aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/Makefile1
-rw-r--r--lib/atf/libatf-c++/tests/Makefile4
-rw-r--r--lib/atf/libatf-c++/tests/detail/Makefile3
-rw-r--r--lib/atf/libatf-c/tests/Makefile4
-rw-r--r--lib/atf/libatf-c/tests/detail/Makefile5
-rw-r--r--lib/atf/tests/Makefile5
-rw-r--r--lib/atf/tests/test-programs/Makefile4
-rw-r--r--lib/lib80211/Makefile1
-rw-r--r--lib/libalias/libalias/Makefile1
-rw-r--r--lib/libarchive/Makefile1
-rw-r--r--lib/libarchive/tests/Makefile4
-rw-r--r--lib/libauditd/Makefile1
-rw-r--r--lib/libbegemot/Makefile1
-rw-r--r--lib/libblocksruntime/Makefile1
-rw-r--r--lib/libbluetooth/Makefile1
-rw-r--r--lib/libbsdstat/Makefile1
-rw-r--r--lib/libbsm/Makefile1
-rw-r--r--lib/libbsnmp/Makefile.inc1
-rw-r--r--lib/libbz2/Makefile1
-rw-r--r--lib/libc++/Makefile1
-rw-r--r--lib/libc/Makefile1
-rw-r--r--lib/libc/tests/Makefile4
-rw-r--r--lib/libc/tests/c063/Makefile4
-rw-r--r--lib/libc/tests/db/Makefile4
-rw-r--r--lib/libc/tests/gen/Makefile4
-rw-r--r--lib/libc/tests/gen/execve/Makefile4
-rw-r--r--lib/libc/tests/gen/posix_spawn/Makefile4
-rw-r--r--lib/libc/tests/hash/Makefile4
-rw-r--r--lib/libc/tests/inet/Makefile4
-rw-r--r--lib/libc/tests/locale/Makefile4
-rw-r--r--lib/libc/tests/net/Makefile4
-rw-r--r--lib/libc/tests/nss/Makefile4
-rw-r--r--lib/libc/tests/regex/Makefile4
-rw-r--r--lib/libc/tests/resolv/Makefile4
-rw-r--r--lib/libc/tests/rpc/Makefile4
-rw-r--r--lib/libc/tests/setjmp/Makefile4
-rw-r--r--lib/libc/tests/ssp/Makefile4
-rw-r--r--lib/libc/tests/stdio/Makefile4
-rw-r--r--lib/libc/tests/stdlib/Makefile4
-rw-r--r--lib/libc/tests/string/Makefile4
-rw-r--r--lib/libc/tests/sys/Makefile8
-rw-r--r--lib/libc/tests/termios/Makefile4
-rw-r--r--lib/libc/tests/time/Makefile4
-rw-r--r--lib/libc/tests/tls/Makefile4
-rw-r--r--lib/libc/tests/tls/dso/Makefile4
-rw-r--r--lib/libc/tests/tls_dso/Makefile4
-rw-r--r--lib/libc/tests/ttyio/Makefile4
-rw-r--r--lib/libcalendar/Makefile1
-rw-r--r--lib/libcam/Makefile1
-rw-r--r--lib/libcapsicum/Makefile47
-rw-r--r--lib/libcapsicum/Makefile.depend19
-rw-r--r--lib/libcapsicum/libcapsicum.3300
-rw-r--r--lib/libcapsicum/libcapsicum.c266
-rw-r--r--lib/libcapsicum/libcapsicum.h115
-rw-r--r--lib/libcapsicum/libcapsicum_dns.c365
-rw-r--r--lib/libcapsicum/libcapsicum_dns.h57
-rw-r--r--lib/libcapsicum/libcapsicum_grp.c438
-rw-r--r--lib/libcapsicum/libcapsicum_grp.h57
-rw-r--r--lib/libcapsicum/libcapsicum_impl.h39
-rw-r--r--lib/libcapsicum/libcapsicum_pwd.c391
-rw-r--r--lib/libcapsicum/libcapsicum_pwd.h57
-rw-r--r--lib/libcapsicum/libcapsicum_random.c80
-rw-r--r--lib/libcapsicum/libcapsicum_random.h37
-rw-r--r--lib/libcapsicum/libcapsicum_service.c97
-rw-r--r--lib/libcapsicum/libcapsicum_service.h40
-rw-r--r--lib/libcapsicum/libcapsicum_sysctl.c86
-rw-r--r--lib/libcapsicum/libcapsicum_sysctl.h43
-rw-r--r--lib/libcasper/libcasper/Makefile1
-rw-r--r--lib/libcasper/services/cap_dns/Makefile1
-rw-r--r--lib/libcasper/services/cap_grp/Makefile1
-rw-r--r--lib/libcasper/services/cap_pwd/Makefile1
-rw-r--r--lib/libcasper/services/cap_random/Makefile1
-rw-r--r--lib/libcasper/services/cap_sysctl/Makefile1
-rw-r--r--lib/libcom_err/Makefile1
-rw-r--r--lib/libcompat/Makefile1
-rw-r--r--lib/libcompiler_rt/Makefile1
-rw-r--r--lib/libcrypt/Makefile1
-rw-r--r--lib/libcrypt/tests/Makefile4
-rw-r--r--lib/libcuse/Makefile1
-rw-r--r--lib/libcxxrt/Makefile1
-rw-r--r--lib/libdevctl/Makefile1
-rw-r--r--lib/libdevinfo/Makefile1
-rw-r--r--lib/libdevstat/Makefile1
-rw-r--r--lib/libdpv/Makefile1
-rw-r--r--lib/libdwarf/Makefile1
-rw-r--r--lib/libedit/Makefile1
-rw-r--r--lib/libefi/Makefile1
-rw-r--r--lib/libelf/Makefile1
-rw-r--r--lib/libelftc/Makefile1
-rw-r--r--lib/libevent/Makefile1
-rw-r--r--lib/libexecinfo/Makefile1
-rw-r--r--lib/libexpat/Makefile1
-rw-r--r--lib/libfetch/Makefile1
-rw-r--r--lib/libfigpar/Makefile1
-rw-r--r--lib/libgeom/Makefile1
-rw-r--r--lib/libgpio/Makefile1
-rw-r--r--lib/libgssapi/Makefile1
-rw-r--r--lib/libipsec/Makefile1
-rw-r--r--lib/libjail/Makefile3
-rw-r--r--lib/libkiconv/Makefile1
-rw-r--r--lib/libkvm/Makefile1
-rw-r--r--lib/libldns/Makefile1
-rw-r--r--lib/liblzma/Makefile1
-rw-r--r--lib/libmagic/Makefile1
-rw-r--r--lib/libmd/Makefile1
-rw-r--r--lib/libmemstat/Makefile1
-rw-r--r--lib/libmilter/Makefile1
-rw-r--r--lib/libmp/Makefile1
-rw-r--r--lib/libmp/tests/Makefile4
-rw-r--r--lib/libmt/Makefile1
-rw-r--r--lib/libnandfs/Makefile1
-rw-r--r--lib/libnetbsd/Makefile1
-rw-r--r--lib/libnetgraph/Makefile1
-rw-r--r--lib/libngatm/Makefile1
-rw-r--r--lib/libnv/Makefile1
-rw-r--r--lib/libnv/tests/Makefile4
-rw-r--r--lib/libopenbsd/Makefile1
-rw-r--r--lib/libopie/Makefile1
-rw-r--r--lib/libpam/libpam/Makefile1
-rw-r--r--lib/libpam/libpam/tests/Makefile4
-rw-r--r--lib/libpam/modules/pam_ssh/Makefile1
-rw-r--r--lib/libpcap/Makefile1
-rw-r--r--lib/libpjdlog/Makefile1
-rw-r--r--lib/libpmc/Makefile1
-rw-r--r--lib/libproc/Makefile1
-rw-r--r--lib/libproc/tests/Makefile4
-rw-r--r--lib/libprocstat/Makefile1
-rw-r--r--lib/libradius/Makefile1
-rw-r--r--lib/librpcsec_gss/Makefile1
-rw-r--r--lib/librpcsvc/Makefile1
-rw-r--r--lib/librt/Makefile1
-rw-r--r--lib/librt/tests/Makefile4
-rw-r--r--lib/librtld_db/Makefile1
-rw-r--r--lib/libsbuf/Makefile1
-rw-r--r--lib/libsdp/Makefile1
-rw-r--r--lib/libsm/Makefile1
-rw-r--r--lib/libsmb/Makefile1
-rw-r--r--lib/libsmdb/Makefile1
-rw-r--r--lib/libsmutil/Makefile1
-rw-r--r--lib/libsqlite3/Makefile1
-rw-r--r--lib/libstand/Makefile1
-rw-r--r--lib/libstdbuf/Makefile1
-rw-r--r--lib/libstdthreads/Makefile1
-rw-r--r--lib/libsysdecode/Makefile1
-rw-r--r--lib/libtacplus/Makefile1
-rw-r--r--lib/libtelnet/Makefile1
-rw-r--r--lib/libthr/Makefile1
-rw-r--r--lib/libthr/tests/Makefile3
-rw-r--r--lib/libthr/tests/dlopen/Makefile3
-rw-r--r--lib/libthr/tests/dlopen/dso/Makefile4
-rw-r--r--lib/libthread_db/Makefile1
-rw-r--r--lib/libucl/Makefile1
-rw-r--r--lib/libufs/Makefile1
-rw-r--r--lib/libugidfw/Makefile1
-rw-r--r--lib/libulog/Makefile1
-rw-r--r--lib/libunbound/Makefile2
-rw-r--r--lib/libusb/Makefile1
-rw-r--r--lib/libusbhid/Makefile1
-rw-r--r--lib/libutil/Makefile1
-rw-r--r--lib/libutil/tests/Makefile4
-rw-r--r--lib/libvgl/Makefile1
-rw-r--r--lib/libvmmapi/Makefile1
-rw-r--r--lib/libwrap/Makefile1
-rw-r--r--lib/libxo/Makefile1
-rw-r--r--lib/libxo/tests/Makefile4
-rw-r--r--lib/libxo/tests/encoder/Makefile4
-rw-r--r--lib/liby/Makefile1
-rw-r--r--lib/libypclnt/Makefile1
-rw-r--r--lib/libz/Makefile1
-rw-r--r--lib/msun/Makefile1
-rw-r--r--lib/msun/tests/Makefile3
-rw-r--r--lib/ncurses/ncurses/Makefile1
-rw-r--r--lib/tests/Makefile5
173 files changed, 2835 insertions, 1 deletions
diff --git a/lib/Makefile b/lib/Makefile
index cfa0ea9d2b70..cdcce9091a0c 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -148,6 +148,7 @@ SUBDIR_DEPEND_libpjdlog= libutil
SUBDIR_DEPEND_libprocstat= libkvm libutil
SUBDIR_DEPEND_libradius= libmd
SUBDIR_DEPEND_libsmb= libkiconv
+SUBDIR_DEPEND_libstdc++:= msun
SUBDIR_DEPEND_libtacplus= libmd
SUBDIR_DEPEND_libulog= libmd
SUBDIR_DEPEND_libunbound= ${_libldns}
diff --git a/lib/atf/libatf-c++/tests/Makefile b/lib/atf/libatf-c++/tests/Makefile
index a069bb19d1e6..bebc7efc8175 100644
--- a/lib/atf/libatf-c++/tests/Makefile
+++ b/lib/atf/libatf-c++/tests/Makefile
@@ -2,6 +2,10 @@
.include <bsd.init.mk>
+PACKAGE=tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
TESTS_SUBDIRS= detail
ATF= ${SRCTOP}/contrib/atf
diff --git a/lib/atf/libatf-c++/tests/detail/Makefile b/lib/atf/libatf-c++/tests/detail/Makefile
index f7d672e792fb..f194abf9041d 100644
--- a/lib/atf/libatf-c++/tests/detail/Makefile
+++ b/lib/atf/libatf-c++/tests/detail/Makefile
@@ -2,6 +2,9 @@
.include <bsd.init.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
TESTSDIR= ${TESTSBASE}/lib/atf/libatf-c++/detail
ATF= ${SRCTOP}/contrib/atf
diff --git a/lib/atf/libatf-c/tests/Makefile b/lib/atf/libatf-c/tests/Makefile
index e864c2e8bafc..82d6db427110 100644
--- a/lib/atf/libatf-c/tests/Makefile
+++ b/lib/atf/libatf-c/tests/Makefile
@@ -2,6 +2,10 @@
.include <bsd.init.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
TESTS_SUBDIRS= detail
ATF= ${SRCTOP}/contrib/atf
diff --git a/lib/atf/libatf-c/tests/detail/Makefile b/lib/atf/libatf-c/tests/detail/Makefile
index e47fd566ec01..296d2dd0a31f 100644
--- a/lib/atf/libatf-c/tests/detail/Makefile
+++ b/lib/atf/libatf-c/tests/detail/Makefile
@@ -2,6 +2,11 @@
.include <bsd.init.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+TESTS+= Kyuafile
+
TESTSDIR= ${TESTSBASE}/lib/atf/libatf-c/detail
ATF= ${SRCTOP}/contrib/atf
diff --git a/lib/atf/tests/Makefile b/lib/atf/tests/Makefile
index dc79bb3491f5..ee998049e845 100644
--- a/lib/atf/tests/Makefile
+++ b/lib/atf/tests/Makefile
@@ -2,7 +2,12 @@
.include <bsd.own.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
TESTSDIR= ${TESTSBASE}/lib/atf
+TESTS+= Kyuafile
+
.PATH: ${SRCTOP}/tests
KYUAFILE= yes
diff --git a/lib/atf/tests/test-programs/Makefile b/lib/atf/tests/test-programs/Makefile
index aa308268a043..24f7b799880f 100644
--- a/lib/atf/tests/test-programs/Makefile
+++ b/lib/atf/tests/test-programs/Makefile
@@ -2,7 +2,11 @@
.include <bsd.init.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
TESTSDIR= ${TESTSBASE}/lib/atf/test-programs
+TESTS+= Kyuafile
KYUAFILE= yes
ATF= ${SRCTOP}/contrib/atf
diff --git a/lib/lib80211/Makefile b/lib/lib80211/Makefile
index e00017e7e43e..fe103ce81cbd 100644
--- a/lib/lib80211/Makefile
+++ b/lib/lib80211/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= 80211
SHLIBDIR?= /lib
SHLIB_MAJOR= 1
diff --git a/lib/libalias/libalias/Makefile b/lib/libalias/libalias/Makefile
index 00b4ed8fe20a..feed9a852c20 100644
--- a/lib/libalias/libalias/Makefile
+++ b/lib/libalias/libalias/Makefile
@@ -2,6 +2,7 @@
.PATH: ${.CURDIR}/../../../sys/netinet/libalias
+PACKAGE=lib${LIB}
LIB= alias
SHLIBDIR?= /lib
SHLIB_MAJOR= 7
diff --git a/lib/libarchive/Makefile b/lib/libarchive/Makefile
index 93749b9df1a2..6f0ccd1f9c9e 100644
--- a/lib/libarchive/Makefile
+++ b/lib/libarchive/Makefile
@@ -1,6 +1,7 @@
# $FreeBSD$
.include <src.opts.mk>
+PACKAGE=lib${LIB}
_LIBARCHIVEDIR= ${.CURDIR}/../../contrib/libarchive
LIB= archive
diff --git a/lib/libarchive/tests/Makefile b/lib/libarchive/tests/Makefile
index 73ded3dc5556..160ebb4f9499 100644
--- a/lib/libarchive/tests/Makefile
+++ b/lib/libarchive/tests/Makefile
@@ -1,5 +1,9 @@
# $FreeBSD$
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
_LIBARCHIVEDIR= ${SRCTOP}/contrib/libarchive
ATF_TESTS_SH+= functional_test
diff --git a/lib/libauditd/Makefile b/lib/libauditd/Makefile
index 10039e9914ec..f8ed80a30fe3 100644
--- a/lib/libauditd/Makefile
+++ b/lib/libauditd/Makefile
@@ -2,6 +2,7 @@
# $FreeBSD$
#
+PACKAGE=lib${LIB}
OPENBSMDIR= ${.CURDIR}/../../contrib/openbsm
_LIBAUDITDDIR= ${OPENBSMDIR}/libauditd
_LIBBSMDIR= ${OPENBSMDIR}/libbsm
diff --git a/lib/libbegemot/Makefile b/lib/libbegemot/Makefile
index 27baf563cff6..d2783859254d 100644
--- a/lib/libbegemot/Makefile
+++ b/lib/libbegemot/Makefile
@@ -2,6 +2,7 @@
LIBBEGEMOT_DIR=${.CURDIR}/../../contrib/libbegemot
+PACKAGE=lib${LIB}
.PATH: ${LIBBEGEMOT_DIR}
LIB= begemot
diff --git a/lib/libblocksruntime/Makefile b/lib/libblocksruntime/Makefile
index f95393311142..5933fb5253d2 100644
--- a/lib/libblocksruntime/Makefile
+++ b/lib/libblocksruntime/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB:tl}
LIB= BlocksRuntime
SHLIB_MAJOR=0
CFLAGS+=-I${.CURDIR}
diff --git a/lib/libbluetooth/Makefile b/lib/libbluetooth/Makefile
index 7e2189221b8e..a8573ec2fffa 100644
--- a/lib/libbluetooth/Makefile
+++ b/lib/libbluetooth/Makefile
@@ -1,6 +1,7 @@
# $Id: Makefile,v 1.5 2003/07/22 18:38:04 max Exp $
# $FreeBSD$
+PACKAGE= lib${LIB}
LIB= bluetooth
MAN= bluetooth.3
diff --git a/lib/libbsdstat/Makefile b/lib/libbsdstat/Makefile
index aef0ec241923..dea45f52b92b 100644
--- a/lib/libbsdstat/Makefile
+++ b/lib/libbsdstat/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE= lib${LIB}
LIB= bsdstat
SHLIB_MAJOR= 1
PRIVATELIB=
diff --git a/lib/libbsm/Makefile b/lib/libbsm/Makefile
index 037def718bcd..4416227da066 100644
--- a/lib/libbsm/Makefile
+++ b/lib/libbsm/Makefile
@@ -2,6 +2,7 @@
# $FreeBSD$
#
+PACKAGE= lib${LIB}
OPENBSMDIR= ${.CURDIR}/../../contrib/openbsm
_LIBBSMDIR= ${OPENBSMDIR}/libbsm
diff --git a/lib/libbsnmp/Makefile.inc b/lib/libbsnmp/Makefile.inc
index 82f48accf146..5c3fdade33e7 100644
--- a/lib/libbsnmp/Makefile.inc
+++ b/lib/libbsnmp/Makefile.inc
@@ -2,5 +2,6 @@
NO_WERROR=
INCSDIR= ${INCLUDEDIR}/bsnmp
+PACKAGE= bsnmp
.include "../Makefile.inc"
diff --git a/lib/libbz2/Makefile b/lib/libbz2/Makefile
index b505927b4fb7..93c724ee0954 100644
--- a/lib/libbz2/Makefile
+++ b/lib/libbz2/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE= lib${LIB}
BZ2DIR= ${.CURDIR}/../../contrib/bzip2
.PATH: ${BZ2DIR}
diff --git a/lib/libc++/Makefile b/lib/libc++/Makefile
index 94e91b94b003..7794928bc328 100644
--- a/lib/libc++/Makefile
+++ b/lib/libc++/Makefile
@@ -2,6 +2,7 @@
.include <src.opts.mk>
+PACKAGE= clibs
_LIBCXXRTDIR= ${.CURDIR}/../../contrib/libcxxrt
HDRDIR= ${.CURDIR}/../../contrib/libc++/include
SRCDIR= ${.CURDIR}/../../contrib/libc++/src
diff --git a/lib/libc/Makefile b/lib/libc/Makefile
index 707fc1a46a18..17b9720f3605 100644
--- a/lib/libc/Makefile
+++ b/lib/libc/Makefile
@@ -1,6 +1,7 @@
# @(#)Makefile 8.2 (Berkeley) 2/3/94
# $FreeBSD$
+PACKAGE= clibs
SHLIBDIR?= /lib
.include <src.opts.mk>
diff --git a/lib/libc/tests/Makefile b/lib/libc/tests/Makefile
index ff1af5514501..8276422cc7f4 100644
--- a/lib/libc/tests/Makefile
+++ b/lib/libc/tests/Makefile
@@ -2,6 +2,10 @@
.include <src.opts.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
SUBDIR= tls_dso
TESTS_SUBDIRS= c063
diff --git a/lib/libc/tests/c063/Makefile b/lib/libc/tests/c063/Makefile
index 05da6ea212a9..779062881249 100644
--- a/lib/libc/tests/c063/Makefile
+++ b/lib/libc/tests/c063/Makefile
@@ -2,6 +2,10 @@
#TODO: t_o_search
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
NETBSD_ATF_TESTS_C= faccessat_test
NETBSD_ATF_TESTS_C+= fchmodat_test
NETBSD_ATF_TESTS_C+= fchownat_test
diff --git a/lib/libc/tests/db/Makefile b/lib/libc/tests/db/Makefile
index eb0ce395e28a..ffe90d0b7a77 100644
--- a/lib/libc/tests/db/Makefile
+++ b/lib/libc/tests/db/Makefile
@@ -1,5 +1,9 @@
# $FreeBSD$
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
BINDIR= ${TESTSDIR}
PROGS= h_db
diff --git a/lib/libc/tests/gen/Makefile b/lib/libc/tests/gen/Makefile
index 083097730cc0..b4e14d97151c 100644
--- a/lib/libc/tests/gen/Makefile
+++ b/lib/libc/tests/gen/Makefile
@@ -2,6 +2,10 @@
.include <bsd.own.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
ATF_TESTS_C+= arc4random_test
ATF_TESTS_C+= fmtcheck2_test
ATF_TESTS_C+= fmtmsg_test
diff --git a/lib/libc/tests/gen/execve/Makefile b/lib/libc/tests/gen/execve/Makefile
index 5e8bc6fb7640..a9800db5fcf9 100644
--- a/lib/libc/tests/gen/execve/Makefile
+++ b/lib/libc/tests/gen/execve/Makefile
@@ -2,6 +2,10 @@
.include <bsd.own.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
NETBSD_ATF_TESTS_C= execve_test
.include "../../Makefile.netbsd-tests"
diff --git a/lib/libc/tests/gen/posix_spawn/Makefile b/lib/libc/tests/gen/posix_spawn/Makefile
index 9b687c6d5fed..659f73bad2c7 100644
--- a/lib/libc/tests/gen/posix_spawn/Makefile
+++ b/lib/libc/tests/gen/posix_spawn/Makefile
@@ -2,6 +2,10 @@
.include <bsd.own.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
BINDIR= ${TESTSDIR}
NETBSD_ATF_TESTS_C= fileactions_test
diff --git a/lib/libc/tests/hash/Makefile b/lib/libc/tests/hash/Makefile
index 6facb5a1bdf0..188ba7f1400e 100644
--- a/lib/libc/tests/hash/Makefile
+++ b/lib/libc/tests/hash/Makefile
@@ -2,6 +2,10 @@
.include <src.opts.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
NETBSD_ATF_TESTS_C=
.if ${MK_OPENSSL} != "no"
diff --git a/lib/libc/tests/inet/Makefile b/lib/libc/tests/inet/Makefile
index ee6f98e2f71f..f06150834cb2 100644
--- a/lib/libc/tests/inet/Makefile
+++ b/lib/libc/tests/inet/Makefile
@@ -2,6 +2,10 @@
.include <bsd.own.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
NETBSD_ATF_TESTS_C= inet_network_test
.include "../Makefile.netbsd-tests"
diff --git a/lib/libc/tests/locale/Makefile b/lib/libc/tests/locale/Makefile
index e05cbae3ac9f..5a5954ac7db9 100644
--- a/lib/libc/tests/locale/Makefile
+++ b/lib/libc/tests/locale/Makefile
@@ -2,6 +2,10 @@
.include <bsd.own.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
ATF_TESTS_C+= btowc_test
ATF_TESTS_C+= c16rtomb_test
ATF_TESTS_C+= iswctype_test
diff --git a/lib/libc/tests/net/Makefile b/lib/libc/tests/net/Makefile
index e126848f9727..56710c150aa8 100644
--- a/lib/libc/tests/net/Makefile
+++ b/lib/libc/tests/net/Makefile
@@ -1,5 +1,9 @@
# $FreeBSD$
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
ATF_TESTS_C+= ether_test
ATF_TESTS_C+= eui64_aton_test
ATF_TESTS_C+= eui64_ntoa_test
diff --git a/lib/libc/tests/nss/Makefile b/lib/libc/tests/nss/Makefile
index 1b777c2b26d3..da676a732e9e 100644
--- a/lib/libc/tests/nss/Makefile
+++ b/lib/libc/tests/nss/Makefile
@@ -1,6 +1,10 @@
# $FreeBSD$
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
TESTSDIR= ${TESTSBASE}/lib/libc/nss
+
BINDIR= ${TESTSDIR}
.PATH: ${.CURDIR:H}/resolv
diff --git a/lib/libc/tests/regex/Makefile b/lib/libc/tests/regex/Makefile
index 946bc445846b..f60d512dc09b 100644
--- a/lib/libc/tests/regex/Makefile
+++ b/lib/libc/tests/regex/Makefile
@@ -2,6 +2,10 @@
.include <bsd.own.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
BINDIR= ${TESTSDIR}
IMPLEMENTATION?= -DREGEX_SPENCER
diff --git a/lib/libc/tests/resolv/Makefile b/lib/libc/tests/resolv/Makefile
index 4fb43d8955ed..cc17ef59afac 100644
--- a/lib/libc/tests/resolv/Makefile
+++ b/lib/libc/tests/resolv/Makefile
@@ -1,6 +1,10 @@
# $FreeBSD$
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
TESTSDIR= ${TESTSBASE}/lib/libc/resolv
+
BINDIR= ${TESTSDIR}
FILES+= mach
diff --git a/lib/libc/tests/rpc/Makefile b/lib/libc/tests/rpc/Makefile
index d7780ef4b86c..6a6ae7b1c639 100644
--- a/lib/libc/tests/rpc/Makefile
+++ b/lib/libc/tests/rpc/Makefile
@@ -1,5 +1,9 @@
# $FreeBSD$
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
SRCS.xdr_test= ${RPCSRC:.x=_xdr.c} t_xdr.c ${RPCSRC:.x=.h} \
h_testbits.h
diff --git a/lib/libc/tests/setjmp/Makefile b/lib/libc/tests/setjmp/Makefile
index 39b0a96295f4..b645b4d8eb07 100644
--- a/lib/libc/tests/setjmp/Makefile
+++ b/lib/libc/tests/setjmp/Makefile
@@ -1,5 +1,9 @@
# $FreeBSD$
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
NETBSD_ATF_TESTS_C= setjmp_test
NETBSD_ATF_TESTS_C+= threadjmp_test
diff --git a/lib/libc/tests/ssp/Makefile b/lib/libc/tests/ssp/Makefile
index 61cacedfb3a6..09adf97d5560 100644
--- a/lib/libc/tests/ssp/Makefile
+++ b/lib/libc/tests/ssp/Makefile
@@ -2,6 +2,10 @@
.include <bsd.own.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
NO_WERROR=
WARNS?= 2
diff --git a/lib/libc/tests/stdio/Makefile b/lib/libc/tests/stdio/Makefile
index 72685e078e72..50484fd54b44 100644
--- a/lib/libc/tests/stdio/Makefile
+++ b/lib/libc/tests/stdio/Makefile
@@ -2,6 +2,10 @@
.include <bsd.own.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
ATF_TESTS_C+= fdopen_test
ATF_TESTS_C+= fmemopen2_test
ATF_TESTS_C+= fopen2_test
diff --git a/lib/libc/tests/stdlib/Makefile b/lib/libc/tests/stdlib/Makefile
index 87e84c5df51c..08f34b0a0e28 100644
--- a/lib/libc/tests/stdlib/Makefile
+++ b/lib/libc/tests/stdlib/Makefile
@@ -1,5 +1,9 @@
# $FreeBSD$
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
ATF_TESTS_C+= heapsort_test
ATF_TESTS_C+= mergesort_test
ATF_TESTS_C+= qsort_test
diff --git a/lib/libc/tests/string/Makefile b/lib/libc/tests/string/Makefile
index ea2dfcff20f0..a8db9c33b760 100644
--- a/lib/libc/tests/string/Makefile
+++ b/lib/libc/tests/string/Makefile
@@ -1,5 +1,9 @@
# $FreeBSD$
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
ATF_TESTS_C+= memcmp_test
ATF_TESTS_C+= stpncpy_test
ATF_TESTS_C+= strerror2_test
diff --git a/lib/libc/tests/sys/Makefile b/lib/libc/tests/sys/Makefile
index c7b005301527..e79204a38a6e 100644
--- a/lib/libc/tests/sys/Makefile
+++ b/lib/libc/tests/sys/Makefile
@@ -2,6 +2,10 @@
.include <bsd.own.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
ATF_TESTS_C+= queue_test
# TODO: clone, lwp_create, lwp_ctl, posix_fadvise, recvmmsg,
@@ -68,13 +72,15 @@ WARNS?= 3
WARNS?= 4
.endif
-FILESGROUPS= FILES truncate_test_FILES
+FILESGROUPS+= FILES truncate_test_FILES
truncate_test_FILES= truncate_test.root_owned
truncate_test_FILESDIR= ${TESTSDIR}
truncate_test_FILESMODE= 0600
truncate_test_FILESOWNER= root
truncate_test_FILESGRP= wheel
+truncate_test_FILESPACKAGE= ${PACKAGE}
+FILESPACKAGE= ${PACKAGE}
CLEANFILES= truncate_test.root_owned
truncate_test.root_owned:
diff --git a/lib/libc/tests/termios/Makefile b/lib/libc/tests/termios/Makefile
index 0495d684b505..81b0ff1d8ba6 100644
--- a/lib/libc/tests/termios/Makefile
+++ b/lib/libc/tests/termios/Makefile
@@ -2,6 +2,10 @@
.include <bsd.own.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
NETBSD_ATF_TESTS_C= tcsetpgrp_test
.include "../Makefile.netbsd-tests"
diff --git a/lib/libc/tests/time/Makefile b/lib/libc/tests/time/Makefile
index feb543dad243..49745e2331ec 100644
--- a/lib/libc/tests/time/Makefile
+++ b/lib/libc/tests/time/Makefile
@@ -2,6 +2,10 @@
.include <bsd.own.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
NETBSD_ATF_TESTS_C= mktime_test
NETBSD_ATF_TESTS_C+= strptime_test
diff --git a/lib/libc/tests/tls/Makefile b/lib/libc/tests/tls/Makefile
index cbf441d6e1b1..0e98fed0ba18 100644
--- a/lib/libc/tests/tls/Makefile
+++ b/lib/libc/tests/tls/Makefile
@@ -2,6 +2,10 @@
.include <bsd.own.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
.if !defined(NO_PIC)
SUBDIR+= dso
.endif
diff --git a/lib/libc/tests/tls/dso/Makefile b/lib/libc/tests/tls/dso/Makefile
index 9b698cd5f5c2..74f826aeaaf5 100644
--- a/lib/libc/tests/tls/dso/Makefile
+++ b/lib/libc/tests/tls/dso/Makefile
@@ -1,5 +1,9 @@
# $FreeBSD$
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
OBJTOP= ${.OBJDIR:H:H:H:H:H}
TESTSRC= ${SRCTOP}/contrib/netbsd-tests/lib/libc/tls/${.CURDIR:T}
diff --git a/lib/libc/tests/tls_dso/Makefile b/lib/libc/tests/tls_dso/Makefile
index 5449799de96c..79b05f89e3c9 100644
--- a/lib/libc/tests/tls_dso/Makefile
+++ b/lib/libc/tests/tls_dso/Makefile
@@ -2,6 +2,10 @@
.include <bsd.own.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
LIB= h_tls_dynamic
SRCS= h_tls_dynamic.c
diff --git a/lib/libc/tests/ttyio/Makefile b/lib/libc/tests/ttyio/Makefile
index d5b8f0168558..c9520fbdb318 100644
--- a/lib/libc/tests/ttyio/Makefile
+++ b/lib/libc/tests/ttyio/Makefile
@@ -2,6 +2,10 @@
.include <bsd.own.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
# TODO: ptm_test
NETBSD_ATF_TESTS_C= ttyio_test
diff --git a/lib/libcalendar/Makefile b/lib/libcalendar/Makefile
index b0ae002fd5e9..d217a10a7f5c 100644
--- a/lib/libcalendar/Makefile
+++ b/lib/libcalendar/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE= lib${LIB}
LIB= calendar
SRCS= calendar.c easter.c
diff --git a/lib/libcam/Makefile b/lib/libcam/Makefile
index c44836947d51..a4cae7aa8a6c 100644
--- a/lib/libcam/Makefile
+++ b/lib/libcam/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE= lib${LIB}
LIB= cam
SHLIBDIR?= /lib
SRCS= camlib.c scsi_cmdparse.c scsi_all.c scsi_da.c scsi_sa.c cam.c \
diff --git a/lib/libcapsicum/Makefile b/lib/libcapsicum/Makefile
new file mode 100644
index 000000000000..bf34f6f4ffc1
--- /dev/null
+++ b/lib/libcapsicum/Makefile
@@ -0,0 +1,47 @@
+# $FreeBSD$
+
+PACKAGE= lib${LIB}
+LIB= capsicum
+
+SHLIB_MAJOR= 0
+SHLIBDIR?= /lib
+
+SRCS= libcapsicum.c
+SRCS+= libcapsicum_dns.c
+SRCS+= libcapsicum_grp.c
+SRCS+= libcapsicum_pwd.c
+SRCS+= libcapsicum_random.c
+SRCS+= libcapsicum_service.c
+SRCS+= libcapsicum_sysctl.c
+
+INCS= libcapsicum.h
+INCS+= libcapsicum_dns.h
+INCS+= libcapsicum_grp.h
+INCS+= libcapsicum_pwd.h
+INCS+= libcapsicum_random.h
+INCS+= libcapsicum_service.h
+INCS+= libcapsicum_sysctl.h
+
+LIBADD= nv
+
+CFLAGS+=-I${.CURDIR}
+CFLAGS+=-I${.CURDIR}/../libnv
+
+WARNS?= 6
+
+MAN+= libcapsicum.3
+
+MLINKS+=libcapsicum.3 cap_init.3
+MLINKS+=libcapsicum.3 cap_wrap.3
+MLINKS+=libcapsicum.3 cap_unwrap.3
+MLINKS+=libcapsicum.3 cap_sock.3
+MLINKS+=libcapsicum.3 cap_clone.3
+MLINKS+=libcapsicum.3 cap_close.3
+MLINKS+=libcapsicum.3 cap_limit_get.3
+MLINKS+=libcapsicum.3 cap_limit_set.3
+MLINKS+=libcapsicum.3 cap_send_nvlist.3
+MLINKS+=libcapsicum.3 cap_recv_nvlist.3
+MLINKS+=libcapsicum.3 cap_xfer_nvlist.3
+MLINKS+=libcapsicum.3 cap_service_open.3
+
+.include <bsd.lib.mk>
diff --git a/lib/libcapsicum/Makefile.depend b/lib/libcapsicum/Makefile.depend
new file mode 100644
index 000000000000..4f7989bd2e64
--- /dev/null
+++ b/lib/libcapsicum/Makefile.depend
@@ -0,0 +1,19 @@
+# $FreeBSD$
+# Autogenerated - do NOT edit!
+
+DIRDEPS = \
+ gnu/lib/csu \
+ gnu/lib/libgcc \
+ include \
+ include/xlocale \
+ lib/${CSU_DIR} \
+ lib/libc \
+ lib/libcompiler_rt \
+ lib/libnv \
+
+
+.include <dirdeps.mk>
+
+.if ${DEP_RELDIR} == ${_DEP_RELDIR}
+# local dependencies - needed for -jN in clean tree
+.endif
diff --git a/lib/libcapsicum/libcapsicum.3 b/lib/libcapsicum/libcapsicum.3
new file mode 100644
index 000000000000..cbfd214a3bc5
--- /dev/null
+++ b/lib/libcapsicum/libcapsicum.3
@@ -0,0 +1,300 @@
+.\" Copyright (c) 2013 The FreeBSD Foundation
+.\" All rights reserved.
+.\"
+.\" This documentation was written by Pawel Jakub Dawidek under sponsorship
+.\" from the FreeBSD Foundation.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd May 2, 2015
+.Dt LIBCAPSICUM 3
+.Os
+.Sh NAME
+.Nm cap_init ,
+.Nm cap_wrap ,
+.Nm cap_unwrap ,
+.Nm cap_sock ,
+.Nm cap_clone ,
+.Nm cap_close ,
+.Nm cap_limit_get ,
+.Nm cap_limit_set ,
+.Nm cap_send_nvlist ,
+.Nm cap_recv_nvlist ,
+.Nm cap_xfer_nvlist ,
+.Nm cap_service_open
+.Nd "library for handling application capabilities"
+.Sh LIBRARY
+.Lb libcapsicum
+.Sh SYNOPSIS
+.In libcapsicum.h
+.In nv.h
+.Ft "cap_channel_t *"
+.Fn cap_init "void"
+.Ft "cap_channel_t *"
+.Fn cap_wrap "int sock"
+.Ft "int"
+.Fn cap_unwrap "cap_channel_t *chan"
+.Ft "int"
+.Fn cap_sock "const cap_channel_t *chan"
+.Ft "cap_channel_t *"
+.Fn cap_clone "const cap_channel_t *chan"
+.Ft "void"
+.Fn cap_close "cap_channel_t *chan"
+.Ft "int"
+.Fn cap_limit_get "const cap_channel_t *chan" "nvlist_t **limitsp"
+.Ft "int"
+.Fn cap_limit_set "const cap_channel_t *chan" "nvlist_t *limits"
+.Ft "int"
+.Fn cap_send_nvlist "const cap_channel_t *chan" "const nvlist_t *nvl"
+.Ft "nvlist_t *"
+.Fn cap_recv_nvlist "const cap_channel_t *chan" "int flags"
+.Ft "nvlist_t *"
+.Fn cap_xfer_nvlist "const cap_channel_t *chan" "nvlist_t *nvl" "int flags"
+.In libcapsicum_service.h
+.Ft "cap_channel_t *"
+.Fn cap_service_open "const cap_channel_t *chan" "const char *name"
+.Sh DESCRIPTION
+The
+.Nm libcapsicum
+library allows to manage application capabilities through the
+.Xr casperd 8
+daemon.
+.Pp
+The application capability (represented by the
+.Vt cap_channel_t
+type) is a communication channel between the caller and the
+.Xr casperd 8
+daemon or an instance of one of its services.
+A capability to the
+.Xr casperd 8
+daemon obtained with the
+.Fn cap_init
+function allows to create capabilities to casper's services via the
+.Fn cap_service_open
+function.
+.Pp
+The
+.Fn cap_init
+function opens capability to the
+.Xr casperd 8
+daemon.
+.Pp
+The
+.Fn cap_wrap
+function creates
+.Vt cap_channel_t
+based on the given socket.
+The function is used when capability is inherited through
+.Xr execve 2
+or send over
+.Xr unix 4
+domain socket as a regular file descriptor and has to be represented as
+.Vt cap_channel_t
+again.
+.Pp
+The
+.Fn cap_unwrap
+function is the opposite of the
+.Fn cap_wrap
+function.
+It frees the
+.Vt cap_channel_t
+structure and returns
+.Xr unix 4
+domain socket associated with it.
+.Pp
+The
+.Fn cap_clone
+function clones the given capability.
+.Pp
+The
+.Fn cap_close
+function closes the given capability.
+.Pp
+The
+.Fn cap_sock
+function returns
+.Xr unix 4
+domain socket descriptor associated with the given capability for use with
+system calls like
+.Xr kevent 2 ,
+.Xr poll 2
+and
+.Xr select 2 .
+.Pp
+The
+.Fn cap_limit_get
+function stores current limits of the given capability in the
+.Fa limitsp
+argument.
+If the function return
+.Va 0
+and
+.Dv NULL
+is stored in
+.Fa limitsp
+it means there are no limits set.
+.Pp
+The
+.Fn cap_limit_set
+function sets limits for the given capability.
+The limits are provided as nvlist.
+The exact format depends on the service the capability represents.
+.Pp
+The
+.Fn cap_send_nvlist
+function sends the given nvlist over the given capability.
+This is low level interface to communicate with casper services.
+Most services should provide higher level API.
+.Pp
+The
+.Fn cap_recv_nvlist
+function receives the given nvlist over the given capability.
+The
+.Fa flags
+argument defines what type the top nvlist is expected to be.
+If the nvlist flags do not match the flags passed to
+.Fn cap_recv_nvlist ,
+the nvlist will not be returned.
+.Pp
+The
+.Fn cap_xfer_nvlist
+function sends the given nvlist, destroys it and receives new nvlist in
+response over the given capability.
+The
+.Fa flags
+argument defines what type the top nvlist is expected to be.
+If the nvlist flags do not match the flags passed to
+.Fn cap_xfer_nvlist ,
+the nvlist will not be returned.
+It does not matter if the function succeeds or fails, the nvlist given
+for sending will always be destroyed once the function returns.
+.Pp
+The
+.Fn cap_service_open
+function opens casper service of the given name through casper capability
+obtained via the
+.Fn cap_init
+function.
+The function returns capability that provides access to opened service.
+.Sh RETURN VALUES
+The
+.Fn cap_clone ,
+.Fn cap_init ,
+.Fn cap_recv_nvlist ,
+.Fn cap_service_open ,
+.Fn cap_wrap
+and
+.Fn cap_xfer_nvlist
+functions return
+.Dv NULL
+and set the
+.Va errno
+variable on failure.
+.Pp
+The
+.Fn cap_limit_get ,
+.Fn cap_limit_set
+and
+.Fn cap_send_nvlist
+functions return
+.Dv -1
+and set the
+.Va errno
+variable on failure.
+.Pp
+The
+.Fn cap_close ,
+.Fn cap_sock
+and
+.Fn cap_unwrap
+functions always succeed.
+.Sh EXAMPLES
+The following example first opens capability to the
+.Xr casperd 8
+daemon, then using this capability creates new capability to the
+.Nm system.dns
+casper service and uses the latter capability to resolve IP address.
+.Bd -literal
+cap_channel_t *capcas, *capdns;
+nvlist_t *limits;
+const char *ipstr = "127.0.0.1";
+struct in_addr ip;
+struct hostent *hp;
+
+/* Open capability to the Casper daemon. */
+capcas = cap_init();
+if (capcas == NULL)
+ err(1, "Unable to contact Casper daemon");
+
+/* Enter capability mode sandbox. */
+if (cap_enter() < 0 && errno != ENOSYS)
+ err(1, "Unable to enter capability mode");
+
+/* Use Casper capability to create capability to the system.dns service. */
+capdns = cap_service_open(capcas, "system.dns");
+if (capdns == NULL)
+ err(1, "Unable to open system.dns service");
+
+/* Close Casper capability, we don't need it anymore. */
+cap_close(capcas);
+
+/* Limit system.dns to reverse DNS lookups and IPv4 addresses. */
+limits = nvlist_create(0);
+nvlist_add_string(limits, "type", "ADDR");
+nvlist_add_number(limits, "family", (uint64_t)AF_INET);
+if (cap_limit_set(capdns, limits) < 0)
+ err(1, "Unable to limit access to the system.dns service");
+
+/* Convert IP address in C-string to in_addr. */
+if (!inet_aton(ipstr, &ip))
+ errx(1, "Unable to parse IP address %s.", ipstr);
+
+/* Find hostname for the given IP address. */
+hp = cap_gethostbyaddr(capdns, (const void *)&ip, sizeof(ip), AF_INET);
+if (hp == NULL)
+ errx(1, "No name associated with %s.", ipstr);
+
+printf("Name associated with %s is %s.\\n", ipstr, hp->h_name);
+.Ed
+.Sh SEE ALSO
+.Xr cap_enter 2 ,
+.Xr execve 2 ,
+.Xr kevent 2 ,
+.Xr poll 2 ,
+.Xr select 2 ,
+.Xr cap_gethostbyaddr 3 ,
+.Xr err 3 ,
+.Xr gethostbyaddr 3 ,
+.Xr inet_aton 3 ,
+.Xr nv 3 ,
+.Xr capsicum 4 ,
+.Xr unix 4 ,
+.Xr casperd 8
+.Sh AUTHORS
+The
+.Nm libcapsicum
+library was implemented by
+.An Pawel Jakub Dawidek Aq Mt pawel@dawidek.net
+under sponsorship from the FreeBSD Foundation.
diff --git a/lib/libcapsicum/libcapsicum.c b/lib/libcapsicum/libcapsicum.c
new file mode 100644
index 000000000000..8c4d04da157e
--- /dev/null
+++ b/lib/libcapsicum/libcapsicum.c
@@ -0,0 +1,266 @@
+/*-
+ * Copyright (c) 2012-2013 The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * This software was developed by Pawel Jakub Dawidek under sponsorship from
+ * the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/nv.h>
+
+#include <assert.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "libcapsicum.h"
+#include "libcapsicum_impl.h"
+
+/*
+ * Structure describing communication channel between two separated processes.
+ */
+#define CAP_CHANNEL_MAGIC 0xcac8a31
+struct cap_channel {
+ /*
+ * Magic value helps to ensure that a pointer to the right structure is
+ * passed to our functions.
+ */
+ int cch_magic;
+ /* Socket descriptor for IPC. */
+ int cch_sock;
+};
+
+bool
+fd_is_valid(int fd)
+{
+
+ return (fcntl(fd, F_GETFL) != -1 || errno != EBADF);
+}
+
+cap_channel_t *
+cap_init(void)
+{
+ cap_channel_t *chan;
+ struct sockaddr_un sun;
+ int serrno, sock;
+
+ bzero(&sun, sizeof(sun));
+ sun.sun_family = AF_UNIX;
+ strlcpy(sun.sun_path, CASPER_SOCKPATH, sizeof(sun.sun_path));
+ sun.sun_len = SUN_LEN(&sun);
+
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (sock == -1)
+ return (NULL);
+ if (connect(sock, (struct sockaddr *)&sun, sizeof(sun)) < 0) {
+ serrno = errno;
+ close(sock);
+ errno = serrno;
+ return (NULL);
+ }
+ chan = cap_wrap(sock);
+ if (chan == NULL) {
+ serrno = errno;
+ close(sock);
+ errno = serrno;
+ return (NULL);
+ }
+ return (chan);
+}
+
+cap_channel_t *
+cap_wrap(int sock)
+{
+ cap_channel_t *chan;
+
+ if (!fd_is_valid(sock))
+ return (NULL);
+
+ chan = malloc(sizeof(*chan));
+ if (chan != NULL) {
+ chan->cch_sock = sock;
+ chan->cch_magic = CAP_CHANNEL_MAGIC;
+ }
+
+ return (chan);
+}
+
+int
+cap_unwrap(cap_channel_t *chan)
+{
+ int sock;
+
+ assert(chan != NULL);
+ assert(chan->cch_magic == CAP_CHANNEL_MAGIC);
+
+ sock = chan->cch_sock;
+ chan->cch_magic = 0;
+ free(chan);
+
+ return (sock);
+}
+
+cap_channel_t *
+cap_clone(const cap_channel_t *chan)
+{
+ cap_channel_t *newchan;
+ nvlist_t *nvl;
+ int newsock;
+
+ assert(chan != NULL);
+ assert(chan->cch_magic == CAP_CHANNEL_MAGIC);
+
+ nvl = nvlist_create(0);
+ nvlist_add_string(nvl, "cmd", "clone");
+ nvl = cap_xfer_nvlist(chan, nvl, 0);
+ if (nvl == NULL)
+ return (NULL);
+ if (nvlist_get_number(nvl, "error") != 0) {
+ errno = (int)nvlist_get_number(nvl, "error");
+ nvlist_destroy(nvl);
+ return (NULL);
+ }
+ newsock = nvlist_take_descriptor(nvl, "sock");
+ nvlist_destroy(nvl);
+ newchan = cap_wrap(newsock);
+ if (newchan == NULL) {
+ int serrno;
+
+ serrno = errno;
+ close(newsock);
+ errno = serrno;
+ }
+
+ return (newchan);
+}
+
+void
+cap_close(cap_channel_t *chan)
+{
+
+ assert(chan != NULL);
+ assert(chan->cch_magic == CAP_CHANNEL_MAGIC);
+
+ chan->cch_magic = 0;
+ close(chan->cch_sock);
+ free(chan);
+}
+
+int
+cap_sock(const cap_channel_t *chan)
+{
+
+ assert(chan != NULL);
+ assert(chan->cch_magic == CAP_CHANNEL_MAGIC);
+
+ return (chan->cch_sock);
+}
+
+int
+cap_limit_set(const cap_channel_t *chan, nvlist_t *limits)
+{
+ nvlist_t *nvlmsg;
+ int error;
+
+ nvlmsg = nvlist_create(0);
+ nvlist_add_string(nvlmsg, "cmd", "limit_set");
+ nvlist_add_nvlist(nvlmsg, "limits", limits);
+ nvlmsg = cap_xfer_nvlist(chan, nvlmsg, 0);
+ if (nvlmsg == NULL) {
+ nvlist_destroy(limits);
+ return (-1);
+ }
+ error = (int)nvlist_get_number(nvlmsg, "error");
+ nvlist_destroy(nvlmsg);
+ nvlist_destroy(limits);
+ if (error != 0) {
+ errno = error;
+ return (-1);
+ }
+ return (0);
+}
+
+int
+cap_limit_get(const cap_channel_t *chan, nvlist_t **limitsp)
+{
+ nvlist_t *nvlmsg;
+ int error;
+
+ nvlmsg = nvlist_create(0);
+ nvlist_add_string(nvlmsg, "cmd", "limit_get");
+ nvlmsg = cap_xfer_nvlist(chan, nvlmsg, 0);
+ if (nvlmsg == NULL)
+ return (-1);
+ error = (int)nvlist_get_number(nvlmsg, "error");
+ if (error != 0) {
+ nvlist_destroy(nvlmsg);
+ errno = error;
+ return (-1);
+ }
+ if (nvlist_exists_null(nvlmsg, "limits"))
+ *limitsp = NULL;
+ else
+ *limitsp = nvlist_take_nvlist(nvlmsg, "limits");
+ nvlist_destroy(nvlmsg);
+ return (0);
+}
+
+int
+cap_send_nvlist(const cap_channel_t *chan, const nvlist_t *nvl)
+{
+
+ assert(chan != NULL);
+ assert(chan->cch_magic == CAP_CHANNEL_MAGIC);
+
+ return (nvlist_send(chan->cch_sock, nvl));
+}
+
+nvlist_t *
+cap_recv_nvlist(const cap_channel_t *chan, int flags)
+{
+
+ assert(chan != NULL);
+ assert(chan->cch_magic == CAP_CHANNEL_MAGIC);
+
+ return (nvlist_recv(chan->cch_sock, flags));
+}
+
+nvlist_t *
+cap_xfer_nvlist(const cap_channel_t *chan, nvlist_t *nvl, int flags)
+{
+
+ assert(chan != NULL);
+ assert(chan->cch_magic == CAP_CHANNEL_MAGIC);
+
+ return (nvlist_xfer(chan->cch_sock, nvl, flags));
+}
diff --git a/lib/libcapsicum/libcapsicum.h b/lib/libcapsicum/libcapsicum.h
new file mode 100644
index 000000000000..c7110d86c9ed
--- /dev/null
+++ b/lib/libcapsicum/libcapsicum.h
@@ -0,0 +1,115 @@
+/*-
+ * Copyright (c) 2012-2013 The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * This software was developed by Pawel Jakub Dawidek under sponsorship from
+ * the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef _LIBCAPSICUM_H_
+#define _LIBCAPSICUM_H_
+
+#ifndef _NVLIST_T_DECLARED
+#define _NVLIST_T_DECLARED
+struct nvlist;
+
+typedef struct nvlist nvlist_t;
+#endif
+
+#ifndef _CAP_CHANNEL_T_DECLARED
+#define _CAP_CHANNEL_T_DECLARED
+struct cap_channel;
+
+typedef struct cap_channel cap_channel_t;
+#endif
+
+/*
+ * The function opens unrestricted communication channel to Casper.
+ */
+cap_channel_t *cap_init(void);
+
+/*
+ * The function creates cap_channel_t based on the given socket.
+ */
+cap_channel_t *cap_wrap(int sock);
+
+/*
+ * The function returns communication socket and frees cap_channel_t.
+ */
+int cap_unwrap(cap_channel_t *chan);
+
+/*
+ * The function clones the given capability.
+ */
+cap_channel_t *cap_clone(const cap_channel_t *chan);
+
+/*
+ * The function closes the given capability.
+ */
+void cap_close(cap_channel_t *chan);
+
+/*
+ * The function returns socket descriptor associated with the given
+ * cap_channel_t for use with select(2)/kqueue(2)/etc.
+ */
+int cap_sock(const cap_channel_t *chan);
+
+/*
+ * The function limits the given capability.
+ * It always destroys 'limits' on return.
+ */
+int cap_limit_set(const cap_channel_t *chan, nvlist_t *limits);
+
+/*
+ * The function returns current limits of the given capability.
+ */
+int cap_limit_get(const cap_channel_t *chan, nvlist_t **limitsp);
+
+#ifdef TODO
+/*
+ * The function registers a service within provided Casper's capability.
+ * It will run with the same privileges the process has at the time of
+ * calling this function.
+ */
+int cap_service_register(cap_channel_t *chan, const char *name,
+ cap_func_t *func);
+#endif
+
+/*
+ * Function sends nvlist over the given capability.
+ */
+int cap_send_nvlist(const cap_channel_t *chan, const nvlist_t *nvl);
+/*
+ * Function receives nvlist over the given capability.
+ */
+nvlist_t *cap_recv_nvlist(const cap_channel_t *chan, int flags);
+/*
+ * Function sends the given nvlist, destroys it and receives new nvlist in
+ * response over the given capability.
+ */
+nvlist_t *cap_xfer_nvlist(const cap_channel_t *chan, nvlist_t *nvl, int flags);
+
+#endif /* !_LIBCAPSICUM_H_ */
diff --git a/lib/libcapsicum/libcapsicum_dns.c b/lib/libcapsicum/libcapsicum_dns.c
new file mode 100644
index 000000000000..5f54283a460c
--- /dev/null
+++ b/lib/libcapsicum/libcapsicum_dns.c
@@ -0,0 +1,365 @@
+/*-
+ * Copyright (c) 2012-2013 The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * This software was developed by Pawel Jakub Dawidek under sponsorship from
+ * the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/nv.h>
+
+#include <assert.h>
+#include <netdb.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "libcapsicum.h"
+#include "libcapsicum_dns.h"
+
+static struct hostent hent;
+
+static void
+hostent_free(struct hostent *hp)
+{
+ unsigned int ii;
+
+ free(hp->h_name);
+ hp->h_name = NULL;
+ if (hp->h_aliases != NULL) {
+ for (ii = 0; hp->h_aliases[ii] != NULL; ii++)
+ free(hp->h_aliases[ii]);
+ free(hp->h_aliases);
+ hp->h_aliases = NULL;
+ }
+ if (hp->h_addr_list != NULL) {
+ for (ii = 0; hp->h_addr_list[ii] != NULL; ii++)
+ free(hp->h_addr_list[ii]);
+ free(hp->h_addr_list);
+ hp->h_addr_list = NULL;
+ }
+}
+
+static struct hostent *
+hostent_unpack(const nvlist_t *nvl, struct hostent *hp)
+{
+ unsigned int ii, nitems;
+ char nvlname[64];
+ int n;
+
+ hostent_free(hp);
+
+ hp->h_name = strdup(nvlist_get_string(nvl, "name"));
+ if (hp->h_name == NULL)
+ goto fail;
+ hp->h_addrtype = (int)nvlist_get_number(nvl, "addrtype");
+ hp->h_length = (int)nvlist_get_number(nvl, "length");
+
+ nitems = (unsigned int)nvlist_get_number(nvl, "naliases");
+ hp->h_aliases = calloc(sizeof(hp->h_aliases[0]), nitems + 1);
+ if (hp->h_aliases == NULL)
+ goto fail;
+ for (ii = 0; ii < nitems; ii++) {
+ n = snprintf(nvlname, sizeof(nvlname), "alias%u", ii);
+ assert(n > 0 && n < (int)sizeof(nvlname));
+ hp->h_aliases[ii] =
+ strdup(nvlist_get_string(nvl, nvlname));
+ if (hp->h_aliases[ii] == NULL)
+ goto fail;
+ }
+ hp->h_aliases[ii] = NULL;
+
+ nitems = (unsigned int)nvlist_get_number(nvl, "naddrs");
+ hp->h_addr_list = calloc(sizeof(hp->h_addr_list[0]), nitems + 1);
+ if (hp->h_addr_list == NULL)
+ goto fail;
+ for (ii = 0; ii < nitems; ii++) {
+ hp->h_addr_list[ii] = malloc(hp->h_length);
+ if (hp->h_addr_list[ii] == NULL)
+ goto fail;
+ n = snprintf(nvlname, sizeof(nvlname), "addr%u", ii);
+ assert(n > 0 && n < (int)sizeof(nvlname));
+ bcopy(nvlist_get_binary(nvl, nvlname, NULL),
+ hp->h_addr_list[ii], hp->h_length);
+ }
+ hp->h_addr_list[ii] = NULL;
+
+ return (hp);
+fail:
+ hostent_free(hp);
+ h_errno = NO_RECOVERY;
+ return (NULL);
+}
+
+struct hostent *
+cap_gethostbyname(cap_channel_t *chan, const char *name)
+{
+
+ return (cap_gethostbyname2(chan, name, AF_INET));
+}
+
+struct hostent *
+cap_gethostbyname2(cap_channel_t *chan, const char *name, int type)
+{
+ struct hostent *hp;
+ nvlist_t *nvl;
+
+ nvl = nvlist_create(0);
+ nvlist_add_string(nvl, "cmd", "gethostbyname");
+ nvlist_add_number(nvl, "family", (uint64_t)type);
+ nvlist_add_string(nvl, "name", name);
+ nvl = cap_xfer_nvlist(chan, nvl, 0);
+ if (nvl == NULL) {
+ h_errno = NO_RECOVERY;
+ return (NULL);
+ }
+ if (nvlist_get_number(nvl, "error") != 0) {
+ h_errno = (int)nvlist_get_number(nvl, "error");
+ nvlist_destroy(nvl);
+ return (NULL);
+ }
+
+ hp = hostent_unpack(nvl, &hent);
+ nvlist_destroy(nvl);
+ return (hp);
+}
+
+struct hostent *
+cap_gethostbyaddr(cap_channel_t *chan, const void *addr, socklen_t len,
+ int type)
+{
+ struct hostent *hp;
+ nvlist_t *nvl;
+
+ nvl = nvlist_create(0);
+ nvlist_add_string(nvl, "cmd", "gethostbyaddr");
+ nvlist_add_binary(nvl, "addr", addr, (size_t)len);
+ nvlist_add_number(nvl, "family", (uint64_t)type);
+ nvl = cap_xfer_nvlist(chan, nvl, 0);
+ if (nvl == NULL) {
+ h_errno = NO_RECOVERY;
+ return (NULL);
+ }
+ if (nvlist_get_number(nvl, "error") != 0) {
+ h_errno = (int)nvlist_get_number(nvl, "error");
+ nvlist_destroy(nvl);
+ return (NULL);
+ }
+ hp = hostent_unpack(nvl, &hent);
+ nvlist_destroy(nvl);
+ return (hp);
+}
+
+static struct addrinfo *
+addrinfo_unpack(const nvlist_t *nvl)
+{
+ struct addrinfo *ai;
+ const void *addr;
+ size_t addrlen;
+ const char *canonname;
+
+ addr = nvlist_get_binary(nvl, "ai_addr", &addrlen);
+ ai = malloc(sizeof(*ai) + addrlen);
+ if (ai == NULL)
+ return (NULL);
+ ai->ai_flags = (int)nvlist_get_number(nvl, "ai_flags");
+ ai->ai_family = (int)nvlist_get_number(nvl, "ai_family");
+ ai->ai_socktype = (int)nvlist_get_number(nvl, "ai_socktype");
+ ai->ai_protocol = (int)nvlist_get_number(nvl, "ai_protocol");
+ ai->ai_addrlen = (socklen_t)addrlen;
+ canonname = nvlist_get_string(nvl, "ai_canonname");
+ if (canonname != NULL) {
+ ai->ai_canonname = strdup(canonname);
+ if (ai->ai_canonname == NULL) {
+ free(ai);
+ return (NULL);
+ }
+ } else {
+ ai->ai_canonname = NULL;
+ }
+ ai->ai_addr = (void *)(ai + 1);
+ bcopy(addr, ai->ai_addr, addrlen);
+ ai->ai_next = NULL;
+
+ return (ai);
+}
+
+int
+cap_getaddrinfo(cap_channel_t *chan, const char *hostname, const char *servname,
+ const struct addrinfo *hints, struct addrinfo **res)
+{
+ struct addrinfo *firstai, *prevai, *curai;
+ unsigned int ii;
+ const nvlist_t *nvlai;
+ char nvlname[64];
+ nvlist_t *nvl;
+ int error, n;
+
+ nvl = nvlist_create(0);
+ nvlist_add_string(nvl, "cmd", "getaddrinfo");
+ nvlist_add_string(nvl, "hostname", hostname);
+ nvlist_add_string(nvl, "servname", servname);
+ if (hints != NULL) {
+ nvlist_add_number(nvl, "hints.ai_flags",
+ (uint64_t)hints->ai_flags);
+ nvlist_add_number(nvl, "hints.ai_family",
+ (uint64_t)hints->ai_family);
+ nvlist_add_number(nvl, "hints.ai_socktype",
+ (uint64_t)hints->ai_socktype);
+ nvlist_add_number(nvl, "hints.ai_protocol",
+ (uint64_t)hints->ai_protocol);
+ }
+ nvl = cap_xfer_nvlist(chan, nvl, 0);
+ if (nvl == NULL)
+ return (EAI_MEMORY);
+ if (nvlist_get_number(nvl, "error") != 0) {
+ error = (int)nvlist_get_number(nvl, "error");
+ nvlist_destroy(nvl);
+ return (error);
+ }
+
+ nvlai = NULL;
+ firstai = prevai = curai = NULL;
+ for (ii = 0; ; ii++) {
+ n = snprintf(nvlname, sizeof(nvlname), "res%u", ii);
+ assert(n > 0 && n < (int)sizeof(nvlname));
+ if (!nvlist_exists_nvlist(nvl, nvlname))
+ break;
+ nvlai = nvlist_get_nvlist(nvl, nvlname);
+ curai = addrinfo_unpack(nvlai);
+ if (curai == NULL)
+ break;
+ if (prevai != NULL)
+ prevai->ai_next = curai;
+ else if (firstai == NULL)
+ firstai = curai;
+ prevai = curai;
+ }
+ nvlist_destroy(nvl);
+ if (curai == NULL && nvlai != NULL) {
+ if (firstai == NULL)
+ freeaddrinfo(firstai);
+ return (EAI_MEMORY);
+ }
+
+ *res = firstai;
+ return (0);
+}
+
+int
+cap_getnameinfo(cap_channel_t *chan, const struct sockaddr *sa, socklen_t salen,
+ char *host, size_t hostlen, char *serv, size_t servlen, int flags)
+{
+ nvlist_t *nvl;
+ int error;
+
+ nvl = nvlist_create(0);
+ nvlist_add_string(nvl, "cmd", "getnameinfo");
+ nvlist_add_number(nvl, "hostlen", (uint64_t)hostlen);
+ nvlist_add_number(nvl, "servlen", (uint64_t)servlen);
+ nvlist_add_binary(nvl, "sa", sa, (size_t)salen);
+ nvlist_add_number(nvl, "flags", (uint64_t)flags);
+ nvl = cap_xfer_nvlist(chan, nvl, 0);
+ if (nvl == NULL)
+ return (EAI_MEMORY);
+ if (nvlist_get_number(nvl, "error") != 0) {
+ error = (int)nvlist_get_number(nvl, "error");
+ nvlist_destroy(nvl);
+ return (error);
+ }
+
+ if (host != NULL)
+ strlcpy(host, nvlist_get_string(nvl, "host"), hostlen + 1);
+ if (serv != NULL)
+ strlcpy(serv, nvlist_get_string(nvl, "serv"), servlen + 1);
+ nvlist_destroy(nvl);
+ return (0);
+}
+
+static void
+limit_remove(nvlist_t *limits, const char *prefix)
+{
+ const char *name;
+ size_t prefixlen;
+ void *cookie;
+
+ prefixlen = strlen(prefix);
+again:
+ cookie = NULL;
+ while ((name = nvlist_next(limits, NULL, &cookie)) != NULL) {
+ if (strncmp(name, prefix, prefixlen) == 0) {
+ nvlist_free(limits, name);
+ goto again;
+ }
+ }
+}
+
+int
+cap_dns_type_limit(cap_channel_t *chan, const char * const *types,
+ size_t ntypes)
+{
+ nvlist_t *limits;
+ unsigned int i;
+ char nvlname[64];
+ int n;
+
+ if (cap_limit_get(chan, &limits) < 0)
+ return (-1);
+ if (limits == NULL)
+ limits = nvlist_create(0);
+ else
+ limit_remove(limits, "type");
+ for (i = 0; i < ntypes; i++) {
+ n = snprintf(nvlname, sizeof(nvlname), "type%u", i);
+ assert(n > 0 && n < (int)sizeof(nvlname));
+ nvlist_add_string(limits, nvlname, types[i]);
+ }
+ return (cap_limit_set(chan, limits));
+}
+
+int
+cap_dns_family_limit(cap_channel_t *chan, const int *families,
+ size_t nfamilies)
+{
+ nvlist_t *limits;
+ unsigned int i;
+ char nvlname[64];
+ int n;
+
+ if (cap_limit_get(chan, &limits) < 0)
+ return (-1);
+ if (limits == NULL)
+ limits = nvlist_create(0);
+ else
+ limit_remove(limits, "family");
+ for (i = 0; i < nfamilies; i++) {
+ n = snprintf(nvlname, sizeof(nvlname), "family%u", i);
+ assert(n > 0 && n < (int)sizeof(nvlname));
+ nvlist_add_number(limits, nvlname, (uint64_t)families[i]);
+ }
+ return (cap_limit_set(chan, limits));
+}
diff --git a/lib/libcapsicum/libcapsicum_dns.h b/lib/libcapsicum/libcapsicum_dns.h
new file mode 100644
index 000000000000..02235107cec4
--- /dev/null
+++ b/lib/libcapsicum/libcapsicum_dns.h
@@ -0,0 +1,57 @@
+/*-
+ * Copyright (c) 2012 The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * This software was developed by Pawel Jakub Dawidek under sponsorship from
+ * the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef _LIBCAPSICUM_DNS_H_
+#define _LIBCAPSICUM_DNS_H_
+
+#include <sys/socket.h> /* socklen_t */
+
+struct addrinfo;
+struct hostent;
+
+struct hostent *cap_gethostbyname(cap_channel_t *chan, const char *name);
+struct hostent *cap_gethostbyname2(cap_channel_t *chan, const char *name,
+ int type);
+struct hostent *cap_gethostbyaddr(cap_channel_t *chan, const void *addr,
+ socklen_t len, int type);
+
+int cap_getaddrinfo(cap_channel_t *chan, const char *hostname,
+ const char *servname, const struct addrinfo *hints, struct addrinfo **res);
+int cap_getnameinfo(cap_channel_t *chan, const struct sockaddr *sa,
+ socklen_t salen, char *host, size_t hostlen, char *serv, size_t servlen,
+ int flags);
+
+int cap_dns_type_limit(cap_channel_t *chan, const char * const *types,
+ size_t ntypes);
+int cap_dns_family_limit(cap_channel_t *chan, const int *families,
+ size_t nfamilies);
+
+#endif /* !_LIBCAPSICUM_DNS_H_ */
diff --git a/lib/libcapsicum/libcapsicum_grp.c b/lib/libcapsicum/libcapsicum_grp.c
new file mode 100644
index 000000000000..44d573e77b82
--- /dev/null
+++ b/lib/libcapsicum/libcapsicum_grp.c
@@ -0,0 +1,438 @@
+/*-
+ * Copyright (c) 2013 The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * This software was developed by Pawel Jakub Dawidek under sponsorship from
+ * the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/dnv.h>
+#include <sys/nv.h>
+#include <sys/param.h>
+
+#include <assert.h>
+#include <errno.h>
+#include <grp.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "libcapsicum.h"
+#include "libcapsicum_grp.h"
+
+static struct group ggrp;
+static char *gbuffer;
+static size_t gbufsize;
+
+static int
+group_resize(void)
+{
+ char *buf;
+
+ if (gbufsize == 0)
+ gbufsize = 1024;
+ else
+ gbufsize *= 2;
+
+ buf = gbuffer;
+ gbuffer = realloc(buf, gbufsize);
+ if (gbuffer == NULL) {
+ free(buf);
+ gbufsize = 0;
+ return (ENOMEM);
+ }
+ memset(gbuffer, 0, gbufsize);
+
+ return (0);
+}
+
+static int
+group_unpack_string(const nvlist_t *nvl, const char *fieldname, char **fieldp,
+ char **bufferp, size_t *bufsizep)
+{
+ const char *str;
+ size_t len;
+
+ str = nvlist_get_string(nvl, fieldname);
+ len = strlcpy(*bufferp, str, *bufsizep);
+ if (len >= *bufsizep)
+ return (ERANGE);
+ *fieldp = *bufferp;
+ *bufferp += len + 1;
+ *bufsizep -= len + 1;
+
+ return (0);
+}
+
+static int
+group_unpack_members(const nvlist_t *nvl, char ***fieldp, char **bufferp,
+ size_t *bufsizep)
+{
+ const char *mem;
+ char **outstrs, *str, nvlname[64];
+ size_t nmem, datasize, strsize;
+ unsigned int ii;
+ int n;
+
+ if (!nvlist_exists_number(nvl, "gr_nmem")) {
+ datasize = _ALIGNBYTES + sizeof(char *);
+ if (datasize >= *bufsizep)
+ return (ERANGE);
+ outstrs = (char **)_ALIGN(*bufferp);
+ outstrs[0] = NULL;
+ *fieldp = outstrs;
+ *bufferp += datasize;
+ *bufsizep -= datasize;
+ return (0);
+ }
+
+ nmem = (size_t)nvlist_get_number(nvl, "gr_nmem");
+ datasize = _ALIGNBYTES + sizeof(char *) * (nmem + 1);
+ for (ii = 0; ii < nmem; ii++) {
+ n = snprintf(nvlname, sizeof(nvlname), "gr_mem[%u]", ii);
+ assert(n > 0 && n < (int)sizeof(nvlname));
+ mem = dnvlist_get_string(nvl, nvlname, NULL);
+ if (mem == NULL)
+ return (EINVAL);
+ datasize += strlen(mem) + 1;
+ }
+
+ if (datasize >= *bufsizep)
+ return (ERANGE);
+
+ outstrs = (char **)_ALIGN(*bufferp);
+ str = (char *)outstrs + sizeof(char *) * (nmem + 1);
+ for (ii = 0; ii < nmem; ii++) {
+ n = snprintf(nvlname, sizeof(nvlname), "gr_mem[%u]", ii);
+ assert(n > 0 && n < (int)sizeof(nvlname));
+ mem = nvlist_get_string(nvl, nvlname);
+ strsize = strlen(mem) + 1;
+ memcpy(str, mem, strsize);
+ outstrs[ii] = str;
+ str += strsize;
+ }
+ assert(ii == nmem);
+ outstrs[ii] = NULL;
+
+ *fieldp = outstrs;
+ *bufferp += datasize;
+ *bufsizep -= datasize;
+
+ return (0);
+}
+
+static int
+group_unpack(const nvlist_t *nvl, struct group *grp, char *buffer,
+ size_t bufsize)
+{
+ int error;
+
+ if (!nvlist_exists_string(nvl, "gr_name"))
+ return (EINVAL);
+
+ memset(grp, 0, sizeof(*grp));
+
+ error = group_unpack_string(nvl, "gr_name", &grp->gr_name, &buffer,
+ &bufsize);
+ if (error != 0)
+ return (error);
+ error = group_unpack_string(nvl, "gr_passwd", &grp->gr_passwd, &buffer,
+ &bufsize);
+ if (error != 0)
+ return (error);
+ grp->gr_gid = (gid_t)nvlist_get_number(nvl, "gr_gid");
+ error = group_unpack_members(nvl, &grp->gr_mem, &buffer, &bufsize);
+ if (error != 0)
+ return (error);
+
+ return (0);
+}
+
+static int
+cap_getgrcommon_r(cap_channel_t *chan, const char *cmd, const char *name,
+ gid_t gid, struct group *grp, char *buffer, size_t bufsize,
+ struct group **result)
+{
+ nvlist_t *nvl;
+ bool getgr_r;
+ int error;
+
+ nvl = nvlist_create(0);
+ nvlist_add_string(nvl, "cmd", cmd);
+ if (strcmp(cmd, "getgrent") == 0 || strcmp(cmd, "getgrent_r") == 0) {
+ /* Add nothing. */
+ } else if (strcmp(cmd, "getgrnam") == 0 ||
+ strcmp(cmd, "getgrnam_r") == 0) {
+ nvlist_add_string(nvl, "name", name);
+ } else if (strcmp(cmd, "getgrgid") == 0 ||
+ strcmp(cmd, "getgrgid_r") == 0) {
+ nvlist_add_number(nvl, "gid", (uint64_t)gid);
+ } else {
+ abort();
+ }
+ nvl = cap_xfer_nvlist(chan, nvl, 0);
+ if (nvl == NULL) {
+ assert(errno != 0);
+ *result = NULL;
+ return (errno);
+ }
+ error = (int)nvlist_get_number(nvl, "error");
+ if (error != 0) {
+ nvlist_destroy(nvl);
+ *result = NULL;
+ return (error);
+ }
+
+ if (!nvlist_exists_string(nvl, "gr_name")) {
+ /* Not found. */
+ nvlist_destroy(nvl);
+ *result = NULL;
+ return (0);
+ }
+
+ getgr_r = (strcmp(cmd, "getgrent_r") == 0 ||
+ strcmp(cmd, "getgrnam_r") == 0 || strcmp(cmd, "getgrgid_r") == 0);
+
+ for (;;) {
+ error = group_unpack(nvl, grp, buffer, bufsize);
+ if (getgr_r || error != ERANGE)
+ break;
+ assert(buffer == gbuffer);
+ assert(bufsize == gbufsize);
+ error = group_resize();
+ if (error != 0)
+ break;
+ /* Update pointers after resize. */
+ buffer = gbuffer;
+ bufsize = gbufsize;
+ }
+
+ nvlist_destroy(nvl);
+
+ if (error == 0)
+ *result = grp;
+ else
+ *result = NULL;
+
+ return (error);
+}
+
+static struct group *
+cap_getgrcommon(cap_channel_t *chan, const char *cmd, const char *name,
+ gid_t gid)
+{
+ struct group *result;
+ int error, serrno;
+
+ serrno = errno;
+
+ error = cap_getgrcommon_r(chan, cmd, name, gid, &ggrp, gbuffer,
+ gbufsize, &result);
+ if (error != 0) {
+ errno = error;
+ return (NULL);
+ }
+
+ errno = serrno;
+
+ return (result);
+}
+
+struct group *
+cap_getgrent(cap_channel_t *chan)
+{
+
+ return (cap_getgrcommon(chan, "getgrent", NULL, 0));
+}
+
+struct group *
+cap_getgrnam(cap_channel_t *chan, const char *name)
+{
+
+ return (cap_getgrcommon(chan, "getgrnam", name, 0));
+}
+
+struct group *
+cap_getgrgid(cap_channel_t *chan, gid_t gid)
+{
+
+ return (cap_getgrcommon(chan, "getgrgid", NULL, gid));
+}
+
+int
+cap_getgrent_r(cap_channel_t *chan, struct group *grp, char *buffer,
+ size_t bufsize, struct group **result)
+{
+
+ return (cap_getgrcommon_r(chan, "getgrent_r", NULL, 0, grp, buffer,
+ bufsize, result));
+}
+
+int
+cap_getgrnam_r(cap_channel_t *chan, const char *name, struct group *grp,
+ char *buffer, size_t bufsize, struct group **result)
+{
+
+ return (cap_getgrcommon_r(chan, "getgrnam_r", name, 0, grp, buffer,
+ bufsize, result));
+}
+
+int
+cap_getgrgid_r(cap_channel_t *chan, gid_t gid, struct group *grp, char *buffer,
+ size_t bufsize, struct group **result)
+{
+
+ return (cap_getgrcommon_r(chan, "getgrgid_r", NULL, gid, grp, buffer,
+ bufsize, result));
+}
+
+int
+cap_setgroupent(cap_channel_t *chan, int stayopen)
+{
+ nvlist_t *nvl;
+
+ nvl = nvlist_create(0);
+ nvlist_add_string(nvl, "cmd", "setgroupent");
+ nvlist_add_bool(nvl, "stayopen", stayopen != 0);
+ nvl = cap_xfer_nvlist(chan, nvl, 0);
+ if (nvl == NULL)
+ return (0);
+ if (nvlist_get_number(nvl, "error") != 0) {
+ errno = nvlist_get_number(nvl, "error");
+ nvlist_destroy(nvl);
+ return (0);
+ }
+ nvlist_destroy(nvl);
+
+ return (1);
+}
+
+int
+cap_setgrent(cap_channel_t *chan)
+{
+ nvlist_t *nvl;
+
+ nvl = nvlist_create(0);
+ nvlist_add_string(nvl, "cmd", "setgrent");
+ nvl = cap_xfer_nvlist(chan, nvl, 0);
+ if (nvl == NULL)
+ return (0);
+ if (nvlist_get_number(nvl, "error") != 0) {
+ errno = nvlist_get_number(nvl, "error");
+ nvlist_destroy(nvl);
+ return (0);
+ }
+ nvlist_destroy(nvl);
+
+ return (1);
+}
+
+void
+cap_endgrent(cap_channel_t *chan)
+{
+ nvlist_t *nvl;
+
+ nvl = nvlist_create(0);
+ nvlist_add_string(nvl, "cmd", "endgrent");
+ /* Ignore any errors, we have no way to report them. */
+ nvlist_destroy(cap_xfer_nvlist(chan, nvl, 0));
+}
+
+int
+cap_grp_limit_cmds(cap_channel_t *chan, const char * const *cmds, size_t ncmds)
+{
+ nvlist_t *limits, *nvl;
+ unsigned int i;
+
+ if (cap_limit_get(chan, &limits) < 0)
+ return (-1);
+ if (limits == NULL) {
+ limits = nvlist_create(0);
+ } else {
+ if (nvlist_exists_nvlist(limits, "cmds"))
+ nvlist_free_nvlist(limits, "cmds");
+ }
+ nvl = nvlist_create(0);
+ for (i = 0; i < ncmds; i++)
+ nvlist_add_null(nvl, cmds[i]);
+ nvlist_move_nvlist(limits, "cmds", nvl);
+ return (cap_limit_set(chan, limits));
+}
+
+int
+cap_grp_limit_fields(cap_channel_t *chan, const char * const *fields,
+ size_t nfields)
+{
+ nvlist_t *limits, *nvl;
+ unsigned int i;
+
+ if (cap_limit_get(chan, &limits) < 0)
+ return (-1);
+ if (limits == NULL) {
+ limits = nvlist_create(0);
+ } else {
+ if (nvlist_exists_nvlist(limits, "fields"))
+ nvlist_free_nvlist(limits, "fields");
+ }
+ nvl = nvlist_create(0);
+ for (i = 0; i < nfields; i++)
+ nvlist_add_null(nvl, fields[i]);
+ nvlist_move_nvlist(limits, "fields", nvl);
+ return (cap_limit_set(chan, limits));
+}
+
+int
+cap_grp_limit_groups(cap_channel_t *chan, const char * const *names,
+ size_t nnames, gid_t *gids, size_t ngids)
+{
+ nvlist_t *limits, *groups;
+ unsigned int i;
+ char nvlname[64];
+ int n;
+
+ if (cap_limit_get(chan, &limits) < 0)
+ return (-1);
+ if (limits == NULL) {
+ limits = nvlist_create(0);
+ } else {
+ if (nvlist_exists_nvlist(limits, "groups"))
+ nvlist_free_nvlist(limits, "groups");
+ }
+ groups = nvlist_create(0);
+ for (i = 0; i < ngids; i++) {
+ n = snprintf(nvlname, sizeof(nvlname), "gid%u", i);
+ assert(n > 0 && n < (int)sizeof(nvlname));
+ nvlist_add_number(groups, nvlname, (uint64_t)gids[i]);
+ }
+ for (i = 0; i < nnames; i++) {
+ n = snprintf(nvlname, sizeof(nvlname), "gid%u", i);
+ assert(n > 0 && n < (int)sizeof(nvlname));
+ nvlist_add_string(groups, nvlname, names[i]);
+ }
+ nvlist_move_nvlist(limits, "groups", groups);
+ return (cap_limit_set(chan, limits));
+}
diff --git a/lib/libcapsicum/libcapsicum_grp.h b/lib/libcapsicum/libcapsicum_grp.h
new file mode 100644
index 000000000000..e0b44f0e1996
--- /dev/null
+++ b/lib/libcapsicum/libcapsicum_grp.h
@@ -0,0 +1,57 @@
+/*-
+ * Copyright (c) 2013 The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * This software was developed by Pawel Jakub Dawidek under sponsorship from
+ * the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef _LIBCAPSICUM_GRP_H_
+#define _LIBCAPSICUM_GRP_H_
+
+struct group *cap_getgrent(cap_channel_t *chan);
+struct group *cap_getgrnam(cap_channel_t *chan, const char *name);
+struct group *cap_getgrgid(cap_channel_t *chan, gid_t gid);
+
+int cap_getgrent_r(cap_channel_t *chan, struct group *grp, char *buffer,
+ size_t bufsize, struct group **result);
+int cap_getgrnam_r(cap_channel_t *chan, const char *name, struct group *grp,
+ char *buffer, size_t bufsize, struct group **result);
+int cap_getgrgid_r(cap_channel_t *chan, gid_t gid, struct group *grp,
+ char *buffer, size_t bufsize, struct group **result);
+
+int cap_setgroupent(cap_channel_t *chan, int stayopen);
+int cap_setgrent(cap_channel_t *chan);
+void cap_endgrent(cap_channel_t *chan);
+
+int cap_grp_limit_cmds(cap_channel_t *chan, const char * const *cmds,
+ size_t ncmds);
+int cap_grp_limit_fields(cap_channel_t *chan, const char * const *fields,
+ size_t nfields);
+int cap_grp_limit_groups(cap_channel_t *chan, const char * const *names,
+ size_t nnames, gid_t *gids, size_t ngids);
+
+#endif /* !_LIBCAPSICUM_GRP_H_ */
diff --git a/lib/libcapsicum/libcapsicum_impl.h b/lib/libcapsicum/libcapsicum_impl.h
new file mode 100644
index 000000000000..ce6f49fdfcda
--- /dev/null
+++ b/lib/libcapsicum/libcapsicum_impl.h
@@ -0,0 +1,39 @@
+/*-
+ * Copyright (c) 2012-2013 The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * This software was developed by Pawel Jakub Dawidek under sponsorship from
+ * the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef _LIBCAPSICUM_IMPL_H_
+#define _LIBCAPSICUM_IMPL_H_
+
+#define CASPER_SOCKPATH "/var/run/casper"
+
+bool fd_is_valid(int fd);
+
+#endif /* !_LIBCAPSICUM_IMPL_H_ */
diff --git a/lib/libcapsicum/libcapsicum_pwd.c b/lib/libcapsicum/libcapsicum_pwd.c
new file mode 100644
index 000000000000..5b44c3463def
--- /dev/null
+++ b/lib/libcapsicum/libcapsicum_pwd.c
@@ -0,0 +1,391 @@
+/*-
+ * Copyright (c) 2013 The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * This software was developed by Pawel Jakub Dawidek under sponsorship from
+ * the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/types.h>
+#include <sys/nv.h>
+
+#include <assert.h>
+#include <errno.h>
+#include <pwd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "libcapsicum.h"
+#include "libcapsicum_pwd.h"
+
+static struct passwd gpwd;
+static char *gbuffer;
+static size_t gbufsize;
+
+static int
+passwd_resize(void)
+{
+ char *buf;
+
+ if (gbufsize == 0)
+ gbufsize = 1024;
+ else
+ gbufsize *= 2;
+
+ buf = gbuffer;
+ gbuffer = realloc(buf, gbufsize);
+ if (gbuffer == NULL) {
+ free(buf);
+ gbufsize = 0;
+ return (ENOMEM);
+ }
+ memset(gbuffer, 0, gbufsize);
+
+ return (0);
+}
+
+static int
+passwd_unpack_string(const nvlist_t *nvl, const char *fieldname, char **fieldp,
+ char **bufferp, size_t *bufsizep)
+{
+ const char *str;
+ size_t len;
+
+ str = nvlist_get_string(nvl, fieldname);
+ len = strlcpy(*bufferp, str, *bufsizep);
+ if (len >= *bufsizep)
+ return (ERANGE);
+ *fieldp = *bufferp;
+ *bufferp += len + 1;
+ *bufsizep -= len + 1;
+
+ return (0);
+}
+
+static int
+passwd_unpack(const nvlist_t *nvl, struct passwd *pwd, char *buffer,
+ size_t bufsize)
+{
+ int error;
+
+ if (!nvlist_exists_string(nvl, "pw_name"))
+ return (EINVAL);
+
+ memset(pwd, 0, sizeof(*pwd));
+
+ error = passwd_unpack_string(nvl, "pw_name", &pwd->pw_name, &buffer,
+ &bufsize);
+ if (error != 0)
+ return (error);
+ pwd->pw_uid = (uid_t)nvlist_get_number(nvl, "pw_uid");
+ pwd->pw_gid = (gid_t)nvlist_get_number(nvl, "pw_gid");
+ pwd->pw_change = (time_t)nvlist_get_number(nvl, "pw_change");
+ error = passwd_unpack_string(nvl, "pw_passwd", &pwd->pw_passwd, &buffer,
+ &bufsize);
+ if (error != 0)
+ return (error);
+ error = passwd_unpack_string(nvl, "pw_class", &pwd->pw_class, &buffer,
+ &bufsize);
+ if (error != 0)
+ return (error);
+ error = passwd_unpack_string(nvl, "pw_gecos", &pwd->pw_gecos, &buffer,
+ &bufsize);
+ if (error != 0)
+ return (error);
+ error = passwd_unpack_string(nvl, "pw_dir", &pwd->pw_dir, &buffer,
+ &bufsize);
+ if (error != 0)
+ return (error);
+ error = passwd_unpack_string(nvl, "pw_shell", &pwd->pw_shell, &buffer,
+ &bufsize);
+ if (error != 0)
+ return (error);
+ pwd->pw_expire = (time_t)nvlist_get_number(nvl, "pw_expire");
+ pwd->pw_fields = (int)nvlist_get_number(nvl, "pw_fields");
+
+ return (0);
+}
+
+static int
+cap_getpwcommon_r(cap_channel_t *chan, const char *cmd, const char *login,
+ uid_t uid, struct passwd *pwd, char *buffer, size_t bufsize,
+ struct passwd **result)
+{
+ nvlist_t *nvl;
+ bool getpw_r;
+ int error;
+
+ nvl = nvlist_create(0);
+ nvlist_add_string(nvl, "cmd", cmd);
+ if (strcmp(cmd, "getpwent") == 0 || strcmp(cmd, "getpwent_r") == 0) {
+ /* Add nothing. */
+ } else if (strcmp(cmd, "getpwnam") == 0 ||
+ strcmp(cmd, "getpwnam_r") == 0) {
+ nvlist_add_string(nvl, "name", login);
+ } else if (strcmp(cmd, "getpwuid") == 0 ||
+ strcmp(cmd, "getpwuid_r") == 0) {
+ nvlist_add_number(nvl, "uid", (uint64_t)uid);
+ } else {
+ abort();
+ }
+ nvl = cap_xfer_nvlist(chan, nvl, 0);
+ if (nvl == NULL) {
+ assert(errno != 0);
+ *result = NULL;
+ return (errno);
+ }
+ error = (int)nvlist_get_number(nvl, "error");
+ if (error != 0) {
+ nvlist_destroy(nvl);
+ *result = NULL;
+ return (error);
+ }
+
+ if (!nvlist_exists_string(nvl, "pw_name")) {
+ /* Not found. */
+ nvlist_destroy(nvl);
+ *result = NULL;
+ return (0);
+ }
+
+ getpw_r = (strcmp(cmd, "getpwent_r") == 0 ||
+ strcmp(cmd, "getpwnam_r") == 0 || strcmp(cmd, "getpwuid_r") == 0);
+
+ for (;;) {
+ error = passwd_unpack(nvl, pwd, buffer, bufsize);
+ if (getpw_r || error != ERANGE)
+ break;
+ assert(buffer == gbuffer);
+ assert(bufsize == gbufsize);
+ error = passwd_resize();
+ if (error != 0)
+ break;
+ /* Update pointers after resize. */
+ buffer = gbuffer;
+ bufsize = gbufsize;
+ }
+
+ nvlist_destroy(nvl);
+
+ if (error == 0)
+ *result = pwd;
+ else
+ *result = NULL;
+
+ return (error);
+}
+
+static struct passwd *
+cap_getpwcommon(cap_channel_t *chan, const char *cmd, const char *login,
+ uid_t uid)
+{
+ struct passwd *result;
+ int error, serrno;
+
+ serrno = errno;
+
+ error = cap_getpwcommon_r(chan, cmd, login, uid, &gpwd, gbuffer,
+ gbufsize, &result);
+ if (error != 0) {
+ errno = error;
+ return (NULL);
+ }
+
+ errno = serrno;
+
+ return (result);
+}
+
+struct passwd *
+cap_getpwent(cap_channel_t *chan)
+{
+
+ return (cap_getpwcommon(chan, "getpwent", NULL, 0));
+}
+
+struct passwd *
+cap_getpwnam(cap_channel_t *chan, const char *login)
+{
+
+ return (cap_getpwcommon(chan, "getpwnam", login, 0));
+}
+
+struct passwd *
+cap_getpwuid(cap_channel_t *chan, uid_t uid)
+{
+
+ return (cap_getpwcommon(chan, "getpwuid", NULL, uid));
+}
+
+int
+cap_getpwent_r(cap_channel_t *chan, struct passwd *pwd, char *buffer,
+ size_t bufsize, struct passwd **result)
+{
+
+ return (cap_getpwcommon_r(chan, "getpwent_r", NULL, 0, pwd, buffer,
+ bufsize, result));
+}
+
+int
+cap_getpwnam_r(cap_channel_t *chan, const char *name, struct passwd *pwd,
+ char *buffer, size_t bufsize, struct passwd **result)
+{
+
+ return (cap_getpwcommon_r(chan, "getpwnam_r", name, 0, pwd, buffer,
+ bufsize, result));
+}
+
+int
+cap_getpwuid_r(cap_channel_t *chan, uid_t uid, struct passwd *pwd, char *buffer,
+ size_t bufsize, struct passwd **result)
+{
+
+ return (cap_getpwcommon_r(chan, "getpwuid_r", NULL, uid, pwd, buffer,
+ bufsize, result));
+}
+
+int
+cap_setpassent(cap_channel_t *chan, int stayopen)
+{
+ nvlist_t *nvl;
+
+ nvl = nvlist_create(0);
+ nvlist_add_string(nvl, "cmd", "setpassent");
+ nvlist_add_bool(nvl, "stayopen", stayopen != 0);
+ nvl = cap_xfer_nvlist(chan, nvl, 0);
+ if (nvl == NULL)
+ return (0);
+ if (nvlist_get_number(nvl, "error") != 0) {
+ errno = nvlist_get_number(nvl, "error");
+ nvlist_destroy(nvl);
+ return (0);
+ }
+ nvlist_destroy(nvl);
+
+ return (1);
+}
+
+static void
+cap_set_end_pwent(cap_channel_t *chan, const char *cmd)
+{
+ nvlist_t *nvl;
+
+ nvl = nvlist_create(0);
+ nvlist_add_string(nvl, "cmd", cmd);
+ /* Ignore any errors, we have no way to report them. */
+ nvlist_destroy(cap_xfer_nvlist(chan, nvl, 0));
+}
+
+void
+cap_setpwent(cap_channel_t *chan)
+{
+
+ cap_set_end_pwent(chan, "setpwent");
+}
+
+void
+cap_endpwent(cap_channel_t *chan)
+{
+
+ cap_set_end_pwent(chan, "endpwent");
+}
+
+int
+cap_pwd_limit_cmds(cap_channel_t *chan, const char * const *cmds, size_t ncmds)
+{
+ nvlist_t *limits, *nvl;
+ unsigned int i;
+
+ if (cap_limit_get(chan, &limits) < 0)
+ return (-1);
+ if (limits == NULL) {
+ limits = nvlist_create(0);
+ } else {
+ if (nvlist_exists_nvlist(limits, "cmds"))
+ nvlist_free_nvlist(limits, "cmds");
+ }
+ nvl = nvlist_create(0);
+ for (i = 0; i < ncmds; i++)
+ nvlist_add_null(nvl, cmds[i]);
+ nvlist_move_nvlist(limits, "cmds", nvl);
+ return (cap_limit_set(chan, limits));
+}
+
+int
+cap_pwd_limit_fields(cap_channel_t *chan, const char * const *fields,
+ size_t nfields)
+{
+ nvlist_t *limits, *nvl;
+ unsigned int i;
+
+ if (cap_limit_get(chan, &limits) < 0)
+ return (-1);
+ if (limits == NULL) {
+ limits = nvlist_create(0);
+ } else {
+ if (nvlist_exists_nvlist(limits, "fields"))
+ nvlist_free_nvlist(limits, "fields");
+ }
+ nvl = nvlist_create(0);
+ for (i = 0; i < nfields; i++)
+ nvlist_add_null(nvl, fields[i]);
+ nvlist_move_nvlist(limits, "fields", nvl);
+ return (cap_limit_set(chan, limits));
+}
+
+int
+cap_pwd_limit_users(cap_channel_t *chan, const char * const *names,
+ size_t nnames, uid_t *uids, size_t nuids)
+{
+ nvlist_t *limits, *users;
+ char nvlname[64];
+ unsigned int i;
+ int n;
+
+ if (cap_limit_get(chan, &limits) < 0)
+ return (-1);
+ if (limits == NULL) {
+ limits = nvlist_create(0);
+ } else {
+ if (nvlist_exists_nvlist(limits, "users"))
+ nvlist_free_nvlist(limits, "users");
+ }
+ users = nvlist_create(0);
+ for (i = 0; i < nuids; i++) {
+ n = snprintf(nvlname, sizeof(nvlname), "uid%u", i);
+ assert(n > 0 && n < (int)sizeof(nvlname));
+ nvlist_add_number(users, nvlname, (uint64_t)uids[i]);
+ }
+ for (i = 0; i < nnames; i++) {
+ n = snprintf(nvlname, sizeof(nvlname), "name%u", i);
+ assert(n > 0 && n < (int)sizeof(nvlname));
+ nvlist_add_string(users, nvlname, names[i]);
+ }
+ nvlist_move_nvlist(limits, "users", users);
+ return (cap_limit_set(chan, limits));
+}
diff --git a/lib/libcapsicum/libcapsicum_pwd.h b/lib/libcapsicum/libcapsicum_pwd.h
new file mode 100644
index 000000000000..960a490faf86
--- /dev/null
+++ b/lib/libcapsicum/libcapsicum_pwd.h
@@ -0,0 +1,57 @@
+/*-
+ * Copyright (c) 2013 The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * This software was developed by Pawel Jakub Dawidek under sponsorship from
+ * the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef _LIBCAPSICUM_PWD_H_
+#define _LIBCAPSICUM_PWD_H_
+
+struct passwd *cap_getpwent(cap_channel_t *chan);
+struct passwd *cap_getpwnam(cap_channel_t *chan, const char *login);
+struct passwd *cap_getpwuid(cap_channel_t *chan, uid_t uid);
+
+int cap_getpwent_r(cap_channel_t *chan, struct passwd *pwd, char *buffer,
+ size_t bufsize, struct passwd **result);
+int cap_getpwnam_r(cap_channel_t *chan, const char *name, struct passwd *pwd,
+ char *buffer, size_t bufsize, struct passwd **result);
+int cap_getpwuid_r(cap_channel_t *chan, uid_t uid, struct passwd *pwd,
+ char *buffer, size_t bufsize, struct passwd **result);
+
+int cap_setpassent(cap_channel_t *chan, int stayopen);
+void cap_setpwent(cap_channel_t *chan);
+void cap_endpwent(cap_channel_t *chan);
+
+int cap_pwd_limit_cmds(cap_channel_t *chan, const char * const *cmds,
+ size_t ncmds);
+int cap_pwd_limit_fields(cap_channel_t *chan, const char * const *fields,
+ size_t nfields);
+int cap_pwd_limit_users(cap_channel_t *chan, const char * const *names,
+ size_t nnames, uid_t *uids, size_t nuids);
+
+#endif /* !_LIBCAPSICUM_PWD_H_ */
diff --git a/lib/libcapsicum/libcapsicum_random.c b/lib/libcapsicum/libcapsicum_random.c
new file mode 100644
index 000000000000..2a7b109cd47a
--- /dev/null
+++ b/lib/libcapsicum/libcapsicum_random.c
@@ -0,0 +1,80 @@
+/*-
+ * Copyright (c) 2013 The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * This software was developed by Pawel Jakub Dawidek under sponsorship from
+ * the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/nv.h>
+
+#include <assert.h>
+#include <errno.h>
+#include <string.h>
+
+#include "libcapsicum.h"
+#include "libcapsicum_random.h"
+
+#define MAXSIZE (1024 * 1024)
+
+int
+cap_random_buf(cap_channel_t *chan, void *buf, size_t nbytes)
+{
+ nvlist_t *nvl;
+ const void *randbuf;
+ uint8_t *ptr;
+ size_t left, randbufsize;
+
+ left = nbytes;
+ ptr = buf;
+
+ while (left > 0) {
+ nvl = nvlist_create(0);
+ nvlist_add_string(nvl, "cmd", "generate");
+ nvlist_add_number(nvl, "size",
+ (uint64_t)(left > MAXSIZE ? MAXSIZE : left));
+ nvl = cap_xfer_nvlist(chan, nvl, 0);
+ if (nvl == NULL)
+ return (-1);
+ if (nvlist_get_number(nvl, "error") != 0) {
+ errno = (int)nvlist_get_number(nvl, "error");
+ nvlist_destroy(nvl);
+ return (-1);
+ }
+
+ randbuf = nvlist_get_binary(nvl, "data", &randbufsize);
+ memcpy(ptr, randbuf, randbufsize);
+
+ nvlist_destroy(nvl);
+
+ ptr += randbufsize;
+ assert(left >= randbufsize);
+ left -= randbufsize;
+ }
+
+ return (0);
+}
diff --git a/lib/libcapsicum/libcapsicum_random.h b/lib/libcapsicum/libcapsicum_random.h
new file mode 100644
index 000000000000..672afa04f293
--- /dev/null
+++ b/lib/libcapsicum/libcapsicum_random.h
@@ -0,0 +1,37 @@
+/*-
+ * Copyright (c) 2013 The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * This software was developed by Pawel Jakub Dawidek under sponsorship from
+ * the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef _LIBCAPSICUM_RANDOM_H_
+#define _LIBCAPSICUM_RANDOM_H_
+
+int cap_random_buf(cap_channel_t *chan, void *buf, size_t nbytes);
+
+#endif /* !_LIBCAPSICUM_RANDOM_H_ */
diff --git a/lib/libcapsicum/libcapsicum_service.c b/lib/libcapsicum/libcapsicum_service.c
new file mode 100644
index 000000000000..6b6ceeac08de
--- /dev/null
+++ b/lib/libcapsicum/libcapsicum_service.c
@@ -0,0 +1,97 @@
+/*-
+ * Copyright (c) 2013 The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * This software was developed by Pawel Jakub Dawidek under sponsorship from
+ * the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/nv.h>
+
+#include <assert.h>
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "msgio.h"
+
+#include "libcapsicum.h"
+#include "libcapsicum_impl.h"
+#include "libcapsicum_service.h"
+
+cap_channel_t *
+cap_service_open(const cap_channel_t *chan, const char *name)
+{
+ cap_channel_t *newchan;
+ nvlist_t *nvl;
+ int sock, error;
+
+ sock = -1;
+
+ nvl = nvlist_create(0);
+ nvlist_add_string(nvl, "cmd", "open");
+ nvlist_add_string(nvl, "service", name);
+ if (fd_is_valid(STDERR_FILENO))
+ nvlist_add_descriptor(nvl, "stderrfd", STDERR_FILENO);
+ nvl = cap_xfer_nvlist(chan, nvl, 0);
+ if (nvl == NULL)
+ return (NULL);
+ error = (int)nvlist_get_number(nvl, "error");
+ if (error != 0) {
+ nvlist_destroy(nvl);
+ errno = error;
+ return (NULL);
+ }
+ sock = nvlist_take_descriptor(nvl, "chanfd");
+ assert(sock >= 0);
+ nvlist_destroy(nvl);
+ nvl = NULL;
+ if (cred_send(sock) == -1)
+ goto fail;
+ newchan = cap_wrap(sock);
+ if (newchan == NULL)
+ goto fail;
+ return (newchan);
+fail:
+ error = errno;
+ close(sock);
+ errno = error;
+ return (NULL);
+}
+
+int
+cap_service_limit(const cap_channel_t *chan, const char * const *names,
+ size_t nnames)
+{
+ nvlist_t *limits;
+ unsigned int i;
+
+ limits = nvlist_create(0);
+ for (i = 0; i < nnames; i++)
+ nvlist_add_null(limits, names[i]);
+ return (cap_limit_set(chan, limits));
+}
diff --git a/lib/libcapsicum/libcapsicum_service.h b/lib/libcapsicum/libcapsicum_service.h
new file mode 100644
index 000000000000..05c654f7bf10
--- /dev/null
+++ b/lib/libcapsicum/libcapsicum_service.h
@@ -0,0 +1,40 @@
+/*-
+ * Copyright (c) 2013 The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * This software was developed by Pawel Jakub Dawidek under sponsorship from
+ * the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef _LIBCAPSICUM_SERVICE_H_
+#define _LIBCAPSICUM_SERVICE_H_
+
+cap_channel_t *cap_service_open(const cap_channel_t *chan, const char *name);
+
+int cap_service_limit(const cap_channel_t *chan, const char * const *names,
+ size_t nnames);
+
+#endif /* !_LIBCAPSICUM_SERVICE_H_ */
diff --git a/lib/libcapsicum/libcapsicum_sysctl.c b/lib/libcapsicum/libcapsicum_sysctl.c
new file mode 100644
index 000000000000..3f1ccd9116c0
--- /dev/null
+++ b/lib/libcapsicum/libcapsicum_sysctl.c
@@ -0,0 +1,86 @@
+/*-
+ * Copyright (c) 2013 The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * This software was developed by Pawel Jakub Dawidek under sponsorship from
+ * the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/nv.h>
+
+#include <errno.h>
+#include <string.h>
+
+#include "libcapsicum.h"
+#include "libcapsicum_sysctl.h"
+
+int
+cap_sysctlbyname(cap_channel_t *chan, const char *name, void *oldp,
+ size_t *oldlenp, const void *newp, size_t newlen)
+{
+ nvlist_t *nvl;
+ const uint8_t *retoldp;
+ uint8_t operation;
+ size_t oldlen;
+
+ operation = 0;
+ if (oldp != NULL)
+ operation |= CAP_SYSCTL_READ;
+ if (newp != NULL)
+ operation |= CAP_SYSCTL_WRITE;
+
+ nvl = nvlist_create(0);
+ nvlist_add_string(nvl, "cmd", "sysctl");
+ nvlist_add_string(nvl, "name", name);
+ nvlist_add_number(nvl, "operation", (uint64_t)operation);
+ if (oldp == NULL && oldlenp != NULL)
+ nvlist_add_null(nvl, "justsize");
+ else if (oldlenp != NULL)
+ nvlist_add_number(nvl, "oldlen", (uint64_t)*oldlenp);
+ if (newp != NULL)
+ nvlist_add_binary(nvl, "newp", newp, newlen);
+ nvl = cap_xfer_nvlist(chan, nvl, 0);
+ if (nvl == NULL)
+ return (-1);
+ if (nvlist_get_number(nvl, "error") != 0) {
+ errno = (int)nvlist_get_number(nvl, "error");
+ nvlist_destroy(nvl);
+ return (-1);
+ }
+
+ if (oldp == NULL && oldlenp != NULL) {
+ *oldlenp = (size_t)nvlist_get_number(nvl, "oldlen");
+ } else if (oldp != NULL) {
+ retoldp = nvlist_get_binary(nvl, "oldp", &oldlen);
+ memcpy(oldp, retoldp, oldlen);
+ if (oldlenp != NULL)
+ *oldlenp = oldlen;
+ }
+ nvlist_destroy(nvl);
+
+ return (0);
+}
diff --git a/lib/libcapsicum/libcapsicum_sysctl.h b/lib/libcapsicum/libcapsicum_sysctl.h
new file mode 100644
index 000000000000..d0df1437cec5
--- /dev/null
+++ b/lib/libcapsicum/libcapsicum_sysctl.h
@@ -0,0 +1,43 @@
+/*-
+ * Copyright (c) 2013 The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * This software was developed by Pawel Jakub Dawidek under sponsorship from
+ * the FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef _LIBCAPSICUM_SYSCTL_H_
+#define _LIBCAPSICUM_SYSCTL_H_
+
+#define CAP_SYSCTL_READ 0x01
+#define CAP_SYSCTL_WRITE 0x02
+#define CAP_SYSCTL_RDWR (CAP_SYSCTL_READ | CAP_SYSCTL_WRITE)
+#define CAP_SYSCTL_RECURSIVE 0x04
+
+int cap_sysctlbyname(cap_channel_t *chan, const char *name, void *oldp,
+ size_t *oldlenp, const void *newp, size_t newlen);
+
+#endif /* !_LIBCAPSICUM_SYSCTL_H_ */
diff --git a/lib/libcasper/libcasper/Makefile b/lib/libcasper/libcasper/Makefile
index 6fbdffbb12d7..c8eface43627 100644
--- a/lib/libcasper/libcasper/Makefile
+++ b/lib/libcasper/libcasper/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=${LIB}
LIB= casper
SHLIB_MAJOR= 0
diff --git a/lib/libcasper/services/cap_dns/Makefile b/lib/libcasper/services/cap_dns/Makefile
index c52f6bf7a52d..2582fe89b14c 100644
--- a/lib/libcasper/services/cap_dns/Makefile
+++ b/lib/libcasper/services/cap_dns/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=libcasper
LIB= cap_dns
SHLIB_MAJOR= 0
diff --git a/lib/libcasper/services/cap_grp/Makefile b/lib/libcasper/services/cap_grp/Makefile
index 8a552d26bcd7..195b08d25777 100644
--- a/lib/libcasper/services/cap_grp/Makefile
+++ b/lib/libcasper/services/cap_grp/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=libcasper
LIB= cap_grp
SHLIB_MAJOR= 0
diff --git a/lib/libcasper/services/cap_pwd/Makefile b/lib/libcasper/services/cap_pwd/Makefile
index 294ce7e2f05b..3e604bd54c53 100644
--- a/lib/libcasper/services/cap_pwd/Makefile
+++ b/lib/libcasper/services/cap_pwd/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=libcasper
LIB= cap_pwd
SHLIB_MAJOR= 0
diff --git a/lib/libcasper/services/cap_random/Makefile b/lib/libcasper/services/cap_random/Makefile
index 61dcc6ceba2e..97a27beb134a 100644
--- a/lib/libcasper/services/cap_random/Makefile
+++ b/lib/libcasper/services/cap_random/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=libcasper
LIB= cap_random
SHLIB_MAJOR= 0
diff --git a/lib/libcasper/services/cap_sysctl/Makefile b/lib/libcasper/services/cap_sysctl/Makefile
index ba3a4b3c5ca4..7501f37ab4e0 100644
--- a/lib/libcasper/services/cap_sysctl/Makefile
+++ b/lib/libcasper/services/cap_sysctl/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=libcasper
LIB= cap_sysctl
SHLIB_MAJOR= 0
diff --git a/lib/libcom_err/Makefile b/lib/libcom_err/Makefile
index 72260fee077a..b6f389f7bb80 100644
--- a/lib/libcom_err/Makefile
+++ b/lib/libcom_err/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= com_err
SRCS= com_err.c error.c
INCS= ${COM_ERRDIR}/com_err.h ${COM_ERRDIR}/com_right.h
diff --git a/lib/libcompat/Makefile b/lib/libcompat/Makefile
index fca86c7b157e..0bd47dfce0b2 100644
--- a/lib/libcompat/Makefile
+++ b/lib/libcompat/Makefile
@@ -1,6 +1,7 @@
# @(#)Makefile 8.1 (Berkeley) 6/4/93
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= compat
CFLAGS+=-DLIBC_SCCS -DSYSLIBC_SCCS -I${.CURDIR}/../libc/locale
NO_PIC=
diff --git a/lib/libcompiler_rt/Makefile b/lib/libcompiler_rt/Makefile
index 3c7896df4bb8..8959225e409f 100644
--- a/lib/libcompiler_rt/Makefile
+++ b/lib/libcompiler_rt/Makefile
@@ -2,6 +2,7 @@
.include <src.opts.mk>
+PACKAGE=lib${LIB}
LIB= compiler_rt
NO_PIC=
WARNS?= 2
diff --git a/lib/libcrypt/Makefile b/lib/libcrypt/Makefile
index d5d03477570a..c1f8542bc7b8 100644
--- a/lib/libcrypt/Makefile
+++ b/lib/libcrypt/Makefile
@@ -2,6 +2,7 @@
# $FreeBSD$
#
+PACKAGE=lib${LIB}
SHLIBDIR?= /lib
.include <src.opts.mk>
diff --git a/lib/libcrypt/tests/Makefile b/lib/libcrypt/tests/Makefile
index 15798b215d17..0c831ad6044a 100644
--- a/lib/libcrypt/tests/Makefile
+++ b/lib/libcrypt/tests/Makefile
@@ -1,5 +1,9 @@
# $FreeBSD$
+PACKAGE=tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
ATF_TESTS_C+= crypt_tests
NETBSD_ATF_TESTS_C+= crypt_test
diff --git a/lib/libcuse/Makefile b/lib/libcuse/Makefile
index a232fa241c62..607d36b3374e 100644
--- a/lib/libcuse/Makefile
+++ b/lib/libcuse/Makefile
@@ -24,6 +24,7 @@
# SUCH DAMAGE.
#
+PACKAGE=lib${LIB}
LIB= cuse
SHLIB_MAJOR= 1
SHLIB_MINOR= 0
diff --git a/lib/libcxxrt/Makefile b/lib/libcxxrt/Makefile
index d197361a9a66..8f3d9c54c3b7 100644
--- a/lib/libcxxrt/Makefile
+++ b/lib/libcxxrt/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE= clibs
SRCDIR= ${.CURDIR}/../../contrib/libcxxrt
SHLIB_MAJOR= 1
diff --git a/lib/libdevctl/Makefile b/lib/libdevctl/Makefile
index 74687ecc2bd2..ed56b25dc374 100644
--- a/lib/libdevctl/Makefile
+++ b/lib/libdevctl/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= devctl
SRCS= devctl.c
INCS= devctl.h
diff --git a/lib/libdevinfo/Makefile b/lib/libdevinfo/Makefile
index 9e755d73b0d4..6c0927ee0b41 100644
--- a/lib/libdevinfo/Makefile
+++ b/lib/libdevinfo/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= devinfo
SRCS= devinfo.c
INCS= devinfo.h
diff --git a/lib/libdevstat/Makefile b/lib/libdevstat/Makefile
index dcda3c2bdac8..df5d44ec30db 100644
--- a/lib/libdevstat/Makefile
+++ b/lib/libdevstat/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= devstat
SHLIBDIR?= /lib
# Bump DEVSTAT_USER_API_VER in devstat.h every time this is incremented.
diff --git a/lib/libdpv/Makefile b/lib/libdpv/Makefile
index 3a9921c92cdb..d9bef05888a5 100644
--- a/lib/libdpv/Makefile
+++ b/lib/libdpv/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= dpv
SHLIB_MAJOR= 1
INCS= dpv.h
diff --git a/lib/libdwarf/Makefile b/lib/libdwarf/Makefile
index bd98d8f4e040..1e2506d23e36 100644
--- a/lib/libdwarf/Makefile
+++ b/lib/libdwarf/Makefile
@@ -1,6 +1,7 @@
# $FreeBSD$
.include <bsd.own.mk>
+PACKAGE=lib${LIB}
TOP= ${.CURDIR}/../../contrib/elftoolchain
SRCDIR= ${TOP}/libdwarf
diff --git a/lib/libedit/Makefile b/lib/libedit/Makefile
index 8a97ce0f341b..14c9cbbcc175 100644
--- a/lib/libedit/Makefile
+++ b/lib/libedit/Makefile
@@ -2,6 +2,7 @@
# @(#)Makefile 8.1 (Berkeley) 6/4/93
# $FreeBSD$
+PACKAGE=clibs
LIB= edit
SHLIB_MAJOR= 7
SHLIBDIR?= /lib
diff --git a/lib/libefi/Makefile b/lib/libefi/Makefile
index 16aa3e7e224b..d9862f061899 100644
--- a/lib/libefi/Makefile
+++ b/lib/libefi/Makefile
@@ -2,6 +2,7 @@
.include <bsd.own.mk>
+PACKAGE=lib${LIB}
LIB= efi
SHLIB_MAJOR= 1
diff --git a/lib/libelf/Makefile b/lib/libelf/Makefile
index f6229213851c..70d9e9bc423a 100644
--- a/lib/libelf/Makefile
+++ b/lib/libelf/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
SHLIBDIR?= /lib
.include <bsd.own.mk>
diff --git a/lib/libelftc/Makefile b/lib/libelftc/Makefile
index ed5c02a93cb0..e2269b41fcb4 100644
--- a/lib/libelftc/Makefile
+++ b/lib/libelftc/Makefile
@@ -1,6 +1,7 @@
# $FreeBSD$
.include <bsd.own.mk>
+PACKAGE=lib${LIB}
INTERNALLIB=
ELFTCDIR= ${.CURDIR}/../../contrib/elftoolchain
diff --git a/lib/libevent/Makefile b/lib/libevent/Makefile
index 1d20bcdc9478..d8cc57216cde 100644
--- a/lib/libevent/Makefile
+++ b/lib/libevent/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
.PATH: ${.CURDIR}/../../contrib/pf/libevent
.include <src.opts.mk>
diff --git a/lib/libexecinfo/Makefile b/lib/libexecinfo/Makefile
index 5f9aac5e5c21..c444f7fc6855 100644
--- a/lib/libexecinfo/Makefile
+++ b/lib/libexecinfo/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIBEXECINFO= ${.CURDIR}/../../contrib/libexecinfo
LIB= execinfo
diff --git a/lib/libexpat/Makefile b/lib/libexpat/Makefile
index 0d4bef55e2f3..d0de3e0089c4 100644
--- a/lib/libexpat/Makefile
+++ b/lib/libexpat/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
EXPAT= ${.CURDIR}/../../contrib/expat
LIB= bsdxml
diff --git a/lib/libfetch/Makefile b/lib/libfetch/Makefile
index 4f56552801cf..abd5f8de23f6 100644
--- a/lib/libfetch/Makefile
+++ b/lib/libfetch/Makefile
@@ -2,6 +2,7 @@
.include <src.opts.mk>
+PACKAGE=lib${LIB}
LIB= fetch
CFLAGS+= -I.
SRCS= fetch.c common.c ftp.c http.c file.c \
diff --git a/lib/libfigpar/Makefile b/lib/libfigpar/Makefile
index bb24da356360..6d495462b086 100644
--- a/lib/libfigpar/Makefile
+++ b/lib/libfigpar/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= figpar
SHLIB_MAJOR= 0
INCS= figpar.h string_m.h
diff --git a/lib/libgeom/Makefile b/lib/libgeom/Makefile
index 20b7a4c7c3b8..ea1f6c83a961 100644
--- a/lib/libgeom/Makefile
+++ b/lib/libgeom/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= geom
SHLIBDIR?= /lib
SRCS+= geom_getxml.c
diff --git a/lib/libgpio/Makefile b/lib/libgpio/Makefile
index 94118d6eb00d..fc163e90efd0 100644
--- a/lib/libgpio/Makefile
+++ b/lib/libgpio/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= gpio
SHLIB_MAJOR= 0
diff --git a/lib/libgssapi/Makefile b/lib/libgssapi/Makefile
index 3f016b49bb73..a48610114b4c 100644
--- a/lib/libgssapi/Makefile
+++ b/lib/libgssapi/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= gssapi
SHLIB_MAJOR= 10
VERSION_DEF= ${.CURDIR}/../libc/Versions.def
diff --git a/lib/libipsec/Makefile b/lib/libipsec/Makefile
index 7d3e94a7db5a..460a5d79b0b4 100644
--- a/lib/libipsec/Makefile
+++ b/lib/libipsec/Makefile
@@ -27,6 +27,7 @@
#
# $FreeBSD$
+PACKAGE=lib${LIB}
SHLIBDIR?= /lib
.include <src.opts.mk>
diff --git a/lib/libjail/Makefile b/lib/libjail/Makefile
index 442274ae35dd..74eb8e1091b2 100644
--- a/lib/libjail/Makefile
+++ b/lib/libjail/Makefile
@@ -1,11 +1,14 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= jail
SHLIBDIR?= /lib
SHLIB_MAJOR= 1
SRCS= jail.c jail_getid.c
INCS= jail.h
+PACKAGE=jail
+
MAN= jail.3
MLINKS+=jail.3 jail_getid.3
diff --git a/lib/libkiconv/Makefile b/lib/libkiconv/Makefile
index c7b2179c1943..5ada7db0b06b 100644
--- a/lib/libkiconv/Makefile
+++ b/lib/libkiconv/Makefile
@@ -4,6 +4,7 @@ SHLIBDIR?= /lib
.include <src.opts.mk>
+PACKAGE=lib${LIB}
LIB= kiconv
SRCS= kiconv_sysctl.c xlat16_iconv.c xlat16_sysctl.c
SRCS+= quirks.c
diff --git a/lib/libkvm/Makefile b/lib/libkvm/Makefile
index 33f8e5b8137c..0fdeec905d9f 100644
--- a/lib/libkvm/Makefile
+++ b/lib/libkvm/Makefile
@@ -1,6 +1,7 @@
# @(#)Makefile 8.1 (Berkeley) 6/4/93
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= kvm
SHLIBDIR?= /lib
diff --git a/lib/libldns/Makefile b/lib/libldns/Makefile
index 9a436cdb4b9d..14dc9f9da1ac 100644
--- a/lib/libldns/Makefile
+++ b/lib/libldns/Makefile
@@ -3,6 +3,7 @@
# Vendor sources and generated files
LDNSDIR = ${.CURDIR}/../../contrib/ldns
+PACKAGE=lib${LIB}
.PATH: ${LDNSDIR} ${LDNSDIR}/compat
LIB= ldns
diff --git a/lib/liblzma/Makefile b/lib/liblzma/Makefile
index 8a6c23d84d1d..62c2994febad 100644
--- a/lib/liblzma/Makefile
+++ b/lib/liblzma/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= lzma
LZMADIR= ${.CURDIR}/../../contrib/xz/src/liblzma
diff --git a/lib/libmagic/Makefile b/lib/libmagic/Makefile
index 2add1d3c27b5..d77de6c42caa 100644
--- a/lib/libmagic/Makefile
+++ b/lib/libmagic/Makefile
@@ -1,6 +1,7 @@
# $FreeBSD$
# Copyright (c) David E. O'Brien, 2000-2004, 2006, 2009
+PACKAGE=lib${LIB}
CONTRDIR= ${.CURDIR}/../../contrib/file
.PATH: ${CONTRDIR}/src
.PATH: ${CONTRDIR}/doc
diff --git a/lib/libmd/Makefile b/lib/libmd/Makefile
index 43b8a5a84fa4..bde4fb5c0a9e 100644
--- a/lib/libmd/Makefile
+++ b/lib/libmd/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= md
SHLIB_MAJOR= 6
SHLIBDIR?= /lib
diff --git a/lib/libmemstat/Makefile b/lib/libmemstat/Makefile
index 597dc6db1606..8554eb0482e8 100644
--- a/lib/libmemstat/Makefile
+++ b/lib/libmemstat/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
WARNS?= 3
LIB= memstat
SHLIB_MAJOR= 3
diff --git a/lib/libmilter/Makefile b/lib/libmilter/Makefile
index 81172ec5b31c..88a80b7e0684 100644
--- a/lib/libmilter/Makefile
+++ b/lib/libmilter/Makefile
@@ -2,6 +2,7 @@
.include <src.opts.mk>
+PACKAGE=sendmail
SENDMAIL_DIR=${.CURDIR}/../../contrib/sendmail
.PATH: ${SENDMAIL_DIR}/libmilter ${SENDMAIL_DIR}/libsm
diff --git a/lib/libmp/Makefile b/lib/libmp/Makefile
index 6a73658103e5..8d8c5278e573 100644
--- a/lib/libmp/Makefile
+++ b/lib/libmp/Makefile
@@ -2,6 +2,7 @@
.include <src.opts.mk>
+PACKAGE=lib${LIB}
LIB= mp
SHLIB_MAJOR= 7
LIBADD= crypto
diff --git a/lib/libmp/tests/Makefile b/lib/libmp/tests/Makefile
index 42749d00a039..86f0985da34a 100644
--- a/lib/libmp/tests/Makefile
+++ b/lib/libmp/tests/Makefile
@@ -1,5 +1,9 @@
# $FreeBSD$
+PACKAGE=tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
TAP_TESTS_C+= legacy_test
LIBADD+= mp
diff --git a/lib/libmt/Makefile b/lib/libmt/Makefile
index 6fe59201a87f..c67130ecc57e 100644
--- a/lib/libmt/Makefile
+++ b/lib/libmt/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= mt
SHLIBDIR?= /lib
SRCS= mtlib.c
diff --git a/lib/libnandfs/Makefile b/lib/libnandfs/Makefile
index d87573e2f343..e900c3c6eab4 100644
--- a/lib/libnandfs/Makefile
+++ b/lib/libnandfs/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= nandfs
SRCS+= nandfs.c
INCS= libnandfs.h
diff --git a/lib/libnetbsd/Makefile b/lib/libnetbsd/Makefile
index 09c6985e6c83..92ad745dc58c 100644
--- a/lib/libnetbsd/Makefile
+++ b/lib/libnetbsd/Makefile
@@ -2,6 +2,7 @@
.include <bsd.own.mk>
+PACKAGE=lib${LIB}
LIB= netbsd
CFLAGS+= -I${.CURDIR}
diff --git a/lib/libnetgraph/Makefile b/lib/libnetgraph/Makefile
index d0c444eb3095..d3c7c3fa64a4 100644
--- a/lib/libnetgraph/Makefile
+++ b/lib/libnetgraph/Makefile
@@ -1,6 +1,7 @@
# $FreeBSD$
# $Whistle: Makefile,v 1.4 1999/01/17 03:41:02 julian Exp $
+PACKAGE=lib${LIB}
LIB= netgraph
WARNS?= 3
MAN= netgraph.3
diff --git a/lib/libngatm/Makefile b/lib/libngatm/Makefile
index 85294b0471df..71f21d5d0111 100644
--- a/lib/libngatm/Makefile
+++ b/lib/libngatm/Makefile
@@ -2,6 +2,7 @@
#
# Author: Harti Brandt <harti@freebsd.org>
#
+PACKAGE=lib${LIB}
LIB= ngatm
SHLIB_MAJOR= 4
MAN= libngatm.3 uniaddr.3 unifunc.3 unimsg.3 unisap.3 unistruct.3
diff --git a/lib/libnv/Makefile b/lib/libnv/Makefile
index f0ed8c4fa52c..4b2125b07175 100644
--- a/lib/libnv/Makefile
+++ b/lib/libnv/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
SHLIBDIR?= /lib
.include <src.opts.mk>
diff --git a/lib/libnv/tests/Makefile b/lib/libnv/tests/Makefile
index cce0b5e8f1a7..d815af48b5cb 100644
--- a/lib/libnv/tests/Makefile
+++ b/lib/libnv/tests/Makefile
@@ -1,5 +1,9 @@
# $FreeBSD$
+PACKAGE=tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
ATF_TESTS_CXX= \
dnv_tests \
nv_array_tests \
diff --git a/lib/libopenbsd/Makefile b/lib/libopenbsd/Makefile
index 3eb6b743d186..afb41b393fbd 100644
--- a/lib/libopenbsd/Makefile
+++ b/lib/libopenbsd/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= openbsd
SRCS= getdtablecount.c \
imsg-buffer.c \
diff --git a/lib/libopie/Makefile b/lib/libopie/Makefile
index e66e67a4f9e8..367bbc6ac7be 100644
--- a/lib/libopie/Makefile
+++ b/lib/libopie/Makefile
@@ -2,6 +2,7 @@
#
# $FreeBSD$
#
+PACKAGE=lib${LIB}
OPIE_DIST?= ${.CURDIR}/../../contrib/opie
DIST_DIR= ${OPIE_DIST}/${.CURDIR:T}
SHLIB_MAJOR= 8
diff --git a/lib/libpam/libpam/Makefile b/lib/libpam/libpam/Makefile
index 1dc977f610d3..c7122c72abda 100644
--- a/lib/libpam/libpam/Makefile
+++ b/lib/libpam/libpam/Makefile
@@ -35,6 +35,7 @@
#
# $FreeBSD$
+PACKAGE=lib${LIB}
OPENPAM= ${.CURDIR}/../../../contrib/openpam
.PATH: ${OPENPAM}/include ${OPENPAM}/lib/libpam ${OPENPAM}/doc/man
diff --git a/lib/libpam/libpam/tests/Makefile b/lib/libpam/libpam/tests/Makefile
index e40936a883db..ec32229781e2 100644
--- a/lib/libpam/libpam/tests/Makefile
+++ b/lib/libpam/libpam/tests/Makefile
@@ -1,5 +1,9 @@
# $FreeBSD$
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
OPENPAM= ${SRCTOP}/contrib/openpam
.PATH: ${OPENPAM}/t
diff --git a/lib/libpam/modules/pam_ssh/Makefile b/lib/libpam/modules/pam_ssh/Makefile
index 21991dc9f1c7..8965018e32b2 100644
--- a/lib/libpam/modules/pam_ssh/Makefile
+++ b/lib/libpam/modules/pam_ssh/Makefile
@@ -6,6 +6,7 @@ SSHDIR= ${.CURDIR}/../../../../crypto/openssh
LIB= pam_ssh
MAN= pam_ssh.8
SRCS= pam_ssh.c
+PACKAGE= ssh
# required when linking with a dynamic libssh
SRCS+= roaming_dummy.c
diff --git a/lib/libpcap/Makefile b/lib/libpcap/Makefile
index cdc02287988a..e7512e659121 100644
--- a/lib/libpcap/Makefile
+++ b/lib/libpcap/Makefile
@@ -5,6 +5,7 @@ SHLIBDIR?= /lib
.include <src.opts.mk>
+PACKAGE=lib${LIB}
LIB= pcap
SRCS= grammar.y tokdefs.h version.h pcap-bpf.c \
pcap-netmap.c \
diff --git a/lib/libpjdlog/Makefile b/lib/libpjdlog/Makefile
index ead5619afb67..4fcfe028d9f7 100644
--- a/lib/libpjdlog/Makefile
+++ b/lib/libpjdlog/Makefile
@@ -2,6 +2,7 @@
# $FreeBSD$
#
+PACKAGE=lib${LIB}
SHLIBDIR?= /lib
.include <bsd.own.mk>
diff --git a/lib/libpmc/Makefile b/lib/libpmc/Makefile
index b240070eceb9..30510f6144b0 100644
--- a/lib/libpmc/Makefile
+++ b/lib/libpmc/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= pmc
SRCS= libpmc.c pmclog.c
diff --git a/lib/libproc/Makefile b/lib/libproc/Makefile
index 8c4f4848354e..0372377d8b64 100644
--- a/lib/libproc/Makefile
+++ b/lib/libproc/Makefile
@@ -2,6 +2,7 @@
.include <src.opts.mk>
+PACKAGE=lib${LIB}
LIB= proc
SRCS= proc_bkpt.c \
diff --git a/lib/libproc/tests/Makefile b/lib/libproc/tests/Makefile
index d48250e3bb67..768078ecb3f8 100644
--- a/lib/libproc/tests/Makefile
+++ b/lib/libproc/tests/Makefile
@@ -1,5 +1,9 @@
# $FreeBSD$
+PACKAGE=tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
ATF_TESTS_C+= proc_test
PROGS= target_prog
diff --git a/lib/libprocstat/Makefile b/lib/libprocstat/Makefile
index fc71dbcb666d..240718dd9cd6 100644
--- a/lib/libprocstat/Makefile
+++ b/lib/libprocstat/Makefile
@@ -2,6 +2,7 @@
.include <src.opts.mk>
+PACKAGE=lib${LIB}
LIB= procstat
SRCS= cd9660.c \
diff --git a/lib/libradius/Makefile b/lib/libradius/Makefile
index 42f5def20ef1..3ce1435aa2d9 100644
--- a/lib/libradius/Makefile
+++ b/lib/libradius/Makefile
@@ -26,6 +26,7 @@
.include <src.opts.mk>
+PACKAGE=lib${LIB}
LIB= radius
SRCS= radlib.c
INCS= radlib.h radlib_vs.h
diff --git a/lib/librpcsec_gss/Makefile b/lib/librpcsec_gss/Makefile
index c3e768445004..e59f1e5cfa52 100644
--- a/lib/librpcsec_gss/Makefile
+++ b/lib/librpcsec_gss/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= rpcsec_gss
SHLIB_MAJOR= 1
SRCS+= rpcsec_gss.c rpcsec_gss_prot.c rpcsec_gss_conf.c rpcsec_gss_misc.c \
diff --git a/lib/librpcsvc/Makefile b/lib/librpcsvc/Makefile
index ba972ac3e8eb..1deda175c6a5 100644
--- a/lib/librpcsvc/Makefile
+++ b/lib/librpcsvc/Makefile
@@ -5,6 +5,7 @@
.PATH: ${.CURDIR}/../../include/rpcsvc
+PACKAGE=lib${LIB}
LIB= rpcsvc
RPCSRCS= klm_prot.x mount.x nfs_prot.x nlm_prot.x rex.x rnusers.x \
diff --git a/lib/librt/Makefile b/lib/librt/Makefile
index 3c16976690d0..560f2af36855 100644
--- a/lib/librt/Makefile
+++ b/lib/librt/Makefile
@@ -2,6 +2,7 @@
.include <src.opts.mk>
+PACKAGE=lib${LIB}
LIB=rt
SHLIB_MAJOR= 1
CFLAGS+=-I${.CURDIR}/../libc/include -I${.CURDIR}
diff --git a/lib/librt/tests/Makefile b/lib/librt/tests/Makefile
index c4817ecfad76..7f788aef98e5 100644
--- a/lib/librt/tests/Makefile
+++ b/lib/librt/tests/Makefile
@@ -1,5 +1,9 @@
# $FreeBSD$
+PACKAGE=tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
LIBADD= rt
NETBSD_ATF_TESTS_C= sched_test
diff --git a/lib/librtld_db/Makefile b/lib/librtld_db/Makefile
index 9f9b6039d5b4..eec7970eaaa9 100644
--- a/lib/librtld_db/Makefile
+++ b/lib/librtld_db/Makefile
@@ -2,6 +2,7 @@
.include <bsd.own.mk>
+PACKAGE=lib${LIB}
LIB= rtld_db
SHLIB_MAJOR= 2
MAN= librtld_db.3
diff --git a/lib/libsbuf/Makefile b/lib/libsbuf/Makefile
index 98ceeb6b373d..ebf4a8d4a99d 100644
--- a/lib/libsbuf/Makefile
+++ b/lib/libsbuf/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= sbuf
SHLIBDIR?= /lib
SRCS= subr_prf.c subr_sbuf.c
diff --git a/lib/libsdp/Makefile b/lib/libsdp/Makefile
index fcedb5028cec..0037252ccc6b 100644
--- a/lib/libsdp/Makefile
+++ b/lib/libsdp/Makefile
@@ -1,6 +1,7 @@
# $Id: Makefile,v 1.2 2003/09/07 20:34:19 max Exp $
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= sdp
MAN= sdp.3
diff --git a/lib/libsm/Makefile b/lib/libsm/Makefile
index 1ec2dc1ef3e6..984009259fc3 100644
--- a/lib/libsm/Makefile
+++ b/lib/libsm/Makefile
@@ -2,6 +2,7 @@
.include <src.opts.mk>
+PACKAGE=sendmail
SENDMAIL_DIR=${.CURDIR}/../../contrib/sendmail
.PATH: ${SENDMAIL_DIR}/libsm
diff --git a/lib/libsmb/Makefile b/lib/libsmb/Makefile
index b63754bd982a..6236a2e00fba 100644
--- a/lib/libsmb/Makefile
+++ b/lib/libsmb/Makefile
@@ -2,6 +2,7 @@
.include <src.opts.mk>
+PACKAGE=lib${LIB}
CONTRIBDIR= ${.CURDIR}/../../contrib/smbfs
.PATH: ${CONTRIBDIR}/lib/smb
diff --git a/lib/libsmdb/Makefile b/lib/libsmdb/Makefile
index f1f51997244e..3fbd11648869 100644
--- a/lib/libsmdb/Makefile
+++ b/lib/libsmdb/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
SENDMAIL_DIR=${.CURDIR}/../../contrib/sendmail
.PATH: ${SENDMAIL_DIR}/libsmdb
diff --git a/lib/libsmutil/Makefile b/lib/libsmutil/Makefile
index e7919eab9f25..e1d908e9fea5 100644
--- a/lib/libsmutil/Makefile
+++ b/lib/libsmutil/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
SENDMAIL_DIR=${.CURDIR}/../../contrib/sendmail
.PATH: ${SENDMAIL_DIR}/libsmutil
diff --git a/lib/libsqlite3/Makefile b/lib/libsqlite3/Makefile
index d44615162878..37a3a6ef1227 100644
--- a/lib/libsqlite3/Makefile
+++ b/lib/libsqlite3/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
PRIVATELIB= yes
LIB= sqlite3
SHLIB_MAJOR?= 0
diff --git a/lib/libstand/Makefile b/lib/libstand/Makefile
index 82e65f272076..835b535d327b 100644
--- a/lib/libstand/Makefile
+++ b/lib/libstand/Makefile
@@ -6,6 +6,7 @@
# quite large.
#
+PACKAGE=lib${LIB}
MK_PROFILE= no
MK_SSP= no
diff --git a/lib/libstdbuf/Makefile b/lib/libstdbuf/Makefile
index ea233a8ad19b..7d8c3ca3a1d2 100644
--- a/lib/libstdbuf/Makefile
+++ b/lib/libstdbuf/Makefile
@@ -2,6 +2,7 @@
.include <bsd.own.mk>
+PACKAGE=lib${LIB}
LIB= stdbuf
SRCS= stdbuf.c
SHLIB_MAJOR= 1
diff --git a/lib/libstdthreads/Makefile b/lib/libstdthreads/Makefile
index 8daee58b0e87..3200d4e36ba6 100644
--- a/lib/libstdthreads/Makefile
+++ b/lib/libstdthreads/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= stdthreads
SHLIB_MAJOR= 0
diff --git a/lib/libsysdecode/Makefile b/lib/libsysdecode/Makefile
index 405cab8c7847..742c513469fe 100644
--- a/lib/libsysdecode/Makefile
+++ b/lib/libsysdecode/Makefile
@@ -2,6 +2,7 @@
.include <src.opts.mk>
+PACKAGE=lib${LIB}
LIB= sysdecode
SRCS= errno.c ioctl.c syscallnames.c utrace.c
diff --git a/lib/libtacplus/Makefile b/lib/libtacplus/Makefile
index 01345e175a6b..73d8e766da0d 100644
--- a/lib/libtacplus/Makefile
+++ b/lib/libtacplus/Makefile
@@ -24,6 +24,7 @@
#
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= tacplus
SRCS= taclib.c
INCS= taclib.h
diff --git a/lib/libtelnet/Makefile b/lib/libtelnet/Makefile
index 7f737332673a..b5bba12bebe1 100644
--- a/lib/libtelnet/Makefile
+++ b/lib/libtelnet/Makefile
@@ -3,6 +3,7 @@
.include <src.opts.mk>
+PACKAGE=lib${LIB}
TELNETDIR= ${.CURDIR}/../../contrib/telnet
.PATH: ${TELNETDIR}/libtelnet
diff --git a/lib/libthr/Makefile b/lib/libthr/Makefile
index 17176729b2e5..7a080e0f2580 100644
--- a/lib/libthr/Makefile
+++ b/lib/libthr/Makefile
@@ -8,6 +8,7 @@
# (for system call stubs) to CFLAGS below. -DSYSLIBC_SCCS affects just the
# system call stubs.
+PACKAGE= clibs
SHLIBDIR?= /lib
.include <src.opts.mk>
diff --git a/lib/libthr/tests/Makefile b/lib/libthr/tests/Makefile
index aeb1ef89fb5b..6c2139a5d5b3 100644
--- a/lib/libthr/tests/Makefile
+++ b/lib/libthr/tests/Makefile
@@ -1,5 +1,8 @@
# $FreeBSD$
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
TESTSRC= ${SRCTOP}/contrib/netbsd-tests/lib/libpthread
# TODO: t_name (missing pthread_getname_np support in FreeBSD)
diff --git a/lib/libthr/tests/dlopen/Makefile b/lib/libthr/tests/dlopen/Makefile
index bea70ec7cbd5..1f587a5af73b 100644
--- a/lib/libthr/tests/dlopen/Makefile
+++ b/lib/libthr/tests/dlopen/Makefile
@@ -4,6 +4,9 @@ TESTSRC= ${SRCTOP}/contrib/netbsd-tests/lib/libpthread/dlopen
.include <bsd.own.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
TESTSDIR= ${TESTSBASE}/lib/libthr/dlopen
CFLAGS+= -DTESTDIR=\"${TESTSDIR:Q}/\"
diff --git a/lib/libthr/tests/dlopen/dso/Makefile b/lib/libthr/tests/dlopen/dso/Makefile
index 23d4cd60813d..a7f685f5a917 100644
--- a/lib/libthr/tests/dlopen/dso/Makefile
+++ b/lib/libthr/tests/dlopen/dso/Makefile
@@ -1,5 +1,9 @@
# $FreeBSD$
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
OBJTOP= ${.OBJDIR:H:H:H:H:H}
TESTSRC= ${SRCTOP}/contrib/netbsd-tests/lib/libpthread/dlopen/dso
diff --git a/lib/libthread_db/Makefile b/lib/libthread_db/Makefile
index b612f4f8d789..dfd451639501 100644
--- a/lib/libthread_db/Makefile
+++ b/lib/libthread_db/Makefile
@@ -2,6 +2,7 @@
.PATH: ${.CURDIR}/arch/${MACHINE_CPUARCH}
+PACKAGE=lib${LIB}
LIB= thread_db
SHLIB_MAJOR= 3
SRCS= thread_db.c
diff --git a/lib/libucl/Makefile b/lib/libucl/Makefile
index 09a0bf2cc2a3..802048f65afd 100644
--- a/lib/libucl/Makefile
+++ b/lib/libucl/Makefile
@@ -2,6 +2,7 @@
LIBUCL= ${.CURDIR}/../../contrib/libucl
+PACKAGE=lib${LIB}
LIB= ucl
PRIVATELIB= true
SHLIB_MAJOR= 1
diff --git a/lib/libufs/Makefile b/lib/libufs/Makefile
index 24efd0ccc5fa..86fa4c9c47be 100644
--- a/lib/libufs/Makefile
+++ b/lib/libufs/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= ufs
SHLIBDIR?= /lib
SHLIB_MAJOR= 6
diff --git a/lib/libugidfw/Makefile b/lib/libugidfw/Makefile
index f11200d234cb..2df6a24df479 100644
--- a/lib/libugidfw/Makefile
+++ b/lib/libugidfw/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= ugidfw
SHLIB_MAJOR= 5
SRCS= ugidfw.c
diff --git a/lib/libulog/Makefile b/lib/libulog/Makefile
index fedd114efb9e..434f3f6ce199 100644
--- a/lib/libulog/Makefile
+++ b/lib/libulog/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
SHLIBDIR?=/lib
.include <src.opts.mk>
diff --git a/lib/libunbound/Makefile b/lib/libunbound/Makefile
index e348c665041a..f16824485399 100644
--- a/lib/libunbound/Makefile
+++ b/lib/libunbound/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
# Vendor sources and generated files
LDNSDIR= ${.CURDIR}/../../contrib/ldns
UNBOUNDDIR= ${.CURDIR}/../../contrib/unbound
@@ -9,6 +10,7 @@ UNBOUNDDIR= ${.CURDIR}/../../contrib/unbound
LIB= unbound
PRIVATELIB=
+PACKAGE= unbound
CFLAGS= -I${UNBOUNDDIR} -I${LDNSDIR} -I${.OBJDIR}
diff --git a/lib/libusb/Makefile b/lib/libusb/Makefile
index be55aa65a6d8..fe54d2aeb2b6 100644
--- a/lib/libusb/Makefile
+++ b/lib/libusb/Makefile
@@ -4,6 +4,7 @@
# Makefile for the FreeBSD specific LibUSB 2.0
#
+PACKAGE=lib${LIB}
LIB= usb
SHLIB_MAJOR= 3
SHLIB_MINOR= 0
diff --git a/lib/libusbhid/Makefile b/lib/libusbhid/Makefile
index 7dba7ffc9113..6efe9ccbe613 100644
--- a/lib/libusbhid/Makefile
+++ b/lib/libusbhid/Makefile
@@ -1,6 +1,7 @@
# $NetBSD: Makefile,v 1.5 1999/07/23 09:44:38 mrg Exp $
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= usbhid
MAN= usbhid.3
diff --git a/lib/libutil/Makefile b/lib/libutil/Makefile
index 35d146af720f..07412e0ece41 100644
--- a/lib/libutil/Makefile
+++ b/lib/libutil/Makefile
@@ -1,6 +1,7 @@
# @(#)Makefile 8.1 (Berkeley) 6/4/93
# $FreeBSD$
+PACKAGE=lib${LIB}
SHLIBDIR?= /lib
.include <src.opts.mk>
diff --git a/lib/libutil/tests/Makefile b/lib/libutil/tests/Makefile
index 81b2a494eaae..2f46850fd51a 100644
--- a/lib/libutil/tests/Makefile
+++ b/lib/libutil/tests/Makefile
@@ -1,5 +1,9 @@
# $FreeBSD$
+PACKAGE=tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
TAP_TESTS_C+= flopen_test
TAP_TESTS_C+= grp_test
TAP_TESTS_C+= humanize_number_test
diff --git a/lib/libvgl/Makefile b/lib/libvgl/Makefile
index dfc4e81f33b8..5505d373bc12 100644
--- a/lib/libvgl/Makefile
+++ b/lib/libvgl/Makefile
@@ -1,4 +1,5 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= vgl
SHLIB_MAJOR= 6
CFLAGS+=-Wall -I${.CURDIR}
diff --git a/lib/libvmmapi/Makefile b/lib/libvmmapi/Makefile
index 26cf86fbe4c0..bf17566a0d7d 100644
--- a/lib/libvmmapi/Makefile
+++ b/lib/libvmmapi/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= vmmapi
SRCS= vmmapi.c vmmapi_freebsd.c
INCS= vmmapi.h
diff --git a/lib/libwrap/Makefile b/lib/libwrap/Makefile
index 0acb0c4c8da7..b2253d888635 100644
--- a/lib/libwrap/Makefile
+++ b/lib/libwrap/Makefile
@@ -4,6 +4,7 @@
.include <src.opts.mk>
+PACKAGE=lib${LIB}
LIB= wrap
SHLIB_MAJOR= 6
INCS= tcpd.h
diff --git a/lib/libxo/Makefile b/lib/libxo/Makefile
index f8453f405282..2f3f1673d2cd 100644
--- a/lib/libxo/Makefile
+++ b/lib/libxo/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
SHLIBDIR?= /lib
.include <src.opts.mk>
diff --git a/lib/libxo/tests/Makefile b/lib/libxo/tests/Makefile
index 1a0f7c69cfee..43f2e9dfa1a5 100644
--- a/lib/libxo/tests/Makefile
+++ b/lib/libxo/tests/Makefile
@@ -2,6 +2,10 @@
.include <bsd.own.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
LIBXOSRC= ${SRCTOP}/contrib/libxo
# Override the default suffix transformation rules for .c/.o -> .out
diff --git a/lib/libxo/tests/encoder/Makefile b/lib/libxo/tests/encoder/Makefile
index 2fe42457f2e8..491af0cb1d9a 100644
--- a/lib/libxo/tests/encoder/Makefile
+++ b/lib/libxo/tests/encoder/Makefile
@@ -1,5 +1,9 @@
# $FreeBSD$
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+
LIBXOSRC= ${SRCTOP}/contrib/libxo
.PATH: ${LIBXOSRC}/encoder/test
diff --git a/lib/liby/Makefile b/lib/liby/Makefile
index 34939452dd75..2f357f3c7617 100644
--- a/lib/liby/Makefile
+++ b/lib/liby/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= y
SRCS= main.c yyerror.c
NO_PIC=
diff --git a/lib/libypclnt/Makefile b/lib/libypclnt/Makefile
index 2e302f124289..113a3cc83218 100644
--- a/lib/libypclnt/Makefile
+++ b/lib/libypclnt/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE=lib${LIB}
LIB= ypclnt
SHLIB_MAJOR= 4
SRCS= ypclnt_connect.c \
diff --git a/lib/libz/Makefile b/lib/libz/Makefile
index 7a80fcbab520..6a372bb3a10f 100644
--- a/lib/libz/Makefile
+++ b/lib/libz/Makefile
@@ -2,6 +2,7 @@
# $FreeBSD$
#
+PACKAGE=lib${LIB}
LIB= z
SHLIBDIR?= /lib
SHLIB_MAJOR= 6
diff --git a/lib/msun/Makefile b/lib/msun/Makefile
index e731a9876b9a..820855c86a75 100644
--- a/lib/msun/Makefile
+++ b/lib/msun/Makefile
@@ -12,6 +12,7 @@
#
#
+PACKAGE= clibs
.if ${MACHINE_CPUARCH} == "i386"
ARCH_SUBDIR= i387
.else
diff --git a/lib/msun/tests/Makefile b/lib/msun/tests/Makefile
index 8b114fde1c7c..92ebc0b2eba2 100644
--- a/lib/msun/tests/Makefile
+++ b/lib/msun/tests/Makefile
@@ -1,5 +1,8 @@
# $FreeBSD$
+PACKAGE=tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
TESTSRC= ${SRCTOP}/contrib/netbsd-tests/lib/libm
# All architectures on FreeBSD have fenv.h
diff --git a/lib/ncurses/ncurses/Makefile b/lib/ncurses/ncurses/Makefile
index 94fb03a9b278..cf9053ca94c8 100644
--- a/lib/ncurses/ncurses/Makefile
+++ b/lib/ncurses/ncurses/Makefile
@@ -1,5 +1,6 @@
# $FreeBSD$
+PACKAGE= clibs
SHLIBDIR?= /lib
.if !defined(ENABLE_WIDEC)
diff --git a/lib/tests/Makefile b/lib/tests/Makefile
index a0e63e5da42a..609357e57d33 100644
--- a/lib/tests/Makefile
+++ b/lib/tests/Makefile
@@ -2,6 +2,11 @@
.include <bsd.own.mk>
+PACKAGE= tests
+FILESGROUPS= TESTS
+TESTSPACKAGE= ${PACKAGE}
+TESTS+= Kyuafile
+
.PATH: ${SRCTOP}/tests
KYUAFILE= yes