Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
cap_sysctl: expose structures and variables 2021-01-04T19:56:07+00:00 Mariusz Zaborski oshogbo@FreeBSD.org 2021-01-04T19:56:07+00:00 459511895e48e8f0a6673bd452812e994d96a960 Expose structures and variables that may be used on systems build without Casper support. 
Expose structures and variables that may be used on systems
build without Casper support.
casper: convert macros to inline functions 2021-01-04T19:55:35+00:00 Mariusz Zaborski oshogbo@FreeBSD.org 2021-01-04T19:50:58+00:00 8c121177f063a187534dcd475b136c34474802cd In libcasper, the first argument to the function is a structure that represents a connection to Casper. On systems without Casper, macros are used to interpose the Casper functions to standard libc ones. This may cause errors/warnings that the variable is not used. With the inline function, there is no such problem. 
In libcasper, the first argument to the function is a structure that
represents a connection to Casper. On systems without Casper, macros
are used to interpose the Casper functions to standard libc ones.
This may cause errors/warnings that the variable is not used.
With the inline function, there is no such problem.
libcasper(3): Export functions to C++ 2020-04-07T16:40:41+00:00 Conrad Meyer cem@FreeBSD.org 2020-04-07T16:40:41+00:00 b30c6ac9f9222ee574d54075e73581f8d141033f We must wrap C declarations in __BEGIN / __END_DECLS to avoid C++ name-mangling of the declaration when including the C header; name-mangling causes the linker to attempt to locate the wrong (C++ ABI) symbol name. Reviewed by: markj, oshogbo (earlier version both) Differential Revision: https://reviews.freebsd.org/D24323 
We must wrap C declarations in __BEGIN / __END_DECLS to avoid C++ name-mangling
of the declaration when including the C header; name-mangling causes the linker
to attempt to locate the wrong (C++ ABI) symbol name.

Reviewed by:	markj, oshogbo (earlier version both)
Differential Revision:	https://reviews.freebsd.org/D24323
libcasper: Constify cap_sysctl_limit_mib() mib parameter 2020-04-06T23:07:56+00:00 Conrad Meyer cem@FreeBSD.org 2020-04-06T23:07:56+00:00 2750f1b954ab7ed54ff12ed7fdbc6d47b5151679 No functional change. Minor API change that is nicer for consumers. ABI is identical; the routine never needed to modify the pointed to value. Reviewed by: emaste, markj Differential Revision: https://reviews.freebsd.org/D24319 
No functional change. Minor API change that is nicer for consumers. ABI is
identical; the routine never needed to modify the pointed to value.

Reviewed by:	emaste, markj
Differential Revision:	https://reviews.freebsd.org/D24319
Add cap_sysctl(3) and cap_sysctlnametomib(3). 2019-05-13T17:49:54+00:00 Mark Johnston markj@FreeBSD.org 2019-05-13T17:49:54+00:00 1608c46ea4a10a65095ceff3a2d4a1b4b5b3d408 These complement cap_sysctlbyname(3) to provide a drop-in replacement for the corresponding libc functions. Also revise the libcap_sysctl limit interface to provide access to sysctls by MIB, and to avoid direct manipulation of nvlists by the caller. Reviewed by: oshogbo Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D17854 
These complement cap_sysctlbyname(3) to provide a drop-in
replacement for the corresponding libc functions.

Also revise the libcap_sysctl limit interface to provide access
to sysctls by MIB, and to avoid direct manipulation of nvlists
by the caller.

Reviewed by:	oshogbo
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D17854
Introduce caspermocks. 2017-10-28T19:23:57+00:00 Mariusz Zaborski oshogbo@FreeBSD.org 2017-10-28T19:23:57+00:00 ceb36bc93ad2c3a1d8220e70bc3abfe198be8017 The idea behinds mocks is that we don't need to ifdef a lot of code in tools itself but those defines are hidden in the casper library. Right now the mocks are implemented as define/inlines functions. There was a very long discussion how this should be implemented. This approach has some advantages like we don't need to link to any additional libraries. Unfortunately there are also some disadvantages for example it is easy to get library out of sync between two versions of functions or that we need extra define to compile program with casper support. This isn't an ideal solution but it's good enough for now and should simplify capsicumizing programs. This also doesn't close us any other ways to do those mocks and this should evolve in time. Discussed with: pjd, emaste, ed, rwatson, bapt, cem, bdrewery Differential Revision: https://reviews.freebsd.org/D8753 
The idea behinds mocks is that we don't need to ifdef a lot of code in
tools itself but those defines are hidden in the casper library.
Right now the mocks are implemented as define/inlines functions.
There was a very long discussion how this should be implemented.
This approach has some advantages like we don't need to link to any additional
libraries. Unfortunately there are also some disadvantages for example it is
easy to get library out of sync between two versions of functions or that we
need extra define to compile program with casper support.
This isn't an ideal solution but it's good enough for now and should simplify
capsicumizing programs. This also doesn't close us any other ways to do those
mocks and this should evolve in time.

Discussed with:	pjd, emaste, ed, rwatson, bapt, cem, bdrewery
Differential Revision:    https://reviews.freebsd.org/D8753
Convert casperd(8) daemon to the libcasper. 2016-02-25T18:23:40+00:00 Mariusz Zaborski oshogbo@FreeBSD.org 2016-02-25T18:23:40+00:00 c501d73c7e2d5c843583084b84bd3e6f68a0047e After calling the cap_init(3) function Casper will fork from it's original process, using pdfork(2). Forking from a process has a lot of advantages: 1. We have the same cwd as the original process. 2. The same uid, gid and groups. 3. The same MAC labels. 4. The same descriptor table. 5. The same routing table. 6. The same umask. 7. The same cpuset(1). From now services are also in form of libraries. We also removed libcapsicum at all and converts existing program using Casper to new architecture. Discussed with: pjd, jonathan, ed, drysdale@google.com, emaste Partially reviewed by: drysdale@google.com, bdrewery Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4277 
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.

Discussed with:		pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by:	drysdale@google.com, bdrewery
Approved by:		pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4277