Index: bin/ps/print.c =================================================================== --- bin/ps/print.c +++ bin/ps/print.c @@ -277,8 +277,10 @@ *cp++ = 'V'; if ((flag & P_SYSTEM) || k->ki_p->ki_lock > 0) *cp++ = 'L'; - if ((k->ki_p->ki_cr_flags & CRED_FLAG_CAPMODE) != 0) + if ((k->ki_p->ki_cr_flags & KI_CRF_CAPABILITY_MODE) != 0) *cp++ = 'C'; + else if ((k->ki_p->ki_cr_flags & KI_CRF_RESTRICTED_MODE) != 0) + *cp++ = '#'; if (k->ki_p->ki_kiflag & KI_SLEADER) *cp++ = 's'; if ((flag & P_CONTROLT) && k->ki_p->ki_pgid == k->ki_p->ki_tpgid) Index: lib/libkvm/kvm_proc.c =================================================================== --- lib/libkvm/kvm_proc.c +++ lib/libkvm/kvm_proc.c @@ -149,7 +149,11 @@ kp->ki_svuid = ucred.cr_svuid; kp->ki_rgid = ucred.cr_rgid; kp->ki_svgid = ucred.cr_svgid; - kp->ki_cr_flags = ucred.cr_flags; + kp->ki_cr_flags = 0; + if (SYSFILSET_IN_RESTRICTED_MODE(ucred.cr_sysfilset)) + kp->ki_cr_flags |= KI_CRF_RESTRICTED_MODE; + if (SYSFILSET_IN_CAPABILITY_MODE(ucred.cr_sysfilset)) + kp->ki_cr_flags |= KI_CRF_CAPABILITY_MODE; if (ucred.cr_ngroups > KI_NGROUPS) { kp->ki_ngroups = KI_NGROUPS; kp->ki_cr_flags |= KI_CRF_GRP_OVERFLOW; Index: sys/compat/linux/linux_errno.inc =================================================================== --- sys/compat/linux/linux_errno.inc +++ sys/compat/linux/linux_errno.inc @@ -156,9 +156,11 @@ [ENOTRECOVERABLE] = -LINUX_ENOTRECOVERABLE, [EOWNERDEAD] = -LINUX_EOWNERDEAD, [EINTEGRITY] = -LINUX_EINVAL, /* XXX */ + [ESYSFILTRAP] = -LINUX_EPERM, + [ESYSFILKILL] = -LINUX_EPERM, }; -_Static_assert(ELAST == 97, +_Static_assert(ELAST == 99, "missing errno entries in linux_errtbl"); static const int linux_to_bsd_errtbl[LINUX_ELAST + 1] = { Index: sys/conf/options =================================================================== --- sys/conf/options +++ sys/conf/options @@ -183,6 +183,7 @@ MPROF_BUFFERS opt_mprof.h MPROF_HASH_SIZE opt_mprof.h NEW_PCIB opt_global.h +NOSYSFIL opt_global.h NO_ADAPTIVE_MUTEXES opt_adaptive_mutexes.h NO_ADAPTIVE_RWLOCKS NO_ADAPTIVE_SX Index: sys/kern/kern_exec.c =================================================================== --- sys/kern/kern_exec.c +++ sys/kern/kern_exec.c @@ -584,9 +584,7 @@ imgp->proc->p_pdeathsig = 0; if (credential_changing && -#ifdef CAPABILITY_MODE - ((oldcred->cr_flags & CRED_FLAG_CAPMODE) == 0) && -#endif + !CRED_IN_RESTRICTED_MODE(oldcred) && (imgp->vp->v_mount->mnt_flag & MNT_NOSUID) == 0 && (p->p_flag & P_TRACED) == 0) { imgp->credential_setid = true; Index: sys/kern/kern_mib.c =================================================================== --- sys/kern/kern_mib.c +++ sys/kern/kern_mib.c @@ -693,6 +693,9 @@ SYSCTL_INT(_debug_sizeof, OID_AUTO, proc, CTLFLAG_RD, SYSCTL_NULL_INT_PTR, sizeof(struct proc), "sizeof(struct proc)"); +SYSCTL_INT(_debug_sizeof, OID_AUTO, ucred, CTLFLAG_RD, + SYSCTL_NULL_INT_PTR, sizeof(struct ucred), "sizeof(struct ucred)"); + static int sysctl_kern_pid_max(SYSCTL_HANDLER_ARGS) { Index: sys/kern/kern_proc.c =================================================================== --- sys/kern/kern_proc.c +++ sys/kern/kern_proc.c @@ -1076,8 +1076,10 @@ kp->ki_ruid = cred->cr_ruid; kp->ki_svuid = cred->cr_svuid; kp->ki_cr_flags = 0; - if (cred->cr_flags & CRED_FLAG_CAPMODE) + if (CRED_IN_CAPABILITY_MODE(cred)) kp->ki_cr_flags |= KI_CRF_CAPABILITY_MODE; + if (CRED_IN_RESTRICTED_MODE(cred)) + kp->ki_cr_flags |= KI_CRF_RESTRICTED_MODE; /* XXX bde doesn't like KI_NGROUPS */ if (cred->cr_ngroups > KI_NGROUPS) { kp->ki_ngroups = KI_NGROUPS; Index: sys/kern/kern_prot.c =================================================================== --- sys/kern/kern_prot.c +++ sys/kern/kern_prot.c @@ -2000,6 +2000,9 @@ #endif #ifdef MAC mac_cred_init(cr); +#endif +#ifndef NOSYSFIL + cr->cr_sysfilset = SYSFIL_FULL; #endif cr->cr_groups = cr->cr_smallgroups; cr->cr_agroups = Index: sys/kern/kern_sig.c =================================================================== --- sys/kern/kern_sig.c +++ sys/kern/kern_sig.c @@ -3693,7 +3693,8 @@ if (oldvp != NULL) { if (nextvp == NULL) { - if ((td->td_proc->p_flag & P_SUGID) != 0) { + if ((td->td_proc->p_flag & P_SUGID) != 0 || + CRED_IN_VFS_VEILED_MODE(td->td_ucred)) { error = EFAULT; vn_close(oldvp, FWRITE, td->td_ucred, td); } else { @@ -3830,7 +3831,8 @@ oflags = VN_OPEN_NOAUDIT | VN_OPEN_NAMECACHE | (capmode_coredump ? VN_OPEN_NOCAPCHECK : 0); flags = O_CREAT | FWRITE | O_NOFOLLOW; - if ((td->td_proc->p_flag & P_SUGID) != 0) + if ((td->td_proc->p_flag & P_SUGID) != 0 || + CRED_IN_VFS_VEILED_MODE(td->td_ucred)) flags |= O_EXCL; NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name); Index: sys/kern/kern_syscalls.c =================================================================== --- sys/kern/kern_syscalls.c +++ sys/kern/kern_syscalls.c @@ -116,7 +116,7 @@ { int i; - if ((flags & ~SY_THR_STATIC) != 0) + if ((flags & ~(SY_HLP_STATIC | SY_HLP_PRESERVE_SYFLAGS)) != 0) return (EINVAL); if (*offset == NO_SYSCALL) { @@ -139,8 +139,11 @@ ("dynamic syscall is not protected")); *old_sysent = sysents[*offset]; new_sysent->sy_thrcnt = SY_THR_ABSENT; + if ((flags & SY_HLP_PRESERVE_SYFLAGS) != 0) + new_sysent->sy_flags = old_sysent->sy_flags; sysents[*offset] = *new_sysent; - atomic_store_rel_32(&sysents[*offset].sy_thrcnt, flags); + atomic_store_rel_32(&sysents[*offset].sy_thrcnt, + (flags & SY_HLP_STATIC) != 0 ? SY_THR_STATIC : 0); return (0); } Index: sys/kern/subr_syscall.c =================================================================== --- sys/kern/subr_syscall.c +++ sys/kern/subr_syscall.c @@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$"); #include +#include #include #include #ifdef KTRACE @@ -117,14 +118,20 @@ } } +#ifndef NOSYSFIL + if (__predict_false(!CRED_HAS_SYSFIL(td->td_ucred, ~se->sy_flags))) { #ifdef CAPABILITY_MODE - /* - * In capability mode, we only allow access to system calls - * flagged with SYF_CAPENABLED. - */ - if (__predict_false(IN_CAPABILITY_MODE(td) && - (se->sy_flags & SYF_CAPENABLED) == 0)) { - td->td_errno = error = ECAPMODE; + /* + * In capability mode, we only allow access to system calls + * flagged with SYF_CAPENABLED. + */ + if (__predict_false(IN_CAPABILITY_MODE(td) && + (se->sy_flags & SYF_CAPENABLED) == 0)) { + td->td_errno = error = ECAPMODE; + goto retval; + } +#endif + td->td_errno = error = EPERM; goto retval; } #endif @@ -212,7 +219,6 @@ { struct proc *p; struct syscall_args *sa; - ksiginfo_t ksi; int traced; KASSERT(td->td_errno != ERELOOKUP, @@ -220,18 +226,38 @@ p = td->td_proc; sa = &td->td_sa; - if (__predict_false(td->td_errno == ENOTCAPABLE || - td->td_errno == ECAPMODE)) { - if ((trap_enotcap || - (p->p_flag2 & P2_TRAPCAP) != 0) && IN_CAPABILITY_MODE(td)) { + +#ifndef NOSYSFIL + /* Handle special errnos that should trigger signals. */ + if (__predict_false(td->td_errno != 0)) { + ksiginfo_t ksi; + switch (td->td_errno) { + case ENOTCAPABLE: + case ECAPMODE: + if (!IN_CAPABILITY_MODE(td) || + !(trap_enotcap || (p->p_flag2 & P2_TRAPCAP) != 0)) + break; ksiginfo_init_trap(&ksi); ksi.ksi_signo = SIGTRAP; ksi.ksi_errno = td->td_errno; ksi.ksi_code = TRAP_CAP; ksi.ksi_info.si_syscall = sa->original_code; trapsignal(td, &ksi); + break; + case ESYSFILTRAP: + case ESYSFILKILL: + ksiginfo_init_trap(&ksi); + ksi.ksi_signo = td->td_errno == ESYSFILTRAP ? + SIGTRAP : SIGKILL; + ksi.ksi_code = SI_SYSFIL; + ksi.ksi_info.si_syscall = sa->original_code; + td->td_errno = EPERM; + ksi.ksi_errno = td->td_errno; + trapsignal(td, &ksi); + break; } } +#endif /* * Handle reschedule and other end-of-syscall issues Index: sys/kern/sys_capability.c =================================================================== --- sys/kern/sys_capability.c +++ sys/kern/sys_capability.c @@ -79,6 +79,7 @@ #include #include #include +#include #include @@ -87,7 +88,7 @@ bool __read_frequently trap_enotcap; SYSCTL_BOOL(_kern, OID_AUTO, trap_enotcap, CTLFLAG_RWTUN, &trap_enotcap, 0, - "Deliver SIGTRAP on ENOTCAPABLE"); + "Deliver SIGTRAP on ENOTCAPABLE/ECAPMODE"); #ifdef CAPABILITY_MODE @@ -111,8 +112,14 @@ p = td->td_proc; PROC_LOCK(p); oldcred = crcopysafe(p, newcred); - newcred->cr_flags |= CRED_FLAG_CAPMODE; + newcred->cr_sysfilset &= ~SYSFIL_NOTCAPMODE; + MPASS(CRED_IN_CAPABILITY_MODE(newcred)); + MPASS(CRED_IN_RESTRICTED_MODE(newcred)); proc_set_cred(p, newcred); + if (!PROC_IN_RESTRICTED_MODE(p)) + panic("PROC_IN_RESTRICTED_MODE() bogus"); + if (!PROC_IN_CAPABILITY_MODE(p)) + panic("PROC_IN_CAPABILITY_MODE() bogus"); PROC_UNLOCK(p); crfree(oldcred); return (0); Index: sys/kern/syscalls.master =================================================================== --- sys/kern/syscalls.master +++ sys/kern/syscalls.master @@ -113,6 +113,7 @@ #include #include #include +#include %%ABI_HEADERS%% 0 AUE_NULL SYSMUX { @@ -121,29 +122,29 @@ ... ); } -1 AUE_EXIT STD|CAPENABLED { +1 AUE_EXIT STD|SYSFIL_ALWAYS|CAPENABLED { void exit( int rval ); } -2 AUE_FORK STD|CAPENABLED { +2 AUE_FORK STD|SYSFIL_FORK|CAPENABLED { int fork(void); } -3 AUE_READ STD|CAPENABLED { +3 AUE_READ STD|SYSFIL_CORE|CAPENABLED { ssize_t read( int fd, _Out_writes_bytes_(nbyte) void *buf, size_t nbyte ); } -4 AUE_WRITE STD|CAPENABLED { +4 AUE_WRITE STD|SYSFIL_CORE|CAPENABLED { ssize_t write( int fd, _In_reads_bytes_(nbyte) const void *buf, size_t nbyte ); } -5 AUE_OPEN_RWTC STD { +5 AUE_OPEN_RWTC STD|SYSFIL_FDESC|SYSFIL_PATH { int open( _In_z_ const char *path, int flags, @@ -152,12 +153,12 @@ } ; XXX should be { int open(const char *path, int flags, ...); } ; but we're not ready for varargs. -6 AUE_CLOSE STD|CAPENABLED { +6 AUE_CLOSE STD|SYSFIL_CORE|CAPENABLED { int close( int fd ); } -7 AUE_WAIT4 STD { +7 AUE_WAIT4 STD|SYSFIL_WAIT { int wait4( int pid, _Out_opt_ int *status, @@ -165,77 +166,77 @@ _Out_opt_ _Contains_long_timet_ struct rusage *rusage ); } -8 AUE_CREAT COMPAT { +8 AUE_CREAT COMPAT|SYSFIL_FDESC|SYSFIL_WPATH { int creat( _In_z_ const char *path, int mode ); } -9 AUE_LINK STD { +9 AUE_LINK STD|SYSFIL_CPATH { int link( _In_z_ const char *path, _In_z_ const char *link ); } -10 AUE_UNLINK STD { +10 AUE_UNLINK STD|SYSFIL_DPATH { int unlink( _In_z_ const char *path ); } 11 AUE_NULL OBSOL execv -12 AUE_CHDIR STD { +12 AUE_CHDIR STD|SYSFIL_FDESC|SYSFIL_PATH { int chdir( _In_z_ const char *path ); } -13 AUE_FCHDIR STD { +13 AUE_FCHDIR STD|SYSFIL_FDESC|SYSFIL_PATH { int fchdir( int fd ); } -14 AUE_MKNOD COMPAT11 { +14 AUE_MKNOD COMPAT11|SYSFIL_CPATH { int mknod( _In_z_ const char *path, int mode, uint32_t dev ); } -15 AUE_CHMOD STD { +15 AUE_CHMOD STD|SYSFIL_PATH|SYSFIL_FATTR { int chmod( _In_z_ const char *path, mode_t mode ); } -16 AUE_CHOWN STD { +16 AUE_CHOWN STD|SYSFIL_PATH|SYSFIL_FATTR { int chown( _In_z_ const char *path, int uid, int gid ); } -17 AUE_NULL STD|CAPENABLED { +17 AUE_NULL STD|SYSFIL_MMAN|CAPENABLED { void *break( _In_ char *nsize ); } -18 AUE_GETFSSTAT COMPAT4 { +18 AUE_GETFSSTAT COMPAT4|SYSFIL_RPATH { int getfsstat( _Out_writes_bytes_opt_(bufsize) _Contains_long_ struct ostatfs *buf, long bufsize, int mode ); } -19 AUE_LSEEK COMPAT|CAPENABLED { +19 AUE_LSEEK COMPAT|SYSFIL_CORE|CAPENABLED { long lseek( int fd, long offset, int whence ); } -20 AUE_GETPID STD|CAPENABLED { +20 AUE_GETPID STD|SYSFIL_STATUS|CAPENABLED { pid_t getpid(void); } -21 AUE_MOUNT STD { +21 AUE_MOUNT STD|SYSFIL_MOUNT { int mount( _In_z_ const char *type, _In_z_ const char *path, @@ -243,24 +244,24 @@ _In_opt_ void *data ); } -22 AUE_UMOUNT STD { +22 AUE_UMOUNT STD|SYSFIL_MOUNT { int unmount( _In_z_ const char *path, int flags ); } -23 AUE_SETUID STD|CAPENABLED { +23 AUE_SETUID STD|SYSFIL_SETCRED|CAPENABLED { int setuid( uid_t uid ); } -24 AUE_GETUID STD|CAPENABLED { +24 AUE_GETUID STD|SYSFIL_GETCRED|CAPENABLED { uid_t getuid(void); } -25 AUE_GETEUID STD|CAPENABLED { +25 AUE_GETEUID STD|SYSFIL_GETCRED|CAPENABLED { uid_t geteuid(void); } -26 AUE_PTRACE STD { +26 AUE_PTRACE STD|SYSFIL_TRACE { int ptrace( int req, pid_t pid, @@ -268,21 +269,21 @@ int data ); } -27 AUE_RECVMSG STD|CAPENABLED { +27 AUE_RECVMSG STD|SYSFIL_SOCKIO|CAPENABLED { ssize_t recvmsg( int s, _Inout_ _Contains_ptr_ struct msghdr *msg, int flags ); } -28 AUE_SENDMSG STD|CAPENABLED { +28 AUE_SENDMSG STD|SYSFIL_SOCKIO|CAPENABLED { ssize_t sendmsg( int s, _In_ _Contains_ptr_ const struct msghdr *msg, int flags ); } -29 AUE_RECVFROM STD|CAPENABLED { +29 AUE_RECVFROM STD|SYSFIL_SOCKIO|CAPENABLED { ssize_t recvfrom( int s, _Out_writes_bytes_(len) void *buf, @@ -292,81 +293,81 @@ _Inout_opt_ __socklen_t *fromlenaddr ); } -30 AUE_ACCEPT STD|CAPENABLED { +30 AUE_ACCEPT STD|SYSFIL_FDESC|SYSFIL_SOCK|CAPENABLED { int accept( int s, _Out_writes_bytes_opt_(*anamelen) struct sockaddr *name, _Inout_opt_ __socklen_t *anamelen ); } -31 AUE_GETPEERNAME STD|CAPENABLED { +31 AUE_GETPEERNAME STD|SYSFIL_SOCK|CAPENABLED { int getpeername( int fdes, _Out_writes_bytes_(*alen) struct sockaddr *asa, _Inout_opt_ __socklen_t *alen ); } -32 AUE_GETSOCKNAME STD|CAPENABLED { +32 AUE_GETSOCKNAME STD|SYSFIL_SOCK|CAPENABLED { int getsockname( int fdes, _Out_writes_bytes_(*alen) struct sockaddr *asa, _Inout_ __socklen_t *alen ); } -33 AUE_ACCESS STD { +33 AUE_ACCESS STD|SYSFIL_PATH { int access( _In_z_ const char *path, int amode ); } -34 AUE_CHFLAGS STD { +34 AUE_CHFLAGS STD|SYSFIL_PATH|SYSFIL_FATTR { int chflags( _In_z_ const char *path, u_long flags ); } -35 AUE_FCHFLAGS STD|CAPENABLED { +35 AUE_FCHFLAGS STD|SYSFIL_FATTR|CAPENABLED { int fchflags( int fd, u_long flags ); } -36 AUE_SYNC STD|CAPENABLED { +36 AUE_SYNC STD|SYSFIL_WPATH|CAPENABLED { int sync(void); } -37 AUE_KILL STD|CAPENABLED { +37 AUE_KILL STD|SYSFIL_SIGSEND|CAPENABLED { int kill( int pid, int signum ); } -38 AUE_STAT COMPAT { +38 AUE_STAT COMPAT|SYSFIL_RPATH { int stat( _In_z_ const char *path, _Out_ _Contains_timet_ struct ostat *ub ); } -39 AUE_GETPPID STD|CAPENABLED { +39 AUE_GETPPID STD|SYSFIL_STATUS|CAPENABLED { pid_t getppid(void); } -40 AUE_LSTAT COMPAT { +40 AUE_LSTAT COMPAT|SYSFIL_RPATH { int lstat( _In_z_ const char *path, _Out_ _Contains_timet_ struct ostat *ub ); } -41 AUE_DUP STD|CAPENABLED { +41 AUE_DUP STD|SYSFIL_FDESC|CAPENABLED { int dup( u_int fd ); } -42 AUE_PIPE COMPAT10|CAPENABLED { +42 AUE_PIPE COMPAT10|SYSFIL_FDESC|CAPENABLED { int pipe(void); } -43 AUE_GETEGID STD|CAPENABLED { +43 AUE_GETEGID STD|SYSFIL_GETCRED|CAPENABLED { gid_t getegid(void); } -44 AUE_PROFILE STD|CAPENABLED { +44 AUE_PROFILE STD|SYSFIL_PROCCTL|CAPENABLED { int profil( _Out_writes_bytes_(size) char *samples, size_t size, @@ -374,7 +375,7 @@ u_int scale ); } -45 AUE_KTRACE STD { +45 AUE_KTRACE STD|SYSFIL_PATH|SYSFIL_TRACE { int ktrace( _In_z_ const char *fname, int ops, @@ -382,17 +383,17 @@ int pid ); } -46 AUE_SIGACTION COMPAT|CAPENABLED { +46 AUE_SIGACTION COMPAT|SYSFIL_SIGHAND|CAPENABLED { int sigaction( int signum, _In_opt_ _Contains_ptr_ struct osigaction *nsa, _Out_opt_ _Contains_ptr_ struct osigaction *osa ); } -47 AUE_GETGID STD|CAPENABLED { +47 AUE_GETGID STD|SYSFIL_GETCRED|CAPENABLED { gid_t getgid(void); } -48 AUE_SIGPROCMASK COMPAT|CAPENABLED { +48 AUE_SIGPROCMASK COMPAT|SYSFIL_SIGMASK|CAPENABLED { int sigprocmask( int how, osigset_t mask @@ -401,13 +402,13 @@ ; XXX note nonstandard (bogus) calling convention - the libc stub passes ; us the mask, not a pointer to it, and we return the old mask as the ; (int) return value. -49 AUE_GETLOGIN STD|CAPENABLED { +49 AUE_GETLOGIN STD|SYSFIL_GETCRED|CAPENABLED { int getlogin( _Out_writes_z_(namelen) char *namebuf, u_int namelen ); } -50 AUE_SETLOGIN STD { +50 AUE_SETLOGIN STD|SYSFIL_SETCRED { int setlogin( _In_z_ const char *namebuf ); @@ -417,16 +418,16 @@ _In_z_ const char *path ); } -52 AUE_SIGPENDING COMPAT|CAPENABLED { +52 AUE_SIGPENDING COMPAT|SYSFIL_SIGWAIT|CAPENABLED { int sigpending(void); } -53 AUE_SIGALTSTACK STD|CAPENABLED { +53 AUE_SIGALTSTACK STD|SYSFIL_SIGHAND|CAPENABLED { int sigaltstack( _In_opt_ _Contains_long_ptr_ const struct sigaltstack *ss, _Out_opt_ _Contains_long_ptr_ struct sigaltstack *oss ); } -54 AUE_IOCTL STD|CAPENABLED { +54 AUE_IOCTL STD|SYSFIL_CORE|CAPENABLED { int ioctl( int fd, u_long com, @@ -438,48 +439,48 @@ int opt ); } -56 AUE_REVOKE STD { +56 AUE_REVOKE STD|SYSFIL_TTY { int revoke( _In_z_ const char *path ); } -57 AUE_SYMLINK STD { +57 AUE_SYMLINK STD|SYSFIL_CPATH { int symlink( _In_z_ const char *path, _In_z_ const char *link ); } -58 AUE_READLINK STD { +58 AUE_READLINK STD|SYSFIL_RPATH { ssize_t readlink( _In_z_ const char *path, _Out_writes_z_(count) char *buf, size_t count ); } -59 AUE_EXECVE STD { +59 AUE_EXECVE STD|SYSFIL_PATH|SYSFIL_EXEC { int execve( _In_z_ const char *fname, _In_z_ char **argv, _In_z_ char **envv ); } -60 AUE_UMASK STD|CAPENABLED { +60 AUE_UMASK STD|SYSFIL_FDESC|CAPENABLED { mode_t umask( mode_t newmask ); } -61 AUE_CHROOT STD { +61 AUE_CHROOT STD|SYSFIL_PATH|SYSFIL_CHROOT { int chroot( _In_z_ const char *path ); } -62 AUE_FSTAT COMPAT|CAPENABLED { +62 AUE_FSTAT COMPAT|SYSFIL_CORE|CAPENABLED { int fstat( int fd, _Out_ _Contains_timet_ struct ostat *sb ); } -63 AUE_NULL COMPAT { +63 AUE_NULL COMPAT|SYSFIL_SYSINFO { int getkerninfo( int op, _Out_writes_bytes_opt(*size) char *where, @@ -487,32 +488,32 @@ int arg ); } -64 AUE_NULL COMPAT|CAPENABLED { +64 AUE_NULL COMPAT|SYSFIL_SYSINFO|CAPENABLED { int getpagesize(void); } -65 AUE_MSYNC STD|CAPENABLED { +65 AUE_MSYNC STD|SYSFIL_MMAN|CAPENABLED { int msync( _In_ void *addr, size_t len, int flags ); } -66 AUE_VFORK STD { +66 AUE_VFORK STD|SYSFIL_FORK { int vfork(void); } 67 AUE_NULL OBSOL vread 68 AUE_NULL OBSOL vwrite -69 AUE_SBRK STD|CAPENABLED { +69 AUE_SBRK STD|SYSFIL_MMAN|CAPENABLED { int sbrk( int incr ); } -70 AUE_SSTK STD|CAPENABLED { +70 AUE_SSTK STD|SYSFIL_MMAN|CAPENABLED { int sstk( int incr ); } -71 AUE_MMAP COMPAT|CAPENABLED { +71 AUE_MMAP COMPAT|SYSFIL_MMAN|CAPENABLED { void *mmap( _In_ void *addr, int len, @@ -522,25 +523,25 @@ long pos ); } -72 AUE_O_VADVISE COMPAT11 { +72 AUE_O_VADVISE COMPAT11|SYSFIL_MMAN { int vadvise( int anom ); } -73 AUE_MUNMAP STD|CAPENABLED { +73 AUE_MUNMAP STD|SYSFIL_MMAN|CAPENABLED { int munmap( _In_ void *addr, size_t len ); } -74 AUE_MPROTECT STD|CAPENABLED { +74 AUE_MPROTECT STD|SYSFIL_MMAN|CAPENABLED { int mprotect( _In_ void *addr, size_t len, int prot ); } -75 AUE_MADVISE STD|CAPENABLED { +75 AUE_MADVISE STD|SYSFIL_MMAN|CAPENABLED { int madvise( _In_ void *addr, size_t len, @@ -549,42 +550,42 @@ } 76 AUE_NULL OBSOL vhangup 77 AUE_NULL OBSOL vlimit -78 AUE_MINCORE STD|CAPENABLED { +78 AUE_MINCORE STD|SYSFIL_MMAN|CAPENABLED { int mincore( _In_ const void *addr, size_t len, _Out_writes_bytes_(len/PAGE_SIZE) char *vec ); } -79 AUE_GETGROUPS STD|CAPENABLED { +79 AUE_GETGROUPS STD|SYSFIL_GETCRED|CAPENABLED { int getgroups( int gidsetsize, _Out_writes_opt_(gidsetsize) gid_t *gidset ); } -80 AUE_SETGROUPS STD { +80 AUE_SETGROUPS STD|SYSFIL_SETCRED { int setgroups( int gidsetsize, _In_reads_(gidsetsize) const gid_t *gidset ); } -81 AUE_GETPGRP STD|CAPENABLED { +81 AUE_GETPGRP STD|SYSFIL_STATUS|CAPENABLED { int getpgrp(void); } -82 AUE_SETPGRP STD { +82 AUE_SETPGRP STD|SYSFIL_FORK { int setpgid( int pid, int pgid ); } -83 AUE_SETITIMER STD|CAPENABLED { +83 AUE_SETITIMER STD|SYSFIL_TIMER|CAPENABLED { int setitimer( int which, _In_ _Contains_timet_ const struct itimerval *itv, _Out_opt_ _Contains_timet_ struct itimerval *oitv ); } -84 AUE_WAIT4 COMPAT { +84 AUE_WAIT4 COMPAT|SYSFIL_WAIT { int wait(void); } 85 AUE_SWAPON STD { @@ -592,13 +593,13 @@ _In_z_ const char *name ); } -86 AUE_GETITIMER STD|CAPENABLED { +86 AUE_GETITIMER STD|SYSFIL_TIMER|CAPENABLED { int getitimer( int which, _Out_ _Contains_timet_ struct itimerval *itv ); } -87 AUE_SYSCTL COMPAT|CAPENABLED { +87 AUE_SYSCTL COMPAT|SYSFIL_SYSINFO|CAPENABLED { int gethostname( _Out_writes_z_(len) char *hostname, u_int len @@ -610,17 +611,17 @@ u_int len ); } -89 AUE_GETDTABLESIZE STD|CAPENABLED { +89 AUE_GETDTABLESIZE STD|SYSFIL_FDESC|CAPENABLED { int getdtablesize(void); } -90 AUE_DUP2 STD|CAPENABLED { +90 AUE_DUP2 STD|SYSFIL_FDESC|CAPENABLED { int dup2( u_int from, u_int to ); } 91 AUE_NULL RESERVED -92 AUE_FCNTL STD|CAPENABLED { +92 AUE_FCNTL STD|SYSFIL_CORE|CAPENABLED { int fcntl( int fd, int cmd, @@ -629,7 +630,7 @@ } ; XXX should be { int fcntl(int fd, int cmd, ...); } ; but we're not ready for varargs. -93 AUE_SELECT STD|CAPENABLED { +93 AUE_SELECT STD|SYSFIL_CORE|CAPENABLED { int select( int nd, _Inout_opt_ fd_set *in, @@ -639,46 +640,46 @@ ); } 94 AUE_NULL RESERVED -95 AUE_FSYNC STD|CAPENABLED { +95 AUE_FSYNC STD|SYSFIL_CORE|CAPENABLED { int fsync( int fd ); } -96 AUE_SETPRIORITY STD|CAPENABLED { +96 AUE_SETPRIORITY STD|SYSFIL_SCHED|CAPENABLED { int setpriority( int which, int who, int prio ); } -97 AUE_SOCKET STD|CAPENABLED { +97 AUE_SOCKET STD|SYSFIL_FDESC|SYSFIL_SOCK|CAPENABLED { int socket( int domain, int type, int protocol ); } -98 AUE_CONNECT STD { +98 AUE_CONNECT STD|SYSFIL_SOCK { int connect( int s, _In_reads_bytes_(namelen) const struct sockaddr *name, __socklen_t namelen ); } -99 AUE_ACCEPT COMPAT|CAPENABLED { +99 AUE_ACCEPT COMPAT|SYSFIL_FDESC|SYSFIL_SOCK|CAPENABLED { int accept( int s, _Out_writes_bytes_opt_(*anamelen) struct sockaddr *name, __socklen_t *anamelen ); } -100 AUE_GETPRIORITY STD|CAPENABLED { +100 AUE_GETPRIORITY STD|SYSFIL_SCHED|CAPENABLED { int getpriority( int which, int who ); } -101 AUE_SEND COMPAT|CAPENABLED { +101 AUE_SEND COMPAT|SYSFIL_SOCKIO|CAPENABLED { int send( int s, _In_reads_bytes_(len) const void *buf, @@ -686,7 +687,7 @@ int flags ); } -102 AUE_RECV COMPAT|CAPENABLED { +102 AUE_RECV COMPAT|SYSFIL_SOCKIO|CAPENABLED { int recv( int s, _Out_writes_bytes_(len) void *buf, @@ -694,19 +695,19 @@ int flags ); } -103 AUE_SIGRETURN COMPAT|CAPENABLED { +103 AUE_SIGRETURN COMPAT|SYSFIL_CORE|CAPENABLED { int sigreturn( _In_ struct osigcontext *sigcntxp ); } -104 AUE_BIND STD { +104 AUE_BIND STD|SYSFIL_SOCK { int bind( int s, _In_reads_bytes_(namelen) const struct sockaddr *name, __socklen_t namelen ); } -105 AUE_SETSOCKOPT STD|CAPENABLED { +105 AUE_SETSOCKOPT STD|SYSFIL_SOCKIO|CAPENABLED { int setsockopt( int s, int level, @@ -715,51 +716,51 @@ __socklen_t valsize ); } -106 AUE_LISTEN STD|CAPENABLED { +106 AUE_LISTEN STD|SYSFIL_SOCK|CAPENABLED { int listen( int s, int backlog ); } 107 AUE_NULL OBSOL vtimes -108 AUE_NULL COMPAT|CAPENABLED { +108 AUE_NULL COMPAT|SYSFIL_SIGHAND|CAPENABLED { int sigvec( int signum, _In_opt_ _Contains_ptr_ struct sigvec *nsv, _Out_opt_ _Contains_ptr_ struct sigvec *osv ); } -109 AUE_NULL COMPAT|CAPENABLED { +109 AUE_NULL COMPAT|SYSFIL_SIGMASK|CAPENABLED { int sigblock( int mask ); } -110 AUE_NULL COMPAT|CAPENABLED { +110 AUE_NULL COMPAT|SYSFIL_SIGMASK|CAPENABLED { int sigsetmask( int mask ); } -111 AUE_NULL COMPAT|CAPENABLED { +111 AUE_NULL COMPAT|SYSFIL_SIGMASK|SYSFIL_SIGWAIT|CAPENABLED { int sigsuspend( osigset_t mask ); } ; XXX note nonstandard (bogus) calling convention - the libc stub passes ; us the mask, not a pointer to it. -112 AUE_NULL COMPAT|CAPENABLED { +112 AUE_NULL COMPAT|SYSFIL_SIGHAND|CAPENABLED { int sigstack( _In_opt_ _Contains_ptr_ struct sigstack *nss, _Out_opt_ _Contains_ptr_ struct sigstack *oss ); } -113 AUE_RECVMSG COMPAT|CAPENABLED { +113 AUE_RECVMSG COMPAT|SYSFIL_SOCKIO|CAPENABLED { int recvmsg( int s, _Inout_ _Contains_ptr_ struct omsghdr *msg, int flags ); } -114 AUE_SENDMSG COMPAT|CAPENABLED { +114 AUE_SENDMSG COMPAT|SYSFIL_SOCKIO|CAPENABLED { int sendmsg( int s, _In_ _Contains_ptr_ const struct omsghdr *msg, @@ -767,19 +768,19 @@ ); } 115 AUE_NULL OBSOL vtrace -116 AUE_GETTIMEOFDAY STD|CAPENABLED { +116 AUE_GETTIMEOFDAY STD|SYSFIL_CLOCK|CAPENABLED { int gettimeofday( _Out_ _Contains_long_timet_ struct timeval *tp, _Out_opt_ struct timezone *tzp ); } -117 AUE_GETRUSAGE STD|CAPENABLED { +117 AUE_GETRUSAGE STD|SYSFIL_STATUS|CAPENABLED { int getrusage( int who, _Out_ _Contains_long_ struct rusage *rusage ); } -118 AUE_GETSOCKOPT STD|CAPENABLED { +118 AUE_GETSOCKOPT STD|SYSFIL_SOCKIO|CAPENABLED { int getsockopt( int s, int level, @@ -789,40 +790,40 @@ ); } 119 AUE_NULL RESERVED -120 AUE_READV STD|CAPENABLED { +120 AUE_READV STD|SYSFIL_CORE|CAPENABLED { int readv( int fd, _Inout_updates_(iovcnt) _Contains_long_ptr_ struct iovec *iovp, u_int iovcnt ); } -121 AUE_WRITEV STD|CAPENABLED { +121 AUE_WRITEV STD|SYSFIL_CORE|CAPENABLED { int writev( int fd, _In_reads_opt_(iovcnt) _Contains_long_ptr_ struct iovec *iovp, u_int iovcnt ); } -122 AUE_SETTIMEOFDAY STD { +122 AUE_SETTIMEOFDAY STD|SYSFIL_SETTIME { int settimeofday( _In_ _Contains_long_timet_ const struct timeval *tv, _In_opt_ const struct timezone *tzp ); } -123 AUE_FCHOWN STD|CAPENABLED { +123 AUE_FCHOWN STD|SYSFIL_FATTR|CAPENABLED { int fchown( int fd, int uid, int gid ); } -124 AUE_FCHMOD STD|CAPENABLED { +124 AUE_FCHMOD STD|SYSFIL_FATTR|CAPENABLED { int fchmod( int fd, mode_t mode ); } -125 AUE_RECVFROM COMPAT|CAPENABLED { +125 AUE_RECVFROM COMPAT|SYSFIL_SOCKIO|CAPENABLED { int recvfrom( int s, _Out_writes_(len) void *buf, @@ -832,49 +833,49 @@ _Inout_ __socklen_t *fromlenaddr ); } -126 AUE_SETREUID STD|CAPENABLED { +126 AUE_SETREUID STD|SYSFIL_SETCRED|CAPENABLED { int setreuid( int ruid, int euid ); } -127 AUE_SETREGID STD|CAPENABLED { +127 AUE_SETREGID STD|SYSFIL_SETCRED|CAPENABLED { int setregid( int rgid, int egid ); } -128 AUE_RENAME STD { +128 AUE_RENAME STD|SYSFIL_CPATH|SYSFIL_DPATH { int rename( _In_z_ const char *from, _In_z_ const char *to ); } -129 AUE_TRUNCATE COMPAT { +129 AUE_TRUNCATE COMPAT|SYSFIL_WPATH { int truncate( _In_z_ const char *path, long length ); } -130 AUE_FTRUNCATE COMPAT|CAPENABLED { +130 AUE_FTRUNCATE COMPAT|SYSFIL_CORE|CAPENABLED { int ftruncate( int fd, long length ); } -131 AUE_FLOCK STD|CAPENABLED { +131 AUE_FLOCK STD|SYSFIL_FLOCK|CAPENABLED { int flock( int fd, int how ); } -132 AUE_MKFIFO STD { +132 AUE_MKFIFO STD|SYSFIL_CPATH { int mkfifo( _In_z_ const char *path, mode_t mode ); } -133 AUE_SENDTO STD|CAPENABLED { +133 AUE_SENDTO STD|SYSFIL_SOCKIO|CAPENABLED { ssize_t sendto( int s, _In_reads_bytes_(len) const void *buf, @@ -884,13 +885,13 @@ __socklen_t tolen ); } -134 AUE_SHUTDOWN STD|CAPENABLED { +134 AUE_SHUTDOWN STD|SYSFIL_SOCKIO|CAPENABLED { int shutdown( int s, int how ); } -135 AUE_SOCKETPAIR STD|CAPENABLED { +135 AUE_SOCKETPAIR STD|SYSFIL_FDESC|CAPENABLED { int socketpair( int domain, int type, @@ -898,38 +899,38 @@ _Out_writes_(2) int *rsv ); } -136 AUE_MKDIR STD { +136 AUE_MKDIR STD|SYSFIL_CPATH { int mkdir( _In_z_ const char *path, mode_t mode ); } -137 AUE_RMDIR STD { +137 AUE_RMDIR STD|SYSFIL_DPATH { int rmdir( _In_z_ const char *path ); } -138 AUE_UTIMES STD { +138 AUE_UTIMES STD|SYSFIL_PATH|SYSFIL_FATTR { int utimes( _In_z_ const char *path, _In_ _Contains_long_timet_ const struct timeval *tptr ); } 139 AUE_NULL OBSOL 4.2 sigreturn -140 AUE_ADJTIME STD { +140 AUE_ADJTIME STD|SYSFIL_SETTIME_ { int adjtime( _In_ _Contains_long_timet_ const struct timeval *delta, _Out_opt_ _Contains_long_timet_ struct timeval *olddelta ); } -141 AUE_GETPEERNAME COMPAT|CAPENABLED { +141 AUE_GETPEERNAME COMPAT|SYSFIL_SOCK|CAPENABLED { int getpeername( int fdes, _Out_writes_bytes_(*alen) struct sockaddr *asa, _Inout_opt_ __socklen_t *alen ); } -142 AUE_SYSCTL COMPAT|CAPENABLED { +142 AUE_SYSCTL COMPAT|SYSFIL_SYSINFO|CAPENABLED { long gethostid(void); } 143 AUE_SYSCTL COMPAT { @@ -937,28 +938,28 @@ long hostid ); } -144 AUE_GETRLIMIT COMPAT|CAPENABLED { +144 AUE_GETRLIMIT COMPAT|SYSFIL_STATUS|CAPENABLED { int getrlimit( u_int which, _Out_ struct orlimit *rlp ); } -145 AUE_SETRLIMIT COMPAT|CAPENABLED { +145 AUE_SETRLIMIT COMPAT|SYSFIL_RLIMIT|CAPENABLED { int setrlimit( u_int which, _Out_ struct orlimit *rlp ); } -146 AUE_KILLPG COMPAT { +146 AUE_KILLPG COMPAT|SYSFIL_SIGSEND { int killpg( int pgid, int signum ); } -147 AUE_SETSID STD|CAPENABLED { +147 AUE_SETSID STD|SYSFIL_FORK|CAPENABLED { int setsid(void); } -148 AUE_QUOTACTL STD { +148 AUE_QUOTACTL STD|SYSFIL_PATH|SYSFIL_QUOTA { int quotactl( _In_z_ const char *path, int cmd, @@ -966,10 +967,10 @@ _In_ void *arg ); } -149 AUE_O_QUOTA COMPAT { +149 AUE_O_QUOTA COMPAT|SYSFIL_QUOTA { int quota(void); } -150 AUE_GETSOCKNAME COMPAT|CAPENABLED { +150 AUE_GETSOCKNAME COMPAT|SYSFIL_SOCK|CAPENABLED { int getsockname( int fdes, _Out_writes_bytes_(*alen) struct sockaddr *asa, @@ -993,7 +994,7 @@ _In_ void *argp ); } -156 AUE_GETDIRENTRIES COMPAT|CAPENABLED { +156 AUE_GETDIRENTRIES COMPAT|SYSFIL_RPATH|CAPENABLED { int getdirentries( int fd, _Out_writes_bytes_(count) char *buf, @@ -1001,32 +1002,32 @@ _Out_ long *basep ); } -157 AUE_STATFS COMPAT4 { +157 AUE_STATFS COMPAT4|SYSFIL_RPATH { int statfs( _In_z_ const char *path, _Out_ _Contains_long_ struct ostatfs *buf ); } -158 AUE_FSTATFS COMPAT4|CAPENABLED { +158 AUE_FSTATFS COMPAT4|SYSFIL_RPATH|CAPENABLED { int fstatfs( int fd, _Out_ _Contains_long_ struct ostatfs *buf ); } 159 AUE_NULL RESERVED -160 AUE_LGETFH STD { +160 AUE_LGETFH STD|SYSFIL_PATH|SYSFIL_FH { int lgetfh( _In_z_ const char *fname, _Out_ struct fhandle *fhp ); } -161 AUE_NFS_GETFH STD { +161 AUE_NFS_GETFH STD|SYSFIL_PATH|SYSFIL_FH { int getfh( _In_z_ const char *fname, _Out_ struct fhandle *fhp ); } -162 AUE_SYSCTL COMPAT4|CAPENABLED { +162 AUE_SYSCTL COMPAT4|SYSFIL_SYSINFO|CAPENABLED { int getdomainname( _Out_writes_z_(len) char *domainname, int len @@ -1038,18 +1039,18 @@ int len ); } -164 AUE_NULL COMPAT4 { +164 AUE_NULL COMPAT4|SYSFIL_SYSINFO { int uname( _Out_ struct utsname *name ); } -165 AUE_SYSARCH STD|CAPENABLED { +165 AUE_SYSARCH STD|SYSFIL_CORE|CAPENABLED { int sysarch( int op, _In_z_ char *parms ); } -166 AUE_RTPRIO STD|CAPENABLED { +166 AUE_RTPRIO STD|SYSFIL_SCHED|CAPENABLED { int rtprio( int function, pid_t pid, @@ -1057,7 +1058,7 @@ ); } 167-168 AUE_NULL RESERVED -169 AUE_SEMSYS NOSTD { +169 AUE_SEMSYS NOSTD|SYSFIL_SYSVSEM { int semsys( int which, int a2, @@ -1067,7 +1068,7 @@ ); } ; XXX should be { int semsys(int which, ...); } -170 AUE_MSGSYS NOSTD { +170 AUE_MSGSYS NOSTD|SYSFIL_SYSVMSG { int msgsys( int which, int a2, @@ -1078,7 +1079,7 @@ ); } ; XXX should be { int msgsys(int which, ...); } -171 AUE_SHMSYS NOSTD { +171 AUE_SHMSYS NOSTD|SYSFIL_SYSVSHM { int shmsys( int which, int a2, @@ -1088,7 +1089,7 @@ } ; XXX should be { int shmsys(int which, ...); } 172 AUE_NULL RESERVED -173 AUE_PREAD COMPAT6|CAPENABLED { +173 AUE_PREAD COMPAT6|SYSFIL_CORE|CAPENABLED { ssize_t pread( int fd, _Out_writes_bytes_(nbyte) void *buf, @@ -1097,7 +1098,7 @@ off_t offset ); } -174 AUE_PWRITE COMPAT6|CAPENABLED { +174 AUE_PWRITE COMPAT6|SYSFIL_CORE|CAPENABLED { ssize_t pwrite( int fd, _In_reads_bytes_(nbyte) const void *buf, @@ -1106,28 +1107,28 @@ off_t offset ); } -175 AUE_SETFIB STD { +175 AUE_SETFIB STD|SYSFIL_SOCK { int setfib( int fibnum ); } -176 AUE_NTP_ADJTIME STD { +176 AUE_NTP_ADJTIME STD|SYSFIL_SETTIME { int ntp_adjtime( _Inout_ _Contains_long_ struct timex *tp ); } 177-180 AUE_NULL RESERVED -181 AUE_SETGID STD|CAPENABLED { +181 AUE_SETGID STD|SYSFIL_SETCRED|CAPENABLED { int setgid( gid_t gid ); } -182 AUE_SETEGID STD|CAPENABLED { +182 AUE_SETEGID STD|SYSFIL_SETCRED|CAPENABLED { int setegid( gid_t egid ); } -183 AUE_SETEUID STD|CAPENABLED { +183 AUE_SETEUID STD|SYSFIL_SETCRED|CAPENABLED { int seteuid( uid_t euid ); @@ -1136,50 +1137,50 @@ 185 AUE_NULL OBSOL lfs_markv 186 AUE_NULL OBSOL lfs_segclean 187 AUE_NULL OBSOL lfs_segwait -188 AUE_STAT COMPAT11 { +188 AUE_STAT COMPAT11|SYSFIL_RPATH { int stat( _In_z_ const char *path, _Out_ _Contains_timet_ struct freebsd11_stat *ub ); } -189 AUE_FSTAT COMPAT11|CAPENABLED { +189 AUE_FSTAT COMPAT11|SYSFIL_CORE|CAPENABLED { int fstat( int fd, _Out_ _Contains_timet_ struct freebsd11_stat *sb ); } -190 AUE_LSTAT COMPAT11 { +190 AUE_LSTAT COMPAT11|SYSFIL_RPATH { int lstat( _In_z_ const char *path, _Out_ _Contains_timet_ struct freebsd11_stat *ub ); } -191 AUE_PATHCONF STD { +191 AUE_PATHCONF STD|SYSFIL_PATH { int pathconf( _In_z_ const char *path, int name ); } -192 AUE_FPATHCONF STD|CAPENABLED { +192 AUE_FPATHCONF STD|SYSFIL_CORE|CAPENABLED { int fpathconf( int fd, int name ); } 193 AUE_NULL RESERVED -194 AUE_GETRLIMIT STD|CAPENABLED { +194 AUE_GETRLIMIT STD|SYSFIL_STATUS|CAPENABLED { int getrlimit( u_int which, _Out_ struct rlimit *rlp ); } -195 AUE_SETRLIMIT STD|CAPENABLED { +195 AUE_SETRLIMIT STD|SYSFIL_RLIMIT|CAPENABLED { int setrlimit( u_int which, _In_ struct rlimit *rlp ); } -196 AUE_GETDIRENTRIES COMPAT11|CAPENABLED { +196 AUE_GETDIRENTRIES COMPAT11|SYSFIL_RPATH|CAPENABLED { int getdirentries( int fd, _Out_writes_bytes_(count) char *buf, @@ -1187,7 +1188,7 @@ _Out_ long *basep ); } -197 AUE_MMAP COMPAT6|CAPENABLED { +197 AUE_MMAP COMPAT6|SYSFIL_MMAN|CAPENABLED { void *mmap( _In_ void *addr, size_t len, @@ -1204,7 +1205,7 @@ ... ); } -199 AUE_LSEEK COMPAT6|CAPENABLED { +199 AUE_LSEEK COMPAT6|SYSFIL_CORE|CAPENABLED { off_t lseek( int fd, int pad, @@ -1212,21 +1213,21 @@ int whence ); } -200 AUE_TRUNCATE COMPAT6 { +200 AUE_TRUNCATE COMPAT6|SYSFIL_WPATH { int truncate( _In_z_ const char *path, int pad, off_t length ); } -201 AUE_FTRUNCATE COMPAT6|CAPENABLED { +201 AUE_FTRUNCATE COMPAT6|SYSFIL_CORE|CAPENABLED { int ftruncate( int fd, int pad, off_t length ); } -202 AUE_SYSCTL STD|CAPENABLED { +202 AUE_SYSCTL STD|SYSFIL_SYSINFO|CAPENABLED { int __sysctl( _In_reads_(namelen) int *name, u_int namelen, @@ -1236,36 +1237,36 @@ size_t newlen ); } -203 AUE_MLOCK STD|CAPENABLED { +203 AUE_MLOCK STD|SYSFIL_MLOCK|CAPENABLED { int mlock( _In_ const void *addr, size_t len ); } -204 AUE_MUNLOCK STD|CAPENABLED { +204 AUE_MUNLOCK STD|SYSFIL_MLOCK|CAPENABLED { int munlock( _In_ const void *addr, size_t len ); } -205 AUE_UNDELETE STD { +205 AUE_UNDELETE STD|SYSFIL_CPATH { int undelete( _In_z_ const char *path ); } -206 AUE_FUTIMES STD|CAPENABLED { +206 AUE_FUTIMES STD|SYSFIL_FATTR|CAPENABLED { int futimes( int fd, _In_reads_(2) _Contains_long_timet_ const struct timeval *tptr ); } -207 AUE_GETPGID STD|CAPENABLED { +207 AUE_GETPGID STD|SYSFIL_STATUS|CAPENABLED { int getpgid( pid_t pid ); } 208 AUE_NULL RESERVED -209 AUE_POLL STD|CAPENABLED { +209 AUE_POLL STD|SYSFIL_CORE|CAPENABLED { int poll( _Inout_updates_(nfds) struct pollfd *fds, u_int nfds, @@ -1286,7 +1287,7 @@ 218 AUE_NULL NODEF|NOTSTATIC lkmnosys lkmnosys nosys_args int 219 AUE_NULL NODEF|NOTSTATIC lkmnosys lkmnosys nosys_args int -220 AUE_SEMCTL COMPAT7|NOSTD { +220 AUE_SEMCTL COMPAT7|NOSTD|SYSFIL_SYSVSEM { int __semctl( int semid, int semnum, @@ -1294,14 +1295,14 @@ _Contains_ptr_ union semun_old *arg ); } -221 AUE_SEMGET NOSTD { +221 AUE_SEMGET NOSTD|SYSFIL_SYSVSEM { int semget( key_t key, int nsems, int semflg ); } -222 AUE_SEMOP NOSTD { +222 AUE_SEMOP NOSTD|SYSFIL_SYSVSEM { int semop( int semid, _In_reads_(nsops) struct sembuf *sops, @@ -1309,20 +1310,20 @@ ); } 223 AUE_NULL OBSOL semconfig -224 AUE_MSGCTL COMPAT7|NOSTD { +224 AUE_MSGCTL COMPAT7|NOSTD|SYSFIL_SYSVMSG { int msgctl( int msqid, int cmd, _Contains_long_ptr_timet_ struct msqid_ds_old *buf ); } -225 AUE_MSGGET NOSTD { +225 AUE_MSGGET NOSTD|SYSFIL_SYSVMSG { int msgget( key_t key, int msgflg ); } -226 AUE_MSGSND NOSTD { +226 AUE_MSGSND NOSTD|SYSFIL_SYSVMSG { int msgsnd( int msqid, _In_reads_bytes_(msgsz) _Contains_long_ const void *msgp, @@ -1330,7 +1331,7 @@ int msgflg ); } -227 AUE_MSGRCV NOSTD { +227 AUE_MSGRCV NOSTD|SYSFIL_SYSVMSG { ssize_t msgrcv( int msqid, _Out_writes_bytes_(msgsz) _Contains_long_ void *msgp, @@ -1339,63 +1340,63 @@ int msgflg ); } -228 AUE_SHMAT NOSTD { +228 AUE_SHMAT NOSTD|SYSFIL_SYSVSHM { void *shmat( int shmid, _In_ const void *shmaddr, int shmflg ); } -229 AUE_SHMCTL COMPAT7|NOSTD { +229 AUE_SHMCTL COMPAT7|NOSTD|SYSFIL_SYSVSHM { int shmctl( int shmid, int cmd, _Inout_opt_ _Contains_long_ struct shmid_ds_old *buf ); } -230 AUE_SHMDT NOSTD { +230 AUE_SHMDT NOSTD|SYSFIL_SYSVSHM { int shmdt( _In_ const void *shmaddr ); } -231 AUE_SHMGET NOSTD { +231 AUE_SHMGET NOSTD|SYSFIL_SYSVSHM { int shmget( key_t key, size_t size, int shmflg ); } -232 AUE_NULL STD|CAPENABLED { +232 AUE_NULL STD|SYSFIL_CLOCK|CAPENABLED { int clock_gettime( clockid_t clock_id, _Out_ _Contains_long_timet_ struct timespec *tp ); } -233 AUE_CLOCK_SETTIME STD { +233 AUE_CLOCK_SETTIME STD|SYSFIL_SETTIME { int clock_settime( clockid_t clock_id, _In_ _Contains_long_timet_ const struct timespec *tp ); } -234 AUE_NULL STD|CAPENABLED { +234 AUE_NULL STD|SYSFIL_CLOCK|CAPENABLED { int clock_getres( clockid_t clock_id, _Out_ _Contains_long_timet_ struct timespec *tp ); } -235 AUE_NULL STD|CAPENABLED { +235 AUE_NULL STD|SYSFIL_TIMER|SYSFIL_POSIXRT|CAPENABLED { int ktimer_create( clockid_t clock_id, _In_ _Contains_long_ptr_ struct sigevent *evp, _Out_ int *timerid ); } -236 AUE_NULL STD|CAPENABLED { +236 AUE_NULL STD|SYSFIL_TIMER|SYSFIL_POSIXRT|CAPENABLED { int ktimer_delete( int timerid ); } -237 AUE_NULL STD|CAPENABLED { +237 AUE_NULL STD|SYSFIL_TIMER|SYSFIL_POSIXRT|CAPENABLED { int ktimer_settime( int timerid, int flags, @@ -1403,39 +1404,39 @@ _Out_opt_ _Contains_long_timet_ struct itimerspec *ovalue ); } -238 AUE_NULL STD|CAPENABLED { +238 AUE_NULL STD|SYSFIL_TIMER|SYSFIL_POSIXRT|CAPENABLED { int ktimer_gettime( int timerid, _Out_ _Contains_long_timet_ struct itimerspec *value ); } -239 AUE_NULL STD|CAPENABLED { +239 AUE_NULL STD|SYSFIL_TIMER|SYSFIL_POSIXRT|CAPENABLED { int ktimer_getoverrun( int timerid ); } -240 AUE_NULL STD|CAPENABLED { +240 AUE_NULL STD|SYSFIL_CORE|CAPENABLED { int nanosleep( _In_ _Contains_long_timet_ const struct timespec *rqtp, _Out_opt_ _Contains_long_timet_ struct timespec *rmtp ); } -241 AUE_NULL STD { +241 AUE_NULL STD|SYSFIL_FFCLOCK { int ffclock_getcounter( _Out_ ffcounter *ffcount ); } -242 AUE_NULL STD { +242 AUE_NULL STD|SYSFIL_FFCLOCK { int ffclock_setestimate( _In_ _Contains_timet_ struct ffclock_estimate *cest ); } -243 AUE_NULL STD { +243 AUE_NULL STD|SYSFIL_FFCLOCK { int ffclock_getestimate( _Out_ _Contains_timet_ struct ffclock_estimate *cest ); } -244 AUE_NULL STD { +244 AUE_NULL STD|SYSFIL_CLOCK { int clock_nanosleep( clockid_t clock_id, int flags, @@ -1444,53 +1445,53 @@ ); } 245-246 AUE_NULL RESERVED -247 AUE_NULL STD { +247 AUE_NULL STD|SYSFIL_CLOCK { int clock_getcpuclockid2( id_t id, int which, _Out_ clockid_t *clock_id ); } -248 AUE_NULL STD|CAPENABLED { +248 AUE_NULL STD|SYSFIL_SETTIME|CAPENABLED { int ntp_gettime( _Out_ _Contains_long_timet_ struct ntptimeval *ntvp ); } 249 AUE_NULL RESERVED -250 AUE_MINHERIT STD|CAPENABLED { +250 AUE_MINHERIT STD|SYSFIL_MMAN|CAPENABLED { int minherit( _In_ void *addr, size_t len, int inherit ); } -251 AUE_RFORK STD { +251 AUE_RFORK STD|SYSFIL_RFORK_ { int rfork( int flags ); } 252 AUE_POLL OBSOL openbsd_poll -253 AUE_ISSETUGID STD|CAPENABLED { +253 AUE_ISSETUGID STD|SYSFIL_CORE|CAPENABLED { int issetugid(void); } -254 AUE_LCHOWN STD { +254 AUE_LCHOWN STD|SYSFIL_PATH|SYSFIL_FATTR { int lchown( _In_z_ const char *path, int uid, int gid ); } -255 AUE_AIO_READ STD|CAPENABLED { +255 AUE_AIO_READ STD|SYSFIL_AIO|CAPENABLED { int aio_read( _Inout_ _Contains_long_ptr_ struct aiocb *aiocbp ); } -256 AUE_AIO_WRITE STD|CAPENABLED { +256 AUE_AIO_WRITE STD|SYSFIL_AIO|CAPENABLED { int aio_write( _Inout_ _Contains_long_ptr_ struct aiocb *aiocbp ); } -257 AUE_LIO_LISTIO STD|CAPENABLED { +257 AUE_LIO_LISTIO STD|SYSFIL_AIO|CAPENABLED { int lio_listio( int mode, _Inout_updates_(nent) _Contains_long_ptr_ struct aiocb * const *acb_list, @@ -1499,7 +1500,7 @@ ); } 258-271 AUE_NULL RESERVED -272 AUE_O_GETDENTS COMPAT11|CAPENABLED { +272 AUE_O_GETDENTS COMPAT11|SYSFIL_RPATH|CAPENABLED { int getdents( int fd, _Out_writes_bytes_(count) char *buf, @@ -1507,40 +1508,40 @@ ); } 273 AUE_NULL RESERVED -274 AUE_LCHMOD STD { +274 AUE_LCHMOD STD|SYSFIL_PATH|SYSFIL_FATTR { int lchmod( _In_z_ const char *path, mode_t mode ); } 275 AUE_NULL OBSOL netbsd_lchown -276 AUE_LUTIMES STD { +276 AUE_LUTIMES STD|SYSFIL_PATH|SYSFIL_FATTR { int lutimes( _In_z_ const char *path, _In_ _Contains_long_timet_ const struct timeval *tptr ); } 277 AUE_NULL OBSOL netbsd_msync -278 AUE_STAT COMPAT11 { +278 AUE_STAT COMPAT11|SYSFIL_RPATH { int nstat( _In_z_ const char *path, _Out_ _Contains_long_timet_ struct nstat *ub ); } -279 AUE_FSTAT COMPAT11 { +279 AUE_FSTAT COMPAT11|SYSFIL_CORE { int nfstat( int fd, _Out_ _Contains_long_timet_ struct nstat *sb ); } -280 AUE_LSTAT COMPAT11 { +280 AUE_LSTAT COMPAT11|SYSFIL_RPATH { int nlstat( _In_z_ const char *path, _Out_ _Contains_long_timet_ struct nstat *ub ); } 281-288 AUE_NULL RESERVED -289 AUE_PREADV STD|CAPENABLED { +289 AUE_PREADV STD|SYSFIL_CORE|CAPENABLED { ssize_t preadv( int fd, _In_reads_(iovcnt) _Contains_long_ptr_ struct iovec *iovp, @@ -1548,7 +1549,7 @@ off_t offset ); } -290 AUE_PWRITEV STD|CAPENABLED { +290 AUE_PWRITEV STD|SYSFIL_CORE|CAPENABLED { ssize_t pwritev( int fd, _In_reads_(iovcnt) _Contains_long_ptr_ struct iovec *iovp, @@ -1557,89 +1558,89 @@ ); } 291-296 AUE_NULL RESERVED -297 AUE_FHSTATFS COMPAT4 { +297 AUE_FHSTATFS COMPAT4|SYSFIL_RPATH|SYSFIL_FH { int fhstatfs( _In_ const struct fhandle *u_fhp, _Out_ _Contains_long_ struct ostatfs *buf ); } -298 AUE_FHOPEN STD { +298 AUE_FHOPEN STD|SYSFIL_PATH|SYSFIL_FDESC|SYSFIL_FH { int fhopen( _In_ const struct fhandle *u_fhp, int flags ); } -299 AUE_FHSTAT COMPAT11 { +299 AUE_FHSTAT COMPAT11|SYSFIL_RPATH|SYSFIL_FH { int fhstat( _In_ const struct fhandle *u_fhp, _Out_ _Contains_long_timet_ struct freebsd11_stat *sb ); } -300 AUE_NULL STD { +300 AUE_NULL STD|SYSFIL_KMOD { int modnext( int modid ); } -301 AUE_NULL STD { +301 AUE_NULL STD|SYSFIL_KMOD { int modstat( int modid, _Out_ _Contains_long_ struct module_stat *stat ); } -302 AUE_NULL STD { +302 AUE_NULL STD|SYSFIL_KMOD { int modfnext( int modid ); } -303 AUE_NULL STD { +303 AUE_NULL STD|SYSFIL_KMOD { int modfind( _In_z_ const char *name ); } -304 AUE_MODLOAD STD { +304 AUE_MODLOAD STD|SYSFIL_KMOD { int kldload( _In_z_ const char *file ); } -305 AUE_MODUNLOAD STD { +305 AUE_MODUNLOAD STD|SYSFIL_KMOD { int kldunload( int fileid ); } -306 AUE_NULL STD { +306 AUE_NULL STD|SYSFIL_KMOD { int kldfind( _In_z_ const char *file ); } -307 AUE_NULL STD { +307 AUE_NULL STD|SYSFIL_KMOD { int kldnext( int fileid ); } -308 AUE_NULL STD { +308 AUE_NULL STD|SYSFIL_KMOD { int kldstat( int fileid, _Out_ _Contains_long_ptr_ struct kld_file_stat *stat ); } -309 AUE_NULL STD { +309 AUE_NULL STD|SYSFIL_KMOD { int kldfirstmod( int fileid ); } -310 AUE_GETSID STD|CAPENABLED { +310 AUE_GETSID STD|SYSFIL_STATUS|CAPENABLED { int getsid( pid_t pid ); } -311 AUE_SETRESUID STD|CAPENABLED { +311 AUE_SETRESUID STD|SYSFIL_SETCRED|CAPENABLED { int setresuid( uid_t ruid, uid_t euid, uid_t suid ); } -312 AUE_SETRESGID STD|CAPENABLED { +312 AUE_SETRESGID STD|SYSFIL_SETCRED|CAPENABLED { int setresgid( gid_t rgid, gid_t egid, @@ -1647,40 +1648,40 @@ ); } 313 AUE_NULL OBSOL signanosleep -314 AUE_AIO_RETURN STD|CAPENABLED { +314 AUE_AIO_RETURN STD|SYSFIL_AIO|CAPENABLED { ssize_t aio_return( _Inout_ _Contains_long_ptr_ struct aiocb *aiocbp ); } -315 AUE_AIO_SUSPEND STD|CAPENABLED { +315 AUE_AIO_SUSPEND STD|SYSFIL_AIO|CAPENABLED { int aio_suspend( _Inout_updates_(nent) _Contains_long_ptr_ struct aiocb * const * aiocbp, int nent, _In_opt_ _Contains_long_timet_ const struct timespec *timeout ); } -316 AUE_AIO_CANCEL STD|CAPENABLED { +316 AUE_AIO_CANCEL STD|SYSFIL_AIO|CAPENABLED { int aio_cancel( int fd, _In_opt_ _Contains_long_ptr_ struct aiocb *aiocbp ); } -317 AUE_AIO_ERROR STD|CAPENABLED { +317 AUE_AIO_ERROR STD|SYSFIL_AIO|CAPENABLED { int aio_error( _In_ _Contains_long_ptr_ struct aiocb *aiocbp ); } -318 AUE_AIO_READ COMPAT6|CAPENABLED { +318 AUE_AIO_READ COMPAT6|SYSFIL_AIO|CAPENABLED { int aio_read( _Inout_ _Contains_long_ptr_ struct oaiocb *aiocbp ); } -319 AUE_AIO_WRITE COMPAT6|CAPENABLED { +319 AUE_AIO_WRITE COMPAT6|SYSFIL_AIO|CAPENABLED { int aio_write( _Inout_ _Contains_long_ptr_ struct oaiocb *aiocbp ); } -320 AUE_LIO_LISTIO COMPAT6|CAPENABLED { +320 AUE_LIO_LISTIO COMPAT6|SYSFIL_AIO|CAPENABLED { int lio_listio( int mode, _Inout_updates_(nent) _Contains_long_ptr_ struct oaiocb * const *acb_list, @@ -1688,75 +1689,75 @@ _In_opt_ _Contains_ptr_ struct osigevent *sig ); } -321 AUE_NULL STD|CAPENABLED { +321 AUE_NULL STD|SYSFIL_CORE|CAPENABLED { int yield(void); } 322 AUE_NULL OBSOL thr_sleep 323 AUE_NULL OBSOL thr_wakeup -324 AUE_MLOCKALL STD|CAPENABLED { +324 AUE_MLOCKALL STD|SYSFIL_MLOCK|CAPENABLED { int mlockall( int how ); } -325 AUE_MUNLOCKALL STD|CAPENABLED { +325 AUE_MUNLOCKALL STD|SYSFIL_MLOCK|CAPENABLED { int munlockall(void); } -326 AUE_GETCWD STD { +326 AUE_GETCWD STD|SYSFIL_PATH { int __getcwd( _Out_writes_z_(buflen) char *buf, size_t buflen ); } -327 AUE_NULL STD|CAPENABLED { +327 AUE_NULL STD|SYSFIL_SCHED|SYSFIL_POSIXRT|CAPENABLED { int sched_setparam( pid_t pid, _In_ const struct sched_param *param ); } -328 AUE_NULL STD|CAPENABLED { +328 AUE_NULL STD|SYSFIL_SCHED|SYSFIL_POSIXRT|CAPENABLED { int sched_getparam( pid_t pid, _Out_ struct sched_param *param ); } -329 AUE_NULL STD|CAPENABLED { +329 AUE_NULL STD|SYSFIL_SCHED|SYSFIL_POSIXRT|CAPENABLED { int sched_setscheduler( pid_t pid, int policy, _In_ const struct sched_param *param ); } -330 AUE_NULL STD|CAPENABLED { +330 AUE_NULL STD|SYSFIL_SCHED|SYSFIL_POSIXRT|CAPENABLED { int sched_getscheduler( pid_t pid ); } -331 AUE_NULL STD|CAPENABLED { +331 AUE_NULL STD|SYSFIL_CORE|CAPENABLED { int sched_yield(void); } -332 AUE_NULL STD|CAPENABLED { +332 AUE_NULL STD|SYSFIL_SCHED|SYSFIL_POSIXRT|CAPENABLED { int sched_get_priority_max( int policy ); } -333 AUE_NULL STD|CAPENABLED { +333 AUE_NULL STD|SYSFIL_SCHED|SYSFIL_POSIXRT|CAPENABLED { int sched_get_priority_min( int policy ); } -334 AUE_NULL STD|CAPENABLED { +334 AUE_NULL STD|SYSFIL_SCHED|SYSFIL_POSIXRT|CAPENABLED { int sched_rr_get_interval( pid_t pid, _Out_ _Contains_long_timet_ struct timespec *interval ); } -335 AUE_NULL STD|CAPENABLED { +335 AUE_NULL STD|SYSFIL_ALWAYS|CAPENABLED { int utrace( _In_reads_bytes_(len) const void *addr, size_t len ); } -336 AUE_SENDFILE COMPAT4|CAPENABLED { +336 AUE_SENDFILE COMPAT4|SYSFIL_SENDFILE|CAPENABLED { int sendfile( int fd, int s, @@ -1767,14 +1768,14 @@ int flags ); } -337 AUE_NULL STD { +337 AUE_NULL STD|SYSFIL_KMOD { int kldsym( int fileid, int cmd, _In_ _Contains_long_ptr_ void *data ); } -338 AUE_JAIL STD { +338 AUE_JAIL STD|SYSFIL_JAIL { int jail( _In_ _Contains_ptr_ struct jail *jail ); @@ -1788,96 +1789,96 @@ int a_followSymlinks ); } -340 AUE_SIGPROCMASK STD|CAPENABLED { +340 AUE_SIGPROCMASK STD|SYSFIL_SIGMASK|CAPENABLED { int sigprocmask( int how, _In_opt_ const sigset_t *set, _Out_opt_ sigset_t *oset ); } -341 AUE_SIGSUSPEND STD|CAPENABLED { +341 AUE_SIGSUSPEND STD|SYSFIL_SIGMASK|SYSFIL_SIGWAIT|CAPENABLED { int sigsuspend( _In_ const sigset_t *sigmask ); } -342 AUE_SIGACTION COMPAT4|CAPENABLED { +342 AUE_SIGACTION COMPAT4|SYSFIL_SIGHAND|CAPENABLED { int sigaction( int sig, _In_opt_ _Contains_ptr_ const struct sigaction *act, _Out_opt_ _Contains_ptr_ struct sigaction *oact ); } -343 AUE_SIGPENDING STD|CAPENABLED { +343 AUE_SIGPENDING STD|SYSFIL_SIGWAIT|CAPENABLED { int sigpending( _In_ sigset_t *set ); } -344 AUE_SIGRETURN COMPAT4|CAPENABLED { +344 AUE_SIGRETURN COMPAT4|SYSFIL_CORE|CAPENABLED { int sigreturn( _In_ _Contains_long_ptr_ const struct freebsd4_ucontext *sigcntxp ); } -345 AUE_SIGWAIT STD|CAPENABLED { +345 AUE_SIGWAIT STD|SYSFIL_SIGWAIT|CAPENABLED { int sigtimedwait( _In_ const sigset_t *set, _Out_opt_ _Contains_long_ptr_ struct siginfo *info, _In_opt_ _Contains_long_timet_ const struct timespec *timeout ); } -346 AUE_NULL STD|CAPENABLED { +346 AUE_NULL STD|SYSFIL_SIGWAIT|CAPENABLED { int sigwaitinfo( _In_ const sigset_t *set, _Out_opt_ _Contains_long_ptr_ struct siginfo *info ); } -347 AUE_ACL_GET_FILE STD { +347 AUE_ACL_GET_FILE STD|SYSFIL_PATH|SYSFIL_ACL { int __acl_get_file( _In_z_ const char *path, acl_type_t type, _Out_ struct acl *aclp ); } -348 AUE_ACL_SET_FILE STD { +348 AUE_ACL_SET_FILE STD|SYSFIL_PATH|SYSFIL_FATTR|SYSFIL_ACL { int __acl_set_file( _In_z_ const char *path, acl_type_t type, _In_ struct acl *aclp ); } -349 AUE_ACL_GET_FD STD|CAPENABLED { +349 AUE_ACL_GET_FD STD|SYSFIL_ACL|CAPENABLED { int __acl_get_fd( int filedes, acl_type_t type, _Out_ struct acl *aclp ); } -350 AUE_ACL_SET_FD STD|CAPENABLED { +350 AUE_ACL_SET_FD STD|SYSFIL_ACL|SYSFIL_FATTR|CAPENABLED { int __acl_set_fd( int filedes, acl_type_t type, _In_ struct acl *aclp ); } -351 AUE_ACL_DELETE_FILE STD { +351 AUE_ACL_DELETE_FILE STD|SYSFIL_PATH|SYSFIL_FATTR|SYSFIL_ACL { int __acl_delete_file( _In_z_ const char *path, acl_type_t type ); } -352 AUE_ACL_DELETE_FD STD|CAPENABLED { +352 AUE_ACL_DELETE_FD STD|SYSFIL_ACL|SYSFIL_FATTR|CAPENABLED { int __acl_delete_fd( int filedes, acl_type_t type ); } -353 AUE_ACL_CHECK_FILE STD { +353 AUE_ACL_CHECK_FILE STD|SYSFIL_PATH|SYSFIL_ACL { int __acl_aclcheck_file( _In_z_ const char *path, acl_type_t type, _In_ struct acl *aclp ); } -354 AUE_ACL_CHECK_FD STD|CAPENABLED { +354 AUE_ACL_CHECK_FD STD|SYSFIL_ACL|CAPENABLED { int __acl_aclcheck_fd( int filedes, acl_type_t type, @@ -1893,7 +1894,7 @@ _In_z_ const char *attrname ); } -356 AUE_EXTATTR_SET_FILE STD { +356 AUE_EXTATTR_SET_FILE STD|SYSFIL_PATH|SYSFIL_FATTR|SYSFIL_EXTATTR { ssize_t extattr_set_file( _In_z_ const char *path, int attrnamespace, @@ -1902,7 +1903,7 @@ size_t nbytes ); } -357 AUE_EXTATTR_GET_FILE STD { +357 AUE_EXTATTR_GET_FILE STD|SYSFIL_PATH|SYSFIL_EXTATTR { ssize_t extattr_get_file( _In_z_ const char *path, int attrnamespace, @@ -1911,37 +1912,37 @@ size_t nbytes ); } -358 AUE_EXTATTR_DELETE_FILE STD { +358 AUE_EXTATTR_DELETE_FILE STD|SYSFIL_PATH|SYSFIL_FATTR|SYSFIL_EXTATTR { int extattr_delete_file( _In_z_ const char *path, int attrnamespace, _In_z_ const char *attrname ); } -359 AUE_AIO_WAITCOMPLETE STD|CAPENABLED { +359 AUE_AIO_WAITCOMPLETE STD|SYSFIL_AIO|CAPENABLED { ssize_t aio_waitcomplete( _Outptr_result_maybenull_ struct aiocb **aiocbp, _In_opt_ _Contains_long_timet_ struct timespec *timeout ); } -360 AUE_GETRESUID STD|CAPENABLED { +360 AUE_GETRESUID STD|SYSFIL_GETCRED|CAPENABLED { int getresuid( _Out_opt_ uid_t *ruid, _Out_opt_ uid_t *euid, _Out_opt_ uid_t *suid ); } -361 AUE_GETRESGID STD|CAPENABLED { +361 AUE_GETRESGID STD|SYSFIL_GETCRED|CAPENABLED { int getresgid( _Out_opt_ gid_t *rgid, _Out_opt_ gid_t *egid, _Out_opt_ gid_t *sgid ); } -362 AUE_KQUEUE STD|CAPENABLED { +362 AUE_KQUEUE STD|SYSFIL_FDESC|CAPENABLED { int kqueue(void); } -363 AUE_KEVENT COMPAT11|CAPENABLED { +363 AUE_KEVENT COMPAT11|SYSFIL_CORE|CAPENABLED { int kevent( int fd, _In_reads_opt_(nchanges) _Contains_ptr_ const struct freebsd11_kevent *changelist, @@ -1958,7 +1959,7 @@ 368 AUE_NULL OBSOL __cap_set_fd 369 AUE_NULL OBSOL __cap_set_file 370 AUE_NULL RESERVED -371 AUE_EXTATTR_SET_FD STD|CAPENABLED { +371 AUE_EXTATTR_SET_FD STD|SYSFIL_EXTATTR|SYSFIL_FATTR|CAPENABLED { ssize_t extattr_set_fd( int fd, int attrnamespace, @@ -1967,7 +1968,7 @@ size_t nbytes ); } -372 AUE_EXTATTR_GET_FD STD|CAPENABLED { +372 AUE_EXTATTR_GET_FD STD|SYSFIL_EXTATTR|CAPENABLED { ssize_t extattr_get_fd( int fd, int attrnamespace, @@ -1976,20 +1977,20 @@ size_t nbytes ); } -373 AUE_EXTATTR_DELETE_FD STD|CAPENABLED { +373 AUE_EXTATTR_DELETE_FD STD|SYSFIL_EXTATTR|SYSFIL_FATTR|CAPENABLED { int extattr_delete_fd( int fd, int attrnamespace, _In_z_ const char *attrname ); } -374 AUE_SETUGID STD { +374 AUE_SETUGID STD|SYSFIL_SETCRED { int __setugid( int flag ); } 375 AUE_NULL OBSOL nfsclnt -376 AUE_EACCESS STD { +376 AUE_EACCESS STD|SYSFIL_PATH { int eaccess( _In_z_ const char *path, int amode @@ -2006,7 +2007,7 @@ long parm6 ); } -378 AUE_NMOUNT STD { +378 AUE_NMOUNT STD|SYSFIL_MOUNT { int nmount( _In_reads_(iovcnt) _Contains_long_ptr_ struct iovec *iovp, unsigned int iovcnt, @@ -2018,35 +2019,35 @@ 381 AUE_NULL OBSOL kse_create 382 AUE_NULL OBSOL kse_thr_interrupt 383 AUE_NULL OBSOL kse_release -384 AUE_NULL STD|CAPENABLED { +384 AUE_NULL STD|SYSFIL_MAC|SYSFIL_GETCRED|CAPENABLED { int __mac_get_proc( _In_ _Contains_long_ptr_ struct mac *mac_p ); } -385 AUE_NULL STD|CAPENABLED { +385 AUE_NULL STD|SYSFIL_MAC|SYSFIL_SETCRED|CAPENABLED { int __mac_set_proc( _In_ _Contains_long_ptr_ struct mac *mac_p ); } -386 AUE_NULL STD|CAPENABLED { +386 AUE_NULL STD|SYSFIL_MAC|CAPENABLED { int __mac_get_fd( int fd, _In_ _Contains_long_ptr_ struct mac *mac_p ); } -387 AUE_NULL STD { +387 AUE_NULL STD|SYSFIL_MAC|SYSFIL_PATH { int __mac_get_file( _In_z_ const char *path_p, _In_ _Contains_long_ptr_ struct mac *mac_p ); } -388 AUE_NULL STD|CAPENABLED { +388 AUE_NULL STD|SYSFIL_MAC|SYSFIL_FATTR|CAPENABLED { int __mac_set_fd( int fd, _In_ _Contains_long_ptr_ struct mac *mac_p ); } -389 AUE_NULL STD { +389 AUE_NULL STD|SYSFIL_MAC|SYSFIL_FATTR|SYSFIL_PATH { int __mac_set_file( _In_z_ const char *path_p, _In_ _Contains_long_ptr_ struct mac *mac_p @@ -2060,19 +2061,19 @@ int len ); } -391 AUE_LCHFLAGS STD { +391 AUE_LCHFLAGS STD|SYSFIL_PATH|SYSFIL_FATTR { int lchflags( _In_z_ const char *path, u_long flags ); } -392 AUE_NULL STD|CAPENABLED { +392 AUE_NULL STD|SYSFIL_CORE|CAPENABLED { int uuidgen( _Out_writes_(count) struct uuid *store, int count ); } -393 AUE_SENDFILE STD|CAPENABLED { +393 AUE_SENDFILE STD|SYSFIL_SENDFILE|CAPENABLED { int sendfile( int fd, int s, @@ -2083,66 +2084,66 @@ int flags ); } -394 AUE_NULL STD { +394 AUE_NULL STD|SYSFIL_MAC { int mac_syscall( _In_z_ const char *policy, int call, _In_opt_ void *arg ); } -395 AUE_GETFSSTAT COMPAT11 { +395 AUE_GETFSSTAT COMPAT11|SYSFIL_RPATH { int getfsstat( _Out_writes_bytes_opt_(bufsize) struct freebsd11_statfs *buf, long bufsize, int mode ); } -396 AUE_STATFS COMPAT11 { +396 AUE_STATFS COMPAT11|SYSFIL_RPATH { int statfs( _In_z_ const char *path, _Out_ struct freebsd11_statfs *buf ); } -397 AUE_FSTATFS COMPAT11|CAPENABLED { +397 AUE_FSTATFS COMPAT11|SYSFIL_RPATH|CAPENABLED { int fstatfs( int fd, _Out_ struct freebsd11_statfs *buf ); } -398 AUE_FHSTATFS COMPAT11 { +398 AUE_FHSTATFS COMPAT11|SYSFIL_RPATH|SYSFIL_FH { int fhstatfs( _In_ const struct fhandle *u_fhp, _Out_ struct freebsd11_statfs *buf ); } 399 AUE_NULL RESERVED -400 AUE_SEMCLOSE NOSTD { +400 AUE_SEMCLOSE NOSTD|SYSFIL_POSIXSEM { int ksem_close( semid_t id ); } -401 AUE_SEMPOST NOSTD { +401 AUE_SEMPOST NOSTD|SYSFIL_POSIXSEM { int ksem_post( semid_t id ); } -402 AUE_SEMWAIT NOSTD { +402 AUE_SEMWAIT NOSTD|SYSFIL_POSIXSEM { int ksem_wait( semid_t id ); } -403 AUE_SEMTRYWAIT NOSTD { +403 AUE_SEMTRYWAIT NOSTD|SYSFIL_POSIXSEM { int ksem_trywait( semid_t id ); } -404 AUE_SEMINIT NOSTD { +404 AUE_SEMINIT NOSTD|SYSFIL_POSIXSEM { int ksem_init( _Out_ semid_t *idp, unsigned int value ); } -405 AUE_SEMOPEN NOSTD { +405 AUE_SEMOPEN NOSTD|SYSFIL_FDESC|SYSFIL_POSIXSEM { int ksem_open( _Out_ semid_t *idp, _In_z_ const char *name, @@ -2151,41 +2152,41 @@ unsigned int value ); } -406 AUE_SEMUNLINK NOSTD { +406 AUE_SEMUNLINK NOSTD|SYSFIL_POSIXSEM { int ksem_unlink( _In_z_ const char *name ); } -407 AUE_SEMGETVALUE NOSTD { +407 AUE_SEMGETVALUE NOSTD|SYSFIL_POSIXSEM { int ksem_getvalue( semid_t id, _Out_ int *val ); } -408 AUE_SEMDESTROY NOSTD { +408 AUE_SEMDESTROY NOSTD|SYSFIL_POSIXSEM { int ksem_destroy( semid_t id ); } -409 AUE_NULL STD { +409 AUE_NULL STD|SYSFIL_MAC|SYSFIL_GETCRED { int __mac_get_pid( pid_t pid, _In_ _Contains_long_ptr_ struct mac *mac_p ); } -410 AUE_NULL STD { +410 AUE_NULL STD|SYSFIL_MAC|SYSFIL_PATH { int __mac_get_link( _In_z_ const char *path_p, _In_ _Contains_long_ptr_ struct mac *mac_p ); } -411 AUE_NULL STD { +411 AUE_NULL STD|SYSFIL_MAC|SYSFIL_FATTR|SYSFIL_PATH { int __mac_set_link( _In_z_ const char *path_p, _In_ _Contains_long_ptr_ struct mac *mac_p ); } -412 AUE_EXTATTR_SET_LINK STD { +412 AUE_EXTATTR_SET_LINK STD|SYSFIL_PATH|SYSFIL_FATTR|SYSFIL_EXTATTR { ssize_t extattr_set_link( _In_z_ const char *path, int attrnamespace, @@ -2194,7 +2195,7 @@ size_t nbytes ); } -413 AUE_EXTATTR_GET_LINK STD { +413 AUE_EXTATTR_GET_LINK STD|SYSFIL_PATH|SYSFIL_EXTATTR { ssize_t extattr_get_link( _In_z_ const char *path, int attrnamespace, @@ -2203,14 +2204,14 @@ size_t nbytes ); } -414 AUE_EXTATTR_DELETE_LINK STD { +414 AUE_EXTATTR_DELETE_LINK STD|SYSFIL_PATH|SYSFIL_FATTR|SYSFIL_EXTATTR { int extattr_delete_link( _In_z_ const char *path, int attrnamespace, _In_z_ const char *attrname ); } -415 AUE_NULL STD { +415 AUE_NULL STD|SYSFIL_MAC|SYSFIL_PATH|SYSFIL_EXEC { int __mac_execve( _In_z_ const char *fname, _In_ char **argv, @@ -2218,30 +2219,30 @@ _In_ _Contains_long_ptr_ struct mac *mac_p ); } -416 AUE_SIGACTION STD|CAPENABLED { +416 AUE_SIGACTION STD|SYSFIL_SIGHAND|CAPENABLED { int sigaction( int sig, _In_opt_ _Contains_ptr_ const struct sigaction *act, _Out_opt_ _Contains_ptr_ struct sigaction *oact ); } -417 AUE_SIGRETURN STD|CAPENABLED { +417 AUE_SIGRETURN STD|SYSFIL_CORE|CAPENABLED { int sigreturn( _In_ _Contains_long_ptr_ const struct __ucontext *sigcntxp ); } 418-420 AUE_NULL RESERVED -421 AUE_NULL STD|CAPENABLED { +421 AUE_NULL STD|SYSFIL_THREAD|CAPENABLED { int getcontext( _Out_ _Contains_long_ptr_ struct __ucontext *ucp ); } -422 AUE_NULL STD|CAPENABLED { +422 AUE_NULL STD|SYSFIL_THREAD|CAPENABLED { int setcontext( _In_ _Contains_long_ptr_ const struct __ucontext *ucp ); } -423 AUE_NULL STD { +423 AUE_NULL STD|SYSFIL_THREAD { int swapcontext( _Out_ _Contains_long_ptr_ struct __ucontext *oucp, _In_ _Contains_long_ptr_ const struct __ucontext *ucp @@ -2252,81 +2253,81 @@ _In_z_ const char *name ); } -425 AUE_ACL_GET_LINK STD { +425 AUE_ACL_GET_LINK STD|SYSFIL_PATH|SYSFIL_ACL { int __acl_get_link( _In_z_ const char *path, acl_type_t type, _Out_ struct acl *aclp ); } -426 AUE_ACL_SET_LINK STD { +426 AUE_ACL_SET_LINK STD|SYSFIL_PATH|SYSFIL_FATTR|SYSFIL_ACL { int __acl_set_link( _In_z_ const char *path, acl_type_t type, _In_ struct acl *aclp ); } -427 AUE_ACL_DELETE_LINK STD { +427 AUE_ACL_DELETE_LINK STD|SYSFIL_PATH|SYSFIL_FATTR|SYSFIL_ACL { int __acl_delete_link( _In_z_ const char *path, acl_type_t type ); } -428 AUE_ACL_CHECK_LINK STD { +428 AUE_ACL_CHECK_LINK STD|SYSFIL_PATH|SYSFIL_ACL { int __acl_aclcheck_link( _In_z_ const char *path, acl_type_t type, _In_ struct acl *aclp ); } -429 AUE_SIGWAIT STD|CAPENABLED { +429 AUE_SIGWAIT STD|SYSFIL_SIGWAIT|CAPENABLED { int sigwait( _In_ const sigset_t *set, _Out_ int *sig ); } -430 AUE_THR_CREATE STD|CAPENABLED { +430 AUE_THR_CREATE STD|SYSFIL_THREAD|CAPENABLED { int thr_create( _In_ _Contains_long_ptr_ ucontext_t *ctx, _Out_ long *id, int flags ); } -431 AUE_THR_EXIT STD|CAPENABLED { +431 AUE_THR_EXIT STD|SYSFIL_THREAD|CAPENABLED { void thr_exit( _Out_opt_ long *state ); } -432 AUE_NULL STD|CAPENABLED { +432 AUE_NULL STD|SYSFIL_THREAD_|CAPENABLED { int thr_self( _Out_ long *id ); } -433 AUE_THR_KILL STD|CAPENABLED { +433 AUE_THR_KILL STD|SYSFIL_THREAD_|CAPENABLED { int thr_kill( long id, int sig ); } -434 AUE_NULL COMPAT10 { +434 AUE_NULL COMPAT10|SYSFIL_THREAD { int _umtx_lock( _Inout_ struct umtx *umtx ); } -435 AUE_NULL COMPAT10 { +435 AUE_NULL COMPAT10|SYSFIL_THREAD { int _umtx_unlock( _Inout_ struct umtx *umtx ); } -436 AUE_JAIL_ATTACH STD { +436 AUE_JAIL_ATTACH STD|SYSFIL_JAIL { int jail_attach( int jid ); } -437 AUE_EXTATTR_LIST_FD STD|CAPENABLED { +437 AUE_EXTATTR_LIST_FD STD|SYSFIL_EXTATTR|CAPENABLED { ssize_t extattr_list_fd( int fd, int attrnamespace, @@ -2334,7 +2335,7 @@ size_t nbytes ); } -438 AUE_EXTATTR_LIST_FILE STD { +438 AUE_EXTATTR_LIST_FILE STD|SYSFIL_PATH|SYSFIL_EXTATTR { ssize_t extattr_list_file( _In_z_ const char *path, int attrnamespace, @@ -2342,7 +2343,7 @@ size_t nbytes ); } -439 AUE_EXTATTR_LIST_LINK STD { +439 AUE_EXTATTR_LIST_LINK STD|SYSFIL_PATH|SYSFIL_EXTATTR { ssize_t extattr_list_link( _In_z_ const char *path, int attrnamespace, @@ -2351,79 +2352,79 @@ ); } 440 AUE_NULL OBSOL kse_switchin -441 AUE_SEMWAIT NOSTD { +441 AUE_SEMWAIT NOSTD|SYSFIL_POSIXSEM { int ksem_timedwait( semid_t id, _In_opt_ _Contains_long_timet_ const struct timespec *abstime ); } -442 AUE_NULL STD|CAPENABLED { +442 AUE_NULL STD|SYSFIL_THREAD|CAPENABLED { int thr_suspend( _In_opt_ _Contains_long_timet_ const struct timespec *timeout ); } -443 AUE_NULL STD|CAPENABLED { +443 AUE_NULL STD|SYSFIL_THREAD|CAPENABLED { int thr_wake( long id ); } -444 AUE_MODUNLOAD STD { +444 AUE_MODUNLOAD STD|SYSFIL_KMOD { int kldunloadf( int fileid, int flags ); } -445 AUE_AUDIT STD { +445 AUE_AUDIT STD|SYSFIL_AUDIT { int audit( _In_reads_bytes_(length) const void *record, u_int length ); } -446 AUE_AUDITON STD { +446 AUE_AUDITON STD|SYSFIL_AUDIT { int auditon( int cmd, _In_opt_ void *data, u_int length ); } -447 AUE_GETAUID STD|CAPENABLED { +447 AUE_GETAUID STD|SYSFIL_AUDIT|CAPENABLED { int getauid( _Out_ uid_t *auid ); } -448 AUE_SETAUID STD|CAPENABLED { +448 AUE_SETAUID STD|SYSFIL_AUDIT|CAPENABLED { int setauid( _In_ uid_t *auid ); } -449 AUE_GETAUDIT STD|CAPENABLED { +449 AUE_GETAUDIT STD|SYSFIL_AUDIT|CAPENABLED { int getaudit( _Out_ struct auditinfo *auditinfo ); } -450 AUE_SETAUDIT STD|CAPENABLED { +450 AUE_SETAUDIT STD|SYSFIL_AUDIT|CAPENABLED { int setaudit( _In_ struct auditinfo *auditinfo ); } -451 AUE_GETAUDIT_ADDR STD|CAPENABLED { +451 AUE_GETAUDIT_ADDR STD|SYSFIL_AUDIT|CAPENABLED { int getaudit_addr( _Out_writes_bytes_(length) struct auditinfo_addr *auditinfo_addr, u_int length ); } -452 AUE_SETAUDIT_ADDR STD|CAPENABLED { +452 AUE_SETAUDIT_ADDR STD|SYSFIL_AUDIT|CAPENABLED { int setaudit_addr( _In_reads_bytes_(length) struct auditinfo_addr *auditinfo_addr, u_int length ); } -453 AUE_AUDITCTL STD { +453 AUE_AUDITCTL STD|SYSFIL_AUDIT { int auditctl( _In_z_ const char *path ); } -454 AUE_NULL STD|CAPENABLED { +454 AUE_NULL STD|SYSFIL_THREAD|CAPENABLED { int _umtx_op( _Inout_ void *obj, int op, @@ -2432,13 +2433,13 @@ _In_ void *uaddr2 ); } -455 AUE_THR_NEW STD|CAPENABLED { +455 AUE_THR_NEW STD|SYSFIL_THREAD|CAPENABLED { int thr_new( _In_ _Contains_long_ptr_ struct thr_param *param, int param_size ); } -456 AUE_NULL STD|CAPENABLED { +456 AUE_NULL STD|SYSFIL_SIGSEND|CAPENABLED { int sigqueue( pid_t pid, int signum, @@ -2446,7 +2447,7 @@ ); } -457 AUE_MQ_OPEN NOSTD { +457 AUE_MQ_OPEN NOSTD|SYSFIL_FDESC|SYSFIL_POSIXMSG { int kmq_open( _In_z_ const char *path, int flags, @@ -2454,14 +2455,14 @@ _In_opt_ _Contains_long_ const struct mq_attr *attr ); } -458 AUE_MQ_SETATTR NOSTD|CAPENABLED { +458 AUE_MQ_SETATTR NOSTD|SYSFIL_POSIXMSG|CAPENABLED { int kmq_setattr( int mqd, _In_opt_ _Contains_long_ const struct mq_attr *attr, _Out_opt_ _Contains_long_ struct mq_attr *oattr ); } -459 AUE_MQ_TIMEDRECEIVE NOSTD|CAPENABLED { +459 AUE_MQ_TIMEDRECEIVE NOSTD|SYSFIL_POSIXMSG|CAPENABLED { int kmq_timedreceive( int mqd, _Out_writes_bytes_(msg_len) char *msg_ptr, @@ -2470,7 +2471,7 @@ _In_opt_ _Contains_long_timet_ const struct timespec *abs_timeout ); } -460 AUE_MQ_TIMEDSEND NOSTD|CAPENABLED { +460 AUE_MQ_TIMEDSEND NOSTD|SYSFIL_POSIXMSG|CAPENABLED { int kmq_timedsend( int mqd, _In_reads_bytes_(msg_len) const char *msg_ptr, @@ -2479,37 +2480,37 @@ _In_opt_ _Contains_long_timet_ const struct timespec *abs_timeout ); } -461 AUE_MQ_NOTIFY NOSTD|CAPENABLED { +461 AUE_MQ_NOTIFY NOSTD|SYSFIL_POSIXMSG|CAPENABLED { int kmq_notify( int mqd, _In_opt_ _Contains_long_ptr_ const struct sigevent *sigev ); } -462 AUE_MQ_UNLINK NOSTD { +462 AUE_MQ_UNLINK NOSTD|SYSFIL_POSIXMSG { int kmq_unlink( _In_z_ const char *path ); } -463 AUE_NULL STD|CAPENABLED { +463 AUE_NULL STD|SYSFIL_ALWAYS|CAPENABLED { void abort2( _In_z_ const char *why, int nargs, _In_reads_(nargs) void **args ); } -464 AUE_NULL STD|CAPENABLED { +464 AUE_NULL STD|SYSFIL_THREAD|CAPENABLED { int thr_set_name( long id, _In_z_ const char *name ); } -465 AUE_AIO_FSYNC STD|CAPENABLED { +465 AUE_AIO_FSYNC STD|SYSFIL_AIO|CAPENABLED { int aio_fsync( int op, _In_ _Contains_long_ptr_ struct aiocb *aiocbp ); } -466 AUE_RTPRIO STD|CAPENABLED { +466 AUE_RTPRIO STD|SYSFIL_THREAD|SYSFIL_SCHED|CAPENABLED { int rtprio_thread( int function, lwpid_t lwpid, @@ -2517,13 +2518,13 @@ ); } 467-470 AUE_NULL RESERVED -471 AUE_SCTP_PEELOFF NOSTD|CAPENABLED { +471 AUE_SCTP_PEELOFF NOSTD|SYSFIL_FDESC|SYSFIL_SOCK|CAPENABLED { int sctp_peeloff( int sd, uint32_t name ); } -472 AUE_SCTP_GENERIC_SENDMSG NOSTD|CAPENABLED { +472 AUE_SCTP_GENERIC_SENDMSG NOSTD|SYSFIL_SOCKIO|CAPENABLED { int sctp_generic_sendmsg( int sd, _In_reads_bytes_(mlen) void *msg, @@ -2534,7 +2535,7 @@ int flags ); } -473 AUE_SCTP_GENERIC_SENDMSG_IOV NOSTD|CAPENABLED { +473 AUE_SCTP_GENERIC_SENDMSG_IOV NOSTD|SYSFIL_SOCKIO|CAPENABLED { int sctp_generic_sendmsg_iov( int sd, _In_reads_(iovlen) _Contains_long_ptr_ struct iovec *iov, @@ -2545,7 +2546,7 @@ int flags ); } -474 AUE_SCTP_GENERIC_RECVMSG NOSTD|CAPENABLED { +474 AUE_SCTP_GENERIC_RECVMSG NOSTD|SYSFIL_SOCKIO|CAPENABLED { int sctp_generic_recvmsg( int sd, _In_reads_(iovlen) _Contains_long_ptr_ struct iovec *iov, @@ -2556,7 +2557,7 @@ _Out_opt_ int *msg_flags ); } -475 AUE_PREAD STD|CAPENABLED { +475 AUE_PREAD STD|SYSFIL_CORE|CAPENABLED { ssize_t pread( int fd, _Out_writes_bytes_(nbyte) void *buf, @@ -2564,7 +2565,7 @@ off_t offset ); } -476 AUE_PWRITE STD|CAPENABLED { +476 AUE_PWRITE STD|SYSFIL_CORE|CAPENABLED { ssize_t pwrite( int fd, _In_reads_bytes_(nbyte) const void *buf, @@ -2572,7 +2573,7 @@ off_t offset ); } -477 AUE_MMAP STD|CAPENABLED { +477 AUE_MMAP STD|SYSFIL_MMAN|CAPENABLED { void *mmap( _In_ void *addr, size_t len, @@ -2582,57 +2583,57 @@ off_t pos ); } -478 AUE_LSEEK STD|CAPENABLED { +478 AUE_LSEEK STD|SYSFIL_CORE|CAPENABLED { off_t lseek( int fd, off_t offset, int whence ); } -479 AUE_TRUNCATE STD { +479 AUE_TRUNCATE STD|SYSFIL_WPATH { int truncate( _In_z_ const char *path, off_t length ); } -480 AUE_FTRUNCATE STD|CAPENABLED { +480 AUE_FTRUNCATE STD|SYSFIL_CORE|CAPENABLED { int ftruncate( int fd, off_t length ); } -481 AUE_THR_KILL2 STD { +481 AUE_THR_KILL2 STD|SYSFIL_THREAD { int thr_kill2( pid_t pid, long id, int sig ); } -482 AUE_SHMOPEN COMPAT12|CAPENABLED { +482 AUE_SHMOPEN COMPAT12|SYSFIL_FDESC|SYSFIL_POSIXSHM_|CAPENABLED { int shm_open( _In_z_ const char *path, int flags, mode_t mode ); } -483 AUE_SHMUNLINK STD { +483 AUE_SHMUNLINK STD|SYSFIL_POSIXSHM { int shm_unlink( _In_z_ const char *path ); } -484 AUE_NULL STD { +484 AUE_NULL STD|SYSFIL_CPUSET { int cpuset( _Out_ cpusetid_t *setid ); } -485 AUE_NULL STD { +485 AUE_NULL STD|SYSFIL_CPUSET { int cpuset_setid( cpuwhich_t which, id_t id, cpusetid_t setid ); } -486 AUE_NULL STD { +486 AUE_NULL STD|SYSFIL_CPUSET { int cpuset_getid( cpulevel_t level, cpuwhich_t which, @@ -2640,7 +2641,7 @@ _Out_ cpusetid_t *setid ); } -487 AUE_NULL STD|CAPENABLED { +487 AUE_NULL STD|SYSFIL_CPUSET_|CAPENABLED { int cpuset_getaffinity( cpulevel_t level, cpuwhich_t which, @@ -2649,7 +2650,7 @@ _Out_ cpuset_t *mask ); } -488 AUE_NULL STD|CAPENABLED { +488 AUE_NULL STD|SYSFIL_CPUSET_|CAPENABLED { int cpuset_setaffinity( cpulevel_t level, cpuwhich_t which, @@ -2658,7 +2659,7 @@ _Out_ const cpuset_t *mask ); } -489 AUE_FACCESSAT STD|CAPENABLED { +489 AUE_FACCESSAT STD|SYSFIL_PATH|CAPENABLED { int faccessat( int fd, _In_z_ const char *path, @@ -2666,7 +2667,7 @@ int flag ); } -490 AUE_FCHMODAT STD|CAPENABLED { +490 AUE_FCHMODAT STD|SYSFIL_PATH|SYSFIL_FATTR|CAPENABLED { int fchmodat( int fd, _In_z_ const char *path, @@ -2674,7 +2675,7 @@ int flag ); } -491 AUE_FCHOWNAT STD|CAPENABLED { +491 AUE_FCHOWNAT STD|SYSFIL_PATH|SYSFIL_FATTR|CAPENABLED { int fchownat( int fd, _In_z_ const char *path, @@ -2683,14 +2684,14 @@ int flag ); } -492 AUE_FEXECVE STD|CAPENABLED { +492 AUE_FEXECVE STD|SYSFIL_EXEC|CAPENABLED { int fexecve( int fd, _In_ char **argv, _In_ char **envv ); } -493 AUE_FSTATAT COMPAT11|CAPENABLED { +493 AUE_FSTATAT COMPAT11|SYSFIL_RPATH|CAPENABLED { int fstatat( int fd, _In_z_ const char *path, @@ -2698,14 +2699,14 @@ int flag ); } -494 AUE_FUTIMESAT STD|CAPENABLED { +494 AUE_FUTIMESAT STD|SYSFIL_PATH|SYSFIL_FATTR|CAPENABLED { int futimesat( int fd, _In_z_ const char *path, _In_reads_(2) _Contains_long_timet_ const struct timeval *times ); } -495 AUE_LINKAT STD|CAPENABLED { +495 AUE_LINKAT STD|SYSFIL_CPATH|CAPENABLED { int linkat( int fd1, _In_z_ const char *path1, @@ -2714,21 +2715,21 @@ int flag ); } -496 AUE_MKDIRAT STD|CAPENABLED { +496 AUE_MKDIRAT STD|SYSFIL_CPATH|CAPENABLED { int mkdirat( int fd, _In_z_ const char *path, mode_t mode ); } -497 AUE_MKFIFOAT STD|CAPENABLED { +497 AUE_MKFIFOAT STD|SYSFIL_CPATH|CAPENABLED { int mkfifoat( int fd, _In_z_ const char *path, mode_t mode ); } -498 AUE_MKNODAT COMPAT11|CAPENABLED { +498 AUE_MKNODAT COMPAT11|SYSFIL_CPATH|CAPENABLED { int mknodat( int fd, _In_z_ const char *path, @@ -2737,7 +2738,7 @@ ); } ; XXX: see the comment for open -499 AUE_OPENAT_RWTC STD|CAPENABLED { +499 AUE_OPENAT_RWTC STD|SYSFIL_FDESC|SYSFIL_PATH|CAPENABLED { int openat( int fd, _In_z_ const char *path, @@ -2745,7 +2746,7 @@ mode_t mode ); } -500 AUE_READLINKAT STD|CAPENABLED { +500 AUE_READLINKAT STD|SYSFIL_RPATH|CAPENABLED { ssize_t readlinkat( int fd, _In_z_ const char *path, @@ -2753,7 +2754,7 @@ size_t bufsize ); } -501 AUE_RENAMEAT STD|CAPENABLED { +501 AUE_RENAMEAT STD|SYSFIL_CPATH|SYSFIL_DPATH|CAPENABLED { int renameat( int oldfd, _In_z_ const char *old, @@ -2761,21 +2762,21 @@ _In_z_ const char *new ); } -502 AUE_SYMLINKAT STD|CAPENABLED { +502 AUE_SYMLINKAT STD|SYSFIL_CPATH|CAPENABLED { int symlinkat( _In_z_ const char *path1, int fd, _In_z_ const char *path2 ); } -503 AUE_UNLINKAT STD|CAPENABLED { +503 AUE_UNLINKAT STD|SYSFIL_DPATH|CAPENABLED { int unlinkat( int fd, _In_z_ const char *path, int flag ); } -504 AUE_POSIX_OPENPT STD { +504 AUE_POSIX_OPENPT STD|SYSFIL_FDESC|SYSFIL_TTY { int posix_openpt( int flags ); @@ -2786,31 +2787,31 @@ _In_z_ const char *path ); } -506 AUE_JAIL_GET STD { +506 AUE_JAIL_GET STD|SYSFIL_JAIL { int jail_get( _In_reads_(iovcnt) _Contains_long_ptr_ struct iovec *iovp, unsigned int iovcnt, int flags ); } -507 AUE_JAIL_SET STD { +507 AUE_JAIL_SET STD|SYSFIL_JAIL { int jail_set( _In_reads_(iovcnt) _Contains_long_ptr_ struct iovec *iovp, unsigned int iovcnt, int flags ); } -508 AUE_JAIL_REMOVE STD { +508 AUE_JAIL_REMOVE STD|SYSFIL_JAIL { int jail_remove( int jid ); } -509 AUE_CLOSEFROM COMPAT12|CAPENABLED { +509 AUE_CLOSEFROM COMPAT12|SYSFIL_FDESC|CAPENABLED { int closefrom( int lowfd ); } -510 AUE_SEMCTL NOSTD { +510 AUE_SEMCTL NOSTD|SYSFIL_SYSVSEM { int __semctl( int semid, int semnum, @@ -2818,62 +2819,62 @@ _Inout_ _Contains_ptr_ union semun *arg ); } -511 AUE_MSGCTL NOSTD { +511 AUE_MSGCTL NOSTD|SYSFIL_SYSVMSG { int msgctl( int msqid, int cmd, _Inout_opt_ _Contains_long_ptr_ struct msqid_ds *buf ); } -512 AUE_SHMCTL NOSTD { +512 AUE_SHMCTL NOSTD|SYSFIL_SYSVSHM { int shmctl( int shmid, int cmd, _Inout_opt_ _Contains_long_ struct shmid_ds *buf ); } -513 AUE_LPATHCONF STD { +513 AUE_LPATHCONF STD|SYSFIL_PATH { int lpathconf( _In_z_ const char *path, int name ); } 514 AUE_NULL OBSOL cap_new -515 AUE_CAP_RIGHTS_GET STD|CAPENABLED { +515 AUE_CAP_RIGHTS_GET STD|SYSFIL_CAPCOMPAT|CAPENABLED { int __cap_rights_get( int version, int fd, _Out_ cap_rights_t *rightsp ); } -516 AUE_CAP_ENTER STD|CAPENABLED { +516 AUE_CAP_ENTER STD|SYSFIL_CAPCOMPAT|CAPENABLED { int cap_enter(void); } -517 AUE_CAP_GETMODE STD|CAPENABLED { +517 AUE_CAP_GETMODE STD|SYSFIL_CAPCOMPAT|CAPENABLED { int cap_getmode( _Out_ u_int *modep ); } -518 AUE_PDFORK STD|CAPENABLED { +518 AUE_PDFORK STD|SYSFIL_FDESC|SYSFIL_FORK|CAPENABLED { int pdfork( _Out_ int *fdp, int flags ); } -519 AUE_PDKILL STD|CAPENABLED { +519 AUE_PDKILL STD|SYSFIL_SIGSEND|CAPENABLED { int pdkill( int fd, int signum ); } -520 AUE_PDGETPID STD|CAPENABLED { +520 AUE_PDGETPID STD|SYSFIL_WAIT|CAPENABLED { int pdgetpid( int fd, _Out_ pid_t *pidp ); } 521 AUE_NULL RESERVED -522 AUE_SELECT STD|CAPENABLED { +522 AUE_SELECT STD|SYSFIL_CORE|CAPENABLED { int pselect( int nd, _Inout_opt_ fd_set *in, @@ -2883,13 +2884,13 @@ _In_opt_ const sigset_t *sm ); } -523 AUE_GETLOGINCLASS STD|CAPENABLED { +523 AUE_GETLOGINCLASS STD|SYSFIL_GETCRED|CAPENABLED { int getloginclass( _Out_writes_z_(namelen) char *namebuf, size_t namelen ); } -524 AUE_SETLOGINCLASS STD { +524 AUE_SETLOGINCLASS STD|SYSFIL_SETCRED { int setloginclass( _In_z_ const char *namebuf ); @@ -2934,14 +2935,14 @@ size_t outbuflen ); } -530 AUE_POSIX_FALLOCATE STD|CAPENABLED { +530 AUE_POSIX_FALLOCATE STD|SYSFIL_CORE|CAPENABLED { int posix_fallocate( int fd, off_t offset, off_t len ); } -531 AUE_POSIX_FADVISE STD { +531 AUE_POSIX_FADVISE STD|SYSFIL_CORE { int posix_fadvise( int fd, off_t offset, @@ -2949,7 +2950,7 @@ int advice ); } -532 AUE_WAIT6 STD { +532 AUE_WAIT6 STD|SYSFIL_WAIT { int wait6( idtype_t idtype, id_t id, @@ -2959,39 +2960,39 @@ _Out_opt_ _Contains_long_ptr_ struct siginfo *info ); } -533 AUE_CAP_RIGHTS_LIMIT STD|CAPENABLED { +533 AUE_CAP_RIGHTS_LIMIT STD|SYSFIL_CAPCOMPAT|CAPENABLED { int cap_rights_limit( int fd, _In_ cap_rights_t *rightsp ); } -534 AUE_CAP_IOCTLS_LIMIT STD|CAPENABLED { +534 AUE_CAP_IOCTLS_LIMIT STD|SYSFIL_CAPCOMPAT|CAPENABLED { int cap_ioctls_limit( int fd, _In_reads_(ncmds) const u_long *cmds, size_t ncmds ); } -535 AUE_CAP_IOCTLS_GET STD|CAPENABLED { +535 AUE_CAP_IOCTLS_GET STD|SYSFIL_CAPCOMPAT|CAPENABLED { ssize_t cap_ioctls_get( int fd, _Out_writes_(maxcmds) u_long *cmds, size_t maxcmds ); } -536 AUE_CAP_FCNTLS_LIMIT STD|CAPENABLED { +536 AUE_CAP_FCNTLS_LIMIT STD|SYSFIL_CAPCOMPAT|CAPENABLED { int cap_fcntls_limit( int fd, uint32_t fcntlrights ); } -537 AUE_CAP_FCNTLS_GET STD|CAPENABLED { +537 AUE_CAP_FCNTLS_GET STD|SYSFIL_CAPCOMPAT|CAPENABLED { int cap_fcntls_get( int fd, _Out_ uint32_t *fcntlrightsp ); } -538 AUE_BINDAT STD|CAPENABLED { +538 AUE_BINDAT STD|SYSFIL_SOCK|CAPENABLED { int bindat( int fd, int s, @@ -2999,7 +3000,7 @@ __socklen_t namelen ); } -539 AUE_CONNECTAT STD|CAPENABLED { +539 AUE_CONNECTAT STD|SYSFIL_SOCK|CAPENABLED { int connectat( int fd, int s, @@ -3007,7 +3008,7 @@ __socklen_t namelen ); } -540 AUE_CHFLAGSAT STD|CAPENABLED { +540 AUE_CHFLAGSAT STD|SYSFIL_PATH|SYSFIL_FATTR|CAPENABLED { int chflagsat( int fd, _In_z_ const char *path, @@ -3015,7 +3016,7 @@ int atflag ); } -541 AUE_ACCEPT STD|CAPENABLED { +541 AUE_ACCEPT STD|SYSFIL_FDESC|SYSFIL_SOCK|CAPENABLED { int accept4( int s, _Out_writes_bytes_opt_(*anamelen) struct sockaddr *name, @@ -3023,18 +3024,18 @@ int flags ); } -542 AUE_PIPE STD|CAPENABLED { +542 AUE_PIPE STD|SYSFIL_FDESC|CAPENABLED { int pipe2( _Out_writes_(2) int *fildes, int flags ); } -543 AUE_AIO_MLOCK STD { +543 AUE_AIO_MLOCK STD|SYSFIL_AIO|SYSFIL_MLOCK { int aio_mlock( _In_ _Contains_long_ptr_ struct aiocb *aiocbp ); } -544 AUE_PROCCTL STD { +544 AUE_PROCCTL STD|SYSFIL_PROCCTL { int procctl( idtype_t idtype, id_t id, @@ -3042,7 +3043,7 @@ _In_opt_ void *data ); } -545 AUE_POLL STD|CAPENABLED { +545 AUE_POLL STD|SYSFIL_CORE|CAPENABLED { int ppoll( _Inout_updates_(nfds) struct pollfd *fds, u_int nfds, @@ -3050,13 +3051,13 @@ _In_opt_ const sigset_t *set ); } -546 AUE_FUTIMES STD|CAPENABLED { +546 AUE_FUTIMES STD|SYSFIL_FATTR|CAPENABLED { int futimens( int fd, _In_reads_(2) _Contains_long_timet_ const struct timespec *times ); } -547 AUE_FUTIMESAT STD|CAPENABLED { +547 AUE_FUTIMESAT STD|SYSFIL_PATH|SYSFIL_FATTR|CAPENABLED { int utimensat( int fd, _In_z_ const char *path, @@ -3066,18 +3067,18 @@ } 548 AUE_NULL OBSOL numa_getaffinity 549 AUE_NULL OBSOL numa_setaffinity -550 AUE_FSYNC STD|CAPENABLED { +550 AUE_FSYNC STD|SYSFIL_CORE|CAPENABLED { int fdatasync( int fd ); } -551 AUE_FSTAT STD|CAPENABLED { +551 AUE_FSTAT STD|SYSFIL_CORE|CAPENABLED { int fstat( int fd, _Out_ _Contains_long_timet_ struct stat *sb ); } -552 AUE_FSTATAT STD|CAPENABLED { +552 AUE_FSTATAT STD|SYSFIL_RPATH|CAPENABLED { int fstatat( int fd, _In_z_ const char *path, @@ -3085,13 +3086,13 @@ int flag ); } -553 AUE_FHSTAT STD { +553 AUE_FHSTAT STD|SYSFIL_RPATH|SYSFIL_FH { int fhstat( _In_ const struct fhandle *u_fhp, _Out_ _Contains_long_timet_ struct stat *sb ); } -554 AUE_GETDIRENTRIES STD|CAPENABLED { +554 AUE_GETDIRENTRIES STD|SYSFIL_RPATH|CAPENABLED { ssize_t getdirentries( int fd, _Out_writes_bytes_(count) char *buf, @@ -3099,32 +3100,32 @@ _Out_ off_t *basep ); } -555 AUE_STATFS STD { +555 AUE_STATFS STD|SYSFIL_RPATH { int statfs( _In_z_ const char *path, _Out_ struct statfs *buf ); } -556 AUE_FSTATFS STD|CAPENABLED { +556 AUE_FSTATFS STD|SYSFIL_RPATH|CAPENABLED { int fstatfs( int fd, _Out_ struct statfs *buf ); } -557 AUE_GETFSSTAT STD { +557 AUE_GETFSSTAT STD|SYSFIL_RPATH { int getfsstat( _Out_writes_bytes_opt_(bufsize) struct statfs *buf, long bufsize, int mode ); } -558 AUE_FHSTATFS STD { +558 AUE_FHSTATFS STD|SYSFIL_RPATH|SYSFIL_FH { int fhstatfs( _In_ const struct fhandle *u_fhp, _Out_ struct statfs *buf ); } -559 AUE_MKNODAT STD|CAPENABLED { +559 AUE_MKNODAT STD|SYSFIL_CPATH|CAPENABLED { int mknodat( int fd, _In_z_ const char *path, @@ -3132,7 +3133,7 @@ dev_t dev ); } -560 AUE_KEVENT STD|CAPENABLED { +560 AUE_KEVENT STD|SYSFIL_CORE|CAPENABLED { int kevent( int fd, _In_reads_opt_(nchanges) _Contains_ptr_ const struct kevent *changelist, @@ -3142,7 +3143,7 @@ _In_opt_ _Contains_long_timet_ const struct timespec *timeout ); } -561 AUE_NULL STD|CAPENABLED { +561 AUE_NULL STD|SYSFIL_CPUSET_|CAPENABLED { int cpuset_getdomain( cpulevel_t level, cpuwhich_t which, @@ -3152,7 +3153,7 @@ _Out_ int *policy ); } -562 AUE_NULL STD|CAPENABLED { +562 AUE_NULL STD|SYSFIL_CPUSET_|CAPENABLED { int cpuset_setdomain( cpulevel_t level, cpuwhich_t which, @@ -3162,14 +3163,14 @@ int policy ); } -563 AUE_NULL STD|CAPENABLED { +563 AUE_NULL STD|SYSFIL_CORE|CAPENABLED { int getrandom( _Out_writes_bytes_(buflen) void *buf, size_t buflen, unsigned int flags ); } -564 AUE_NULL STD { +564 AUE_NULL STD|SYSFIL_PATH|SYSFIL_FH { int getfhat( int fd, _In_z_ char *path, @@ -3177,27 +3178,27 @@ int flags ); } -565 AUE_NULL STD { +565 AUE_NULL STD|SYSFIL_CPATH|SYSFIL_FH { int fhlink( _In_ struct fhandle *fhp, _In_z_ const char *to ); } -566 AUE_NULL STD { +566 AUE_NULL STD|SYSFIL_CPATH|SYSFIL_FH { int fhlinkat( _In_ struct fhandle *fhp, int tofd, _In_z_ const char *to, ); } -567 AUE_NULL STD { +567 AUE_NULL STD|SYSFIL_RPATH|SYSFIL_FH { int fhreadlink( _In_ struct fhandle *fhp, _Out_writes_(bufsize) char *buf, size_t bufsize ); } -568 AUE_UNLINKAT STD|CAPENABLED { +568 AUE_UNLINKAT STD|SYSFIL_DPATH|CAPENABLED { int funlinkat( int dfd, _In_z_ const char *path, @@ -3205,7 +3206,7 @@ int flag ); } -569 AUE_NULL STD|CAPENABLED { +569 AUE_NULL STD|SYSFIL_CORE|CAPENABLED { ssize_t copy_file_range( int infd, _Inout_opt_ off_t *inoffp, @@ -3215,7 +3216,7 @@ unsigned int flags ); } -570 AUE_SYSCTL STD|CAPENABLED { +570 AUE_SYSCTL STD|SYSFIL_SYSINFO|CAPENABLED { int __sysctlbyname( _In_reads_(namelen) const char *name, size_t namelen, @@ -3225,7 +3226,7 @@ size_t newlen ); } -571 AUE_SHMOPEN STD|CAPENABLED { +571 AUE_SHMOPEN STD|SYSFIL_FDESC|SYSFIL_POSIXSHM_|CAPENABLED { int shm_open2( _In_z_ const char *path, int flags, @@ -3234,20 +3235,20 @@ _In_z_ const char *name ); } -572 AUE_SHMRENAME STD { +572 AUE_SHMRENAME STD|SYSFIL_POSIXSHM { int shm_rename( _In_z_ const char *path_from, _In_z_ const char *path_to, int flags ); } -573 AUE_NULL STD|CAPENABLED { +573 AUE_NULL STD|SYSFIL_SIGMASK|CAPENABLED { int sigfastblock( int cmd, _Inout_opt_ uint32_t *ptr ); } -574 AUE_REALPATHAT STD { +574 AUE_REALPATHAT STD|SYSFIL_PATH { int __realpathat( int fd, _In_z_ const char *path, @@ -3256,7 +3257,7 @@ int flags ); } -575 AUE_CLOSERANGE STD|CAPENABLED { +575 AUE_CLOSERANGE STD|SYSFIL_FDESC|CAPENABLED { int close_range( u_int lowfd, u_int highfd, @@ -3270,24 +3271,24 @@ _In_z_ const char *path ); } -577 AUE_SPECIALFD STD|CAPENABLED { +577 AUE_SPECIALFD STD|SYSFIL_FDESC|CAPENABLED { int __specialfd( int type, _In_reads_bytes_(len) const void *req, size_t len ); } -578 AUE_AIO_WRITEV STD|CAPENABLED { +578 AUE_AIO_WRITEV STD|SYSFIL_AIO|CAPENABLED { int aio_writev( _Inout_ _Contains_long_ptr_ struct aiocb *aiocbp ); } -579 AUE_AIO_READV STD|CAPENABLED { +579 AUE_AIO_READV STD|SYSFIL_AIO|CAPENABLED { int aio_readv( _Inout_ _Contains_long_ptr_ struct aiocb *aiocbp ); } -580 AUE_FSPACECTL STD|CAPENABLED { +580 AUE_FSPACECTL STD|SYSFIL_CORE|CAPENABLED { int fspacectl( int fd, int cmd, @@ -3296,7 +3297,7 @@ _Out_opt_ struct spacectl_range *rmsr, ); } -581 AUE_NULL STD|CAPENABLED { +581 AUE_NULL STD|SYSFIL_SCHED|CAPENABLED { int sched_getcpu(void); } Index: sys/kern/sysv_msg.c =================================================================== --- sys/kern/sysv_msg.c +++ sys/kern/sysv_msg.c @@ -301,11 +301,13 @@ osd_free_reserved(rsv); sx_sunlock(&allprison_lock); - error = syscall_helper_register(msg_syscalls, SY_THR_STATIC_KLD); + error = syscall_helper_register(msg_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error != 0) return (error); #ifdef COMPAT_FREEBSD32 - error = syscall32_helper_register(msg32_syscalls, SY_THR_STATIC_KLD); + error = syscall32_helper_register(msg32_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error != 0) return (error); #endif Index: sys/kern/sysv_sem.c =================================================================== --- sys/kern/sysv_sem.c +++ sys/kern/sysv_sem.c @@ -332,11 +332,13 @@ osd_free_reserved(rsv); sx_sunlock(&allprison_lock); - error = syscall_helper_register(sem_syscalls, SY_THR_STATIC_KLD); + error = syscall_helper_register(sem_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error != 0) return (error); #ifdef COMPAT_FREEBSD32 - error = syscall32_helper_register(sem32_syscalls, SY_THR_STATIC_KLD); + error = syscall32_helper_register(sem32_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error != 0) return (error); #endif Index: sys/kern/sysv_shm.c =================================================================== --- sys/kern/sysv_shm.c +++ sys/kern/sysv_shm.c @@ -990,11 +990,13 @@ osd_free_reserved(rsv); sx_sunlock(&allprison_lock); - error = syscall_helper_register(shm_syscalls, SY_THR_STATIC_KLD); + error = syscall_helper_register(shm_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error != 0) return (error); #ifdef COMPAT_FREEBSD32 - error = syscall32_helper_register(shm32_syscalls, SY_THR_STATIC_KLD); + error = syscall32_helper_register(shm32_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error != 0) return (error); #endif Index: sys/kern/uipc_mqueue.c =================================================================== --- sys/kern/uipc_mqueue.c +++ sys/kern/uipc_mqueue.c @@ -2889,11 +2889,13 @@ { int error; - error = syscall_helper_register(mq_syscalls, SY_THR_STATIC_KLD); + error = syscall_helper_register(mq_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error != 0) return (error); #ifdef COMPAT_FREEBSD32 - error = syscall32_helper_register(mq32_syscalls, SY_THR_STATIC_KLD); + error = syscall32_helper_register(mq32_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error != 0) return (error); #endif Index: sys/kern/uipc_sem.c =================================================================== --- sys/kern/uipc_sem.c +++ sys/kern/uipc_sem.c @@ -1038,11 +1038,13 @@ p31b_setcfg(CTL_P1003_1B_SEM_NSEMS_MAX, SEM_MAX); p31b_setcfg(CTL_P1003_1B_SEM_VALUE_MAX, SEM_VALUE_MAX); - error = syscall_helper_register(ksem_syscalls, SY_THR_STATIC_KLD); + error = syscall_helper_register(ksem_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error) return (error); #ifdef COMPAT_FREEBSD32 - error = syscall32_helper_register(ksem32_syscalls, SY_THR_STATIC_KLD); + error = syscall32_helper_register(ksem32_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error) return (error); #endif Index: sys/kern/vfs_cache.c =================================================================== --- sys/kern/vfs_cache.c +++ sys/kern/vfs_cache.c @@ -4245,6 +4245,10 @@ cache_fpl_aborted_early(fpl); return (false); } + if (CRED_IN_VFS_VEILED_MODE(cnp->cn_cred)) { + cache_fpl_aborted_early(fpl); + return (false); + } if (AUDITING_TD(td)) { cache_fpl_aborted_early(fpl); return (false); Index: sys/kern/vfs_syscalls.c =================================================================== --- sys/kern/vfs_syscalls.c +++ sys/kern/vfs_syscalls.c @@ -76,6 +76,7 @@ #include #include #include +#include #ifdef KTRACE #include #endif @@ -1164,6 +1165,8 @@ /* Set the flags early so the finit in devfs can pick them up. */ fp->f_flag = flags & FMASK; cmode = ((mode & ~pdp->pd_cmask) & ALLPERMS) & ~S_ISTXT; + if (!CRED_HAS_SYSFIL(td->td_ucred, SYSFIL_FMODE_SPECIAL)) + cmode &= ACCESSPERMS; NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1 | WANTIOCTLCAPS, pathseg, path, fd, &rights); td->td_dupfd = -1; /* XXX check for fdopen */ @@ -2869,6 +2872,8 @@ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); VATTR_NULL(&vattr); vattr.va_mode = mode & ALLPERMS; + if (!CRED_HAS_SYSFIL(td->td_ucred, SYSFIL_FMODE_SPECIAL)) + vattr.va_mode &= ACCESSPERMS; #ifdef MAC error = mac_vnode_check_setmode(cred, vp, vattr.va_mode); if (error == 0) Index: sys/security/mac/mac_framework.c =================================================================== --- sys/security/mac/mac_framework.c +++ sys/security/mac/mac_framework.c @@ -704,6 +704,13 @@ if (error1 == EDEADLK || error2 == EDEADLK) return (EDEADLK); + /* Precedence for errors that should send signals. */ + if (error1 == ESYSFILKILL || error2 == ESYSFILKILL) + return (ESYSFILKILL); + + if (error1 == ESYSFILTRAP || error2 == ESYSFILTRAP) + return (ESYSFILTRAP); + /* Invalid arguments should be reported where possible. */ if (error1 == EINVAL || error2 == EINVAL) return (EINVAL); Index: sys/sys/capsicum.h =================================================================== --- sys/sys/capsicum.h +++ sys/sys/capsicum.h @@ -420,8 +420,6 @@ #include -#define IN_CAPABILITY_MODE(td) (((td)->td_ucred->cr_flags & CRED_FLAG_CAPMODE) != 0) - struct filedesc; struct filedescent; Index: sys/sys/errno.h =================================================================== --- sys/sys/errno.h +++ sys/sys/errno.h @@ -181,10 +181,12 @@ #define ENOTRECOVERABLE 95 /* State not recoverable */ #define EOWNERDEAD 96 /* Previous owner died */ #define EINTEGRITY 97 /* Integrity check failed */ +#define ESYSFILTRAP 98 +#define ESYSFILKILL 99 #endif /* _POSIX_SOURCE */ #ifndef _POSIX_SOURCE -#define ELAST 97 /* Must be equal largest errno */ +#define ELAST 99 /* Must be equal largest errno */ #endif /* _POSIX_SOURCE */ #if defined(_KERNEL) || defined(_WANT_KERNEL_ERRNO) || defined(_STANDALONE) Index: sys/sys/proc.h =================================================================== --- sys/sys/proc.h +++ sys/sys/proc.h @@ -69,6 +69,7 @@ #endif #include #include +#include #include #include @@ -855,6 +856,16 @@ #define P_TREE_REAPER 0x00000004 /* Reaper of subtree */ #define P_TREE_GRPEXITED 0x00000008 /* exit1() done with job ctl */ +/* + * The general notion of a process being "restricted" is used for checks that + * should be done for both Capsicum and pledge(). + */ +#define PROC_IN_RESTRICTED_MODE(p) CRED_IN_RESTRICTED_MODE((p)->p_ucred) +#define PROC_IN_CAPABILITY_MODE(p) CRED_IN_CAPABILITY_MODE((p)->p_ucred) + +#define IN_RESTRICTED_MODE(td) CRED_IN_RESTRICTED_MODE((td)->td_ucred) +#define IN_CAPABILITY_MODE(td) CRED_IN_CAPABILITY_MODE((td)->td_ucred) + /* * These were process status values (p_stat), now they are only used in * legacy conversion code. Index: sys/sys/signal.h =================================================================== --- sys/sys/signal.h +++ sys/sys/signal.h @@ -418,6 +418,7 @@ /* message on an empty message queue. */ #define SI_KERNEL 0x10006 #define SI_LWP 0x10007 /* Signal sent by thr_kill */ +#define SI_SYSFIL 0x10008 /* Signal sent due to sysfil violation */ #endif #if __BSD_VISIBLE #define SI_UNDEFINED 0 Index: sys/sys/sysent.h =================================================================== --- sys/sys/sysent.h +++ sys/sys/sysent.h @@ -35,6 +35,7 @@ #define _SYS_SYSENT_H_ #include +#include struct rlimit; struct sysent; @@ -68,8 +69,8 @@ sy_call_t *sy_call; /* implementing function */ systrace_args_func_t sy_systrace_args_func; /* optional argument conversion function. */ + sysfilset_t sy_flags; /* Syscall filter bitmap. */ u_int8_t sy_narg; /* number of arguments */ - u_int8_t sy_flags; /* General flags for system calls. */ au_event_t sy_auevent; /* audit event associated with syscall */ u_int32_t sy_entry; /* DTrace entry ID for systrace. */ u_int32_t sy_return; /* DTrace return ID for systrace. */ @@ -77,9 +78,23 @@ }; /* - * A system call is permitted in capability mode. + * NOTE: The sysfils bitmap in sy_flags is bitwise inverted from what one would + * probably expect. The UNSET bits represent the sysfils that are required for + * a process to perform the syscall (while the set bits are sysfils that do not + * influence the decision). + * + * This is to maintain the meaning of literal flags values passed to + * SYSCALL_INIT_HELPER_F() and the meaning of flags values in pre-generated + * syscall tables. For this to work, SYF_CAPENABLED must match the value of + * SYSFIL_NOTCAPMODE. */ -#define SYF_CAPENABLED 0x00000001 + +#define SYF_CAPENABLED 1 /* permitted in capability mode */ +#define SYF_SYSFILS(sfs) ~(sfs) /* other required sysfils */ + +#ifdef _KERNEL +_Static_assert(SYF_CAPENABLED == SYSFIL_NOTCAPMODE, ""); +#endif #define SY_THR_FLAGMASK 0x7 #define SY_THR_STATIC 0x1 @@ -300,6 +315,9 @@ .syscall_no = NO_SYSCALL \ } +#define SY_HLP_STATIC SY_THR_STATIC +#define SY_HLP_PRESERVE_SYFLAGS 0x10000 + int syscall_module_handler(struct module *mod, int what, void *arg); int syscall_helper_register(struct syscall_helper_data *sd, int flags); int syscall_helper_unregister(struct syscall_helper_data *sd); Index: sys/sys/sysfil.h =================================================================== --- /dev/null +++ sys/sys/sysfil.h @@ -0,0 +1,124 @@ +#ifndef _SYS_SYSFIL_H_ +#define _SYS_SYSFIL_H_ + +#ifdef _KERNEL +#include +#else +#include +#endif + +/* + * Some kernel functionality requires certain sysfil bits to be enabled in the + * process' ucred. Most notably, each syscall has a set of required sysfils. + * Note that sysfils do not ever grant any privileges by themselves. They are + * merely a pre-requirement. + */ + +typedef uint64_t sysfilset_t; + +#define SYSFIL_NONE ((sysfilset_t)0) +#define SYSFIL_IDX(i) ((sysfilset_t)1 << (i)) +#define SYSFIL_FULL ((sysfilset_t)-1) + +/* + * The Capsicum sysfil must come first. See comments in sysent.h about + * SYF_CAPENABLED. For a process, this sysfil bit represents the state of NOT + * being in capability mode. This is because sysfils generally increase a + * process' permissions, while capability mode decreases it. + */ +#define SYSFIL_NOTCAPMODE SYSFIL_IDX(0) /* NOT in capability mode */ + +#define SYSFIL_CORE SYSFIL_IDX(1) /* essentials and generic I/O */ +#define SYSFIL_MMAN SYSFIL_IDX(2) /* memory management */ +#define SYSFIL_FDESC SYSFIL_IDX(3) /* file descriptor management */ +#define SYSFIL_CLOCK SYSFIL_IDX(4) /* read system clocks */ +#define SYSFIL_TIMER SYSFIL_IDX(5) /* per-process timers usage */ +#define SYSFIL_SIGHAND SYSFIL_IDX(6) /* change signal handlers */ +#define SYSFIL_SIGMASK SYSFIL_IDX(7) /* signal masking */ +#define SYSFIL_SIGWAIT SYSFIL_IDX(8) /* waiting on signals */ +#define SYSFIL_STATUS SYSFIL_IDX(9) /* misc. info on current proc */ +#define SYSFIL_SYSINFO SYSFIL_IDX(10) /* sysctl, misc. info syscalls */ +#define SYSFIL_THREAD SYSFIL_IDX(11) /* thread mgmt, _umtx_op(2) */ +#define SYSFIL_SCHED SYSFIL_IDX(12) /* inspect/change sched. params */ +#define SYSFIL_POSIXRT SYSFIL_IDX(13) /* POSIX.1b sched/timers */ +#define SYSFIL_FATTR SYSFIL_IDX(14) /* changing file attributes */ +#define SYSFIL_FLOCK SYSFIL_IDX(15) /* advisory file locking */ +#define SYSFIL_PATH SYSFIL_IDX(16) /* misc. operations with paths */ +#define SYSFIL_RPATH SYSFIL_IDX(17) /* reading at paths */ +#define SYSFIL_WPATH SYSFIL_IDX(18) /* writing at paths */ +#define SYSFIL_CPATH SYSFIL_IDX(19) /* creating paths */ +#define SYSFIL_DPATH SYSFIL_IDX(20) /* deleting paths*/ +#define SYSFIL_SOCKIO SYSFIL_IDX(21) /* sendmsg/recvmsg, sockopts */ +#define SYSFIL_SOCK SYSFIL_IDX(22) /* misc. socket operations */ +#define SYSFIL_TTY SYSFIL_IDX(23) /* revoke(2)/posix_openpt(2) */ +#define SYSFIL_WAIT SYSFIL_IDX(24) /* child process wait/status */ +#define SYSFIL_FORK SYSFIL_IDX(25) /* forking, pgrps, sessions */ +#define SYSFIL_EXEC SYSFIL_IDX(26) /* execve(2)/fexecve(2) */ +#define SYSFIL_RLIMIT SYSFIL_IDX(27) /* change resource limits */ +#define SYSFIL_GETCRED SYSFIL_IDX(28) /* inspect uid/gids/login/etc */ +#define SYSFIL_SETCRED SYSFIL_IDX(29) /* change uid/gids/login/etc */ +#define SYSFIL_PROCCTL SYSFIL_IDX(30) /* procctl(2)/curtainctl(2) */ +#define SYSFIL_QUOTA SYSFIL_IDX(31) /* inspect/change quotas */ +#define SYSFIL_FMODE_SPECIAL SYSFIL_IDX(32) /* use non-ACCESSPERMS mode bits */ +#define SYSFIL_EXTATTR SYSFIL_IDX(33) /* inspect/modify extattrs */ +#define SYSFIL_ACL SYSFIL_IDX(34) /* inspect/modify ACLs */ +#define SYSFIL_MAC SYSFIL_IDX(35) /* inspect/manage MAC labels */ +#define SYSFIL_AIO SYSFIL_IDX(36) /* aio(4) */ +#define SYSFIL_SENDFILE SYSFIL_IDX(37) /* sendfile(2) */ +#define SYSFIL_MLOCK SYSFIL_IDX(38) /* locking pages in memory */ +#define SYSFIL_SYSVSHM SYSFIL_IDX(39) /* SysV shared memory */ +#define SYSFIL_SYSVSEM SYSFIL_IDX(40) /* SysV semaphores */ +#define SYSFIL_SYSVMSG SYSFIL_IDX(41) /* SysV message queues */ +#define SYSFIL_POSIXSHM SYSFIL_IDX(42) /* POSIX shared memory */ +#define SYSFIL_POSIXSEM SYSFIL_IDX(43) /* POSIX semaphores */ +#define SYSFIL_POSIXMSG SYSFIL_IDX(44) /* POSIX message queues */ +#define SYSFIL_FFCLOCK SYSFIL_IDX(45) /* "feed-forward clock" */ +#define SYSFIL_CPUSET SYSFIL_IDX(46) /* cpuset(2) */ +#define SYSFIL_CHROOT SYSFIL_IDX(47) /* chroot(2) */ +#define SYSFIL_JAIL SYSFIL_IDX(48) /* inspect/manage jails */ +#define SYSFIL_TRACE SYSFIL_IDX(49) /* ktrace(2)/ptrace(2) */ +#define SYSFIL_RFORK SYSFIL_IDX(50) /* non-RFSPAWN rfork(2) */ +#define SYSFIL_MOUNT SYSFIL_IDX(51) /* mount points management */ +#define SYSFIL_AUDIT SYSFIL_IDX(52) /* audit(4) context/mgmt */ +#define SYSFIL_FH SYSFIL_IDX(53) /* getfh(2) and friends */ +#define SYSFIL_SETTIME SYSFIL_IDX(54) /* set system clock */ +#define SYSFIL_KMOD SYSFIL_IDX(55) /* inspect/manage kernel modules */ +#define SYSFIL__UNUSED56 SYSFIL_IDX(56) +#define SYSFIL__UNUSED57 SYSFIL_IDX(57) +#define SYSFIL__UNUSED58 SYSFIL_IDX(58) +#define SYSFIL__UNUSED59 SYSFIL_IDX(59) +#define SYSFIL__UNUSED60 SYSFIL_IDX(60) +#define SYSFIL__UNUSED61 SYSFIL_IDX(61) +#define SYSFIL__UNUSED62 SYSFIL_IDX(62) +#define SYSFIL_CATCHALL SYSFIL_IDX(63) /* misc. unsafe operations */ + +/* + * Some syscalls are assigned sysfils that may seem to be less restrictive than + * they should be. These syscalls will be doing their own checking and only + * allow safe operations. These aliases are used to keep track of them and + * make it explicit. + */ + +/* Very small set of operations that should always be allowed. */ +#define SYSFIL_ALWAYS SYSFIL_NONE +/* Allow to enter/check capability mode and manage file descriptor rights/limits, etc. */ +#define SYSFIL_CAPCOMPAT SYSFIL_CORE +/* Can signal self, other processes depending on visibility checks */ +#define SYSFIL_SIGSEND SYSFIL_CORE +/* Can do certain operations on self. */ +#define SYSFIL_THREAD_ SYSFIL_CORE +#define SYSFIL_CPUSET_ SYSFIL_SCHED +/* Allow RFSPAWN with just SYSFIL_FORK. */ +#define SYSFIL_RFORK_ SYSFIL_FORK +/* Creation of anonymous memory objects are allowed. */ +#define SYSFIL_POSIXSHM_ SYSFIL_MMAN +/* Retrieving correction delta with adjtime(2) is allowed. */ +#define SYSFIL_SETTIME_ SYSFIL_CLOCK + + +#define SYSFILSET_IN_RESTRICTED_MODE(sfs) (~(sfs) != 0) +#define SYSFILSET_IN_CAPABILITY_MODE(sfs) (((sfs) & SYSFIL_NOTCAPMODE) == 0) +#define SYSFILSET_IN_VFS_VEILED_MODE(sfs) (((sfs) & SYSFIL_CATCHALL) == 0) +#define SYSFILSET_MATCH(have, need) (((need) & ~(have)) == 0) + +#endif Index: sys/sys/ucred.h =================================================================== --- sys/sys/ucred.h +++ sys/sys/ucred.h @@ -40,6 +40,7 @@ #include #endif #include +#include struct loginclass; @@ -58,7 +59,9 @@ * * See "Credential management" comment in kern_prot.c for more information. */ + #if defined(_KERNEL) || defined(_WANT_UCRED) + struct ucred { struct mtx cr_mtx; u_int cr_ref; /* (c) reference count */ @@ -75,16 +78,37 @@ struct uidinfo *cr_ruidinfo; /* per ruid resource consumption */ struct prison *cr_prison; /* jail(2) */ struct loginclass *cr_loginclass; /* login class */ - u_int cr_flags; /* credential flags */ - void *cr_pspare2[2]; /* general use 2 */ +#ifndef NOSYSFIL + sysfilset_t cr_sysfilset; /* permitted sysfils */ +#endif + void *cr_pspare2[2]; /* general use 2 */ #define cr_endcopy cr_label struct label *cr_label; /* MAC label */ gid_t *cr_groups; /* groups */ int cr_agroups; /* Available groups */ gid_t cr_smallgroups[XU_NGROUPS]; /* storage for small groups */ }; + #define NOCRED ((struct ucred *)0) /* no credential available */ #define FSCRED ((struct ucred *)-1) /* filesystem credential */ + + +#ifdef NOSYSFIL +#define CRED_IN_RESTRICTED_MODE(cr) 0 +#define CRED_IN_CAPABILITY_MODE(cr) 0 +#define CRED_IN_VFS_VEILED_MODE(cr) 0 +#define CRED_HAS_SYSFIL(cr, need) 1 +#else +#define CRED_IN_RESTRICTED_MODE(cr) \ + SYSFILSET_IN_RESTRICTED_MODE((cr)->cr_sysfilset) +#define CRED_IN_CAPABILITY_MODE(cr) \ + SYSFILSET_IN_CAPABILITY_MODE((cr)->cr_sysfilset) +#define CRED_IN_VFS_VEILED_MODE(cr) \ + SYSFILSET_IN_VFS_VEILED_MODE((cr)->cr_sysfilset) +#define CRED_HAS_SYSFIL(cr, need) \ + SYSFILSET_MATCH((cr)->cr_sysfilset, need) +#endif + #endif /* _KERNEL || _WANT_UCRED */ /* Index: sys/sys/user.h =================================================================== --- sys/sys/user.h +++ sys/sys/user.h @@ -112,6 +112,7 @@ /* Flags for the process credential. */ #define KI_CRF_CAPABILITY_MODE 0x00000001 +#define KI_CRF_RESTRICTED_MODE 0x00000002 /* * Steal a bit from ki_cr_flags to indicate that the cred had more than * KI_NGROUPS groups. Index: sys/tools/makesyscalls.lua =================================================================== --- sys/tools/makesyscalls.lua +++ sys/tools/makesyscalls.lua @@ -1057,9 +1057,10 @@ end process_syscall_def = function(line) - local sysstart, sysend, flags, funcname, sysflags + local sysstart, sysend, flags, funcname, sysflags, capenabled local thr_flag, syscallret local orig = line + local sysfils_list = {} flags = 0 thr_flag = "SY_THR_STATIC" @@ -1094,10 +1095,14 @@ -- Split flags for flag in allflags:gmatch("([^|]+)") do - if known_flags[flag] == nil then - abort(1, "Unknown flag " .. flag .. " for " .. sysnum) + if flag:match("^SYSFIL_") then + sysfils_list[#sysfils_list + 1] = flag + else + if known_flags[flag] == nil then + abort(1, "Unknown flag " .. flag .. " for " .. sysnum) + end + flags = flags | known_flags[flag] end - flags = flags | known_flags[flag] end if (flags & get_mask({"RESERVED", "UNIMPL"})) == 0 and sysnum == nil then @@ -1213,8 +1218,6 @@ funcomment = funcname end - sysflags = "0" - -- NODEF events do not get audited if flags & known_flags['NODEF'] ~= 0 then auditev = 'AUE_NULL' @@ -1226,9 +1229,23 @@ if flags & known_flags['CAPENABLED'] ~= 0 or config["capenabled"][funcname] ~= nil or config["capenabled"][stripped_name] ~= nil then - sysflags = "SYF_CAPENABLED" + capenabled = true + else + capenabled = false end + if #sysfils_list == 0 then + -- Assume that syscall entries without any sysfil + -- keywords should be restricted. Syscalls that + -- shouldn't require any sysfils should use + -- SYSFIL_ALWAYS. + sysfils_list[#sysfils_list + 1] = "SYSFIL_CATCHALL" + end + if not capenabled then + sysfils_list[#sysfils_list + 1] = "SYSFIL_NOTCAPMODE" + end + sysflags = "SYF_SYSFILS(" .. (table.concat(sysfils_list, " | ")) .. ")" + local funcargs = {} local changes_abi = false if args ~= nil then Index: usr.bin/procstat/procstat_cred.c =================================================================== --- usr.bin/procstat/procstat_cred.c +++ usr.bin/procstat/procstat_cred.c @@ -65,8 +65,9 @@ xo_emit("{:rgid/%5d} ", kipp->ki_rgid); xo_emit("{:svgid/%5d} ", kipp->ki_svgid); xo_emit("{:umask/%5s} ", get_umask(procstat, kipp)); - xo_emit("{:cr_flags/%s}", kipp->ki_cr_flags & CRED_FLAG_CAPMODE ? - "C" : "-"); + xo_emit("{:cr_flags/%c%c}", + kipp->ki_cr_flags & KI_CRF_CAPABILITY_MODE ? 'C' : '-', + kipp->ki_cr_flags & KI_CRF_RESTRICTED_MODE ? 'R' : '-'); xo_emit("{P: }"); groups = NULL;