aboutsummaryrefslogtreecommitdiff
path: root/lib/libcasper/services/cap_fileargs
Commit message (Collapse)AuthorAgeFilesLines
* libcasper: Move everything to the libcasper packageLexi Winter2025-11-051-2/+0
| | | | | | | | | | | | The libcasper package exists to contain libcasper, but for some reason only the libcap_net service was in the package, with libcasper itself and the rest of the services being in runtime. Move everything to the libcasper package, except tests which stay in the tests package. MFC after: 1 day Reviewed by: emaste Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D53576
* libcasper: explicit cast in cap_fileargs headerQuentin Thébault2025-10-091-1/+1
| | | | | | | | | | | | The implicit cast is incompatible with standard compiler options in a C++ project, making the library difficult to use. Signed-off-by: Quentin Thébault <quentin.thebault@defenso.fr> Sponsored by: Defenso MFC after: 3 days Discussed with: kevans Reviewed by: emaste, vexeduxr Pull request: https://github.com/freebsd/freebsd-src/pull/1857
* cap_fileargs.3: PolishFaraz Vahedi2025-08-081-88/+86
| | | | | | | | Extensively revised the manual page with clearer phrasing, better structure, and corrected grammar throughout. Also fixed typos and improved overall readability of the documentation. Signed-off-by: Faraz Vahedi <kfv@kfv.io>
* Remove residual blank line at start of MakefileWarner Losh2024-07-152-2/+0
| | | | | | | This is a residual of the $FreeBSD$ removal. MFC After: 3 days (though I'll just run the command on the branches) Sponsored by: Netflix
* libcasper: fix cap_rights_init usageEd Maste2024-02-151-8/+8
| | | | | | | | | | Capability rights passed to cap_rights_* are not simple bitmaks and cannot be ORed together in general (although it will work for certain subsets of rights). PR: 277057 Fixes: faaf43b2a750 ("fileargs: add tests") Sponsored by: The FreeBSD Foundation
* libcasper: document that most libcasper functions are not thread-safeAlan Somers2023-12-081-1/+13
| | | | | | | | | | | | | And neither are most libcasper services' functions, because internally they all use cap_xfer_nvlist. cap_xfer_nvlist sends and then receives data over a unix domain socket and associated with the cap_channel_t argument. So absent synchronization, two threads may not use the same cap_channel_t argument or they risk receiving the other's reply. MFC after: 2 weeks Sponsored by: Axcient Reviewed by: oshogbo Differential Revision: https://reviews.freebsd.org/D42928
* lib: Automated cleanup of cdefs and other formattingWarner Losh2023-11-272-2/+0
| | | | | | | | | | | | | | | | Apply the following automated changes to try to eliminate no-longer-needed sys/cdefs.h includes as well as now-empty blank lines in a row. Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/ Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/ Remove /\n+#if.*\n#endif.*\n+/ Remove /^#if.*\n#endif.*\n/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/ Sponsored by: Netflix
* Remove $FreeBSD$: two-line nroff patternWarner Losh2023-08-161-2/+0
| | | | Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
* Remove $FreeBSD$: one-line sh patternWarner Losh2023-08-163-3/+0
| | | | Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
* Remove $FreeBSD$: one-line .c patternWarner Losh2023-08-162-4/+0
| | | | Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
* Remove $FreeBSD$: two-line .h patternWarner Losh2023-08-161-2/+0
| | | | Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
* spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSDWarner Losh2023-05-122-2/+2
| | | | | | | | | The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause. Discussed with: pfg MFC After: 3 days Sponsored by: Netflix
* libcasper: Move helper libraries from /lib/casper to /lib.John Baldwin2023-03-291-1/+1
| | | | | | | | | These libraries are linked to directly by applications rather than opened at runtime via dlopen(). Discussed with: oshogbo Reviewed by: markj, emaste Differential Revision: https://reviews.freebsd.org/D39245
* cap_fileargs: silence warnings of unused variableMariusz Zaborski2022-03-201-3/+2
| | | | | | | We still want to fetch the variable just to verify that the interface is right. Reported by: pstef
* libcasper(3): Correct some warnings found by mandocGordon Bergling2021-07-121-2/+3
| | | | | | | | | | | | | - inserting missing end of block: Sh breaks Bl - moving content out of list: Pp - missing comma before name: Nm cap_* - comma in function argument: cap_* - skipping paragraph macro: Pp after Sh - sections out of conventional order: Sh AUTHORS Reviewed by: bcr MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D31144
* fileargs: fix double caching of the same fileMariusz Zaborski2021-04-071-2/+6
| | | | | | In situations when the current file name wasn't the first element on the list we were cleaning the current name too early. This might cause us to pre-cache the same file twice.
* tests: Skip cap_fileargs if build without capsicum capabilitiesOlivier Cochard2021-01-262-0/+31
| | | | | | Approved by: oshogbo Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D2834
* fileargs: add support for realpathMariusz Zaborski2021-01-105-3/+224
|
* fileargs: add testsMariusz Zaborski2021-01-093-0/+625
|
* libcasper(3): Document HISTORY within the manpagesGordon Bergling2020-06-161-1/+6
| | | | | | | | | | Reviewed by: bcr (mentor) Approved by: bcr (mentor) MFC after: 7 days Differential Revision: https://reviews.freebsd.org/D24695 Notes: svn path=/head/; revision=362230
* cap_fileargs: Fix a descriptor leak in the service process.Mark Johnston2020-06-011-5/+5
| | | | | | | | | | | | | | | | | | | | | | | The service handler for fileargs_open() tries to pre-open multiple files and pass descriptors for each back to the sandboxed process in a single message. This is to amortize the cost of round-trips between the two processes. The service process adds a "cache" nvlist to the reply to "open", containing file descriptors for pre-opened files. However, when adding that nvlist to the reply, it was making a copy, effectively leaking the cached descriptors. While here, fix spelling in a local variable name. PR: 241226 Reviewed by: oshogbo MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D25095 Notes: svn path=/head/; revision=361694
* libcasper(3): Export functions to C++Conrad Meyer2020-04-071-0/+6
| | | | | | | | | | | | We must wrap C declarations in __BEGIN / __END_DECLS to avoid C++ name-mangling of the declaration when including the C header; name-mangling causes the linker to attempt to locate the wrong (C++ ABI) symbol name. Reviewed by: markj, oshogbo (earlier version both) Differential Revision: https://reviews.freebsd.org/D24323 Notes: svn path=/head/; revision=359696
* Update Makefile.depend filesSimon J. Gerraty2019-12-111-0/+18
| | | | | | | | | | | | | Update a bunch of Makefile.depend files as a result of adding Makefile.depend.options files Reviewed by: bdrewery MFC after: 1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D22494 Notes: svn path=/head/; revision=355617
* pkgbase: Move libcap_ to FreeBSD-runtimeEmmanuel Vadot2019-09-051-1/+1
| | | | | | | | | | | A lot of binaries present in FreeBSD-runtime depend on it so move the libs there. Reviewed by: bapt, gjb Differential Revision: https://reviews.freebsd.org/D21501 Notes: svn path=/head/; revision=351853
* cap_filergs: limit size of the file nameMariusz Zaborski2019-08-071-0/+5
| | | | | | | | | | | | | | | The limit of the name in fileargs is twice the size of the MAXPATH. The nvlist will not add an element with the longer name. We can detect at this point that the path is too big, and simple return the same error as open(2) would. PR: 239700 Reported by: markj Tested by: markj MFC after: 2 weeks Notes: svn path=/head/; revision=350695
* fileargs: fix formating in EXAMPLESMariusz Zaborski2019-07-301-1/+1
| | | | | | | | PR: 239523 Submitted by: mikael.urankar@gmail.com Notes: svn path=/head/; revision=350438
* Link fileargs_lstat.3.Mark Johnston2019-07-211-0/+1
| | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=350201
* fileargs: add wrapping/unwrapping functionsMariusz Zaborski2019-06-122-1/+57
| | | | | | | Those function may be useful to pass fileargs connections around. Notes: svn path=/head/; revision=349002
* [casper] fix compilation when casper is disabled.Adrian Chadd2019-04-171-2/+6
| | | | | | | | | | | This triggers an error in gcc-mips 6.4.0 complaining about unused arguments. Tested: * compiled/run on mips32; nothing complained. Notes: svn path=/head/; revision=346322
* cap_fileargs: fix test after r346318Ed Maste2019-04-171-1/+1
| | | | | | | | | | Reported by: danfe, mjg MFC after: 3 weeks MFC with: r346315 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=346321
* cap_fileargs: fix GCC build, don't shadow 'stat'Ed Maste2019-04-171-2/+2
| | | | | | | | | | Reported by: ci.freebsd.org MFC after: 3 weeks MFC with: r346315 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=346318
* cap_fileargs: add fileargs_lstat serviceEd Maste2019-04-173-29/+207
| | | | | | | | | | | | | | | | Add fileargs_lstat function to cap_fileargs casper service to be able to lstat files while in capability mode. It can only lstat files given in fileargs_init. Submitted by: Bora Özarslan <borako.ozarslan@gmail.com> Reviewed by: oshogbo, cem (partial) MFC after: 3 weeks Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D19548 Notes: svn path=/head/; revision=346315
* cap_fileargs.3: typo and markup correctionsEd Maste2019-04-171-6/+6
| | | | | | | | | | Submitted by: Bora Özarslan" <borako.ozarslan@gmail.com> MFC after: 1 week MFC with: r346313 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=346314
* cap_fileargs.3: correct 'filerags' typoEd Maste2019-04-171-3/+3
| | | | | | | | | Submitted by: Bora Özarslan" <borako.ozarslan@gmail.com> MFC after: 1 week Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=346313
* libcasper: do not fail if Capsicum is not avilableMariusz Zaborski2018-11-301-1/+1
| | | | | | | | | | Casper service can be also used on the kernels without Capsicum support. Reported by: sbruno Tested by: sbruno Notes: svn path=/head/; revision=341347
* Fix typo in the comparison.Mariusz Zaborski2018-11-121-2/+2
| | | | | | | | | This fix build with gcc. Reported by: jenkins Notes: svn path=/head/; revision=340381
* libcasper: introduce cap_fileargs serviceMariusz Zaborski2018-11-124-0/+889
cap_fileargs is a Casper service which helps to sandbox applications that need access to the filesystem namespace. The main purpose of the service is to make easy to capsicumize applications that works on multiple files passed in argv. We have a couple example of using it but we still treat this service as an experimental one. Reviewed by: emsate (previous version), jonathan (partially) Discussed with: many Differential Revision: https://reviews.freebsd.org/D14407 Notes: svn path=/head/; revision=340373
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 12:20:58 +0000