User Details
- User Since
- Aug 2 2014, 12:45 PM (510 w, 6 d)
Tue, May 14
Sigh, a typo.
Man page fix from Brooks.
Mon, May 13
Thu, May 2
Use the right symbol version and bump Dd.
Wed, May 1
There's a separate review for vfork (https://reviews.freebsd.org/D39829). And yeah, I've pasted Robert the link to this one here :)
Add back procstat(1) bits and remove syscalls.map
As for CAP_FCHROOT - I think we should have it, if only for symmetry with CAP_FCHDIR. I don't really want to implement them - the lookup code isn't really suited for tracking rights for root and cwd, and so those two syscalls require full rights to succeed, not just a subset - but we could in the future.
Mon, Apr 22
Mar 27 2024
Mar 22 2024
Mar 21 2024
Can you describe the dlopen threat model a bit more? My assumption is, a typical Capsicum-aware app wouldn't be setting the rootdir/curdir at all. Or, if it does, it could call cap_enter(2) again before calling dlopen(3), clearing those vnodes.
Fix panic which occured when the PID is specified explictly.
Also handle wait6(2). Add some documentation. Pacify a test.
I agree this should be documented somewhere, but at the moment wait(2) doesn't mention Capsicum at all, and capsicum(4) doesn't mention wait(2). Perhaps a paragraph in pdfork(2), something along the lines of "processes created with pdfork cannot be waited for by a parent running in capsicum(4) mode"?
Mar 16 2024
Mar 15 2024
Dec 27 2023
It appears to be working correctly now. Thank you all :)
Dec 18 2023
I'm not sure what exactly happened here, but I suspect there was something wrong with testing it: while one of previous Kib's commits fixed the instapanic on "automount -c", it still doesn't work, see last few entries at https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274992.
Nov 10 2023
Thank you, I think I'm fine with toggling it from "async" to "sync" specifically for msdosfs.
Nov 9 2023
Doesn't this also enable it by default? If so, it might be a good idea to fix the instapanic it's causing first, https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274992.
Nov 8 2023
I’m not a huge fan of this one tbh. I seem to remember I had it like this for a while, and it was 1. Unbearably slow and 2. Increased flash wear and tear.
Sep 4 2023
Aug 31 2023
Implemented in a better way by https://reviews.freebsd.org/D34426.
Aug 23 2023
Aug 17 2023
FWIW, I've been playing with this idea on and off, and I have some patches, some of them not even entirely broken :) In particular I have fchroot(2) working: https://reviews.freebsd.org/D41564
Jun 7 2023
Implemented as https://reviews.freebsd.org/D38933.
Apr 26 2023
Apr 22 2023
Apr 12 2023
Hah, I've been working on something similar, although from a somewhat different, CHERI-related, angle :)
Apr 11 2023
Mar 18 2023
Nov 19 2022
Only tangentially related, but I wonder if this constant shouldn't be defined for arm64 too?
May 19 2022
My first thought about ENODEV was something about GEOM. ENOENT, on the other hand, would make it obvious what's going on: the root device node is simply not there.
May 18 2022
I've been burned by this in the past, but I've assumed it's just me. This time, though, there was another person involved, and this made me reconsider. In this case it's not even that it's a remote machine: this is for a homebrew remote management mechanism; essentially we have BeagleBone Blacks hooked up to the actual machines (mechanically they are inside the machines), which provide remote console and virtual media, and halting one of those by mistake - for example when you fail to notice the cu(1) to the "real" machine has been disconnected - results in having to power cycle the whole thing, which is one thing our BBB-based remote management does not provide.
May 16 2022
May 14 2022
Linux, it’s a Linux core file :-) The easiest way is to use debootstrap port to bootstrap an Ubuntu Bionic userland, then chroot there and do “apt install gdb”. See https://wiki.freebsd.org/LinuxJails.
I’m not opposed to this patch, but isn’t this what core files are for?