Index: bin/ps/print.c =================================================================== --- bin/ps/print.c +++ bin/ps/print.c @@ -277,8 +277,10 @@ *cp++ = 'V'; if ((flag & P_SYSTEM) || k->ki_p->ki_lock > 0) *cp++ = 'L'; - if ((k->ki_p->ki_cr_flags & CRED_FLAG_CAPMODE) != 0) + if ((k->ki_p->ki_cr_flags & KI_CRF_CAPABILITY_MODE) != 0) *cp++ = 'C'; + if ((k->ki_p->ki_cr_flags & KI_CRF_SYSCALLS_FILTER) != 0) + *cp++ = 'F'; if (k->ki_p->ki_kiflag & KI_SLEADER) *cp++ = 's'; if ((flag & P_CONTROLT) && k->ki_p->ki_pgid == k->ki_p->ki_tpgid) Index: lib/libkvm/kvm_proc.c =================================================================== --- lib/libkvm/kvm_proc.c +++ lib/libkvm/kvm_proc.c @@ -149,7 +149,11 @@ kp->ki_svuid = ucred.cr_svuid; kp->ki_rgid = ucred.cr_rgid; kp->ki_svgid = ucred.cr_svgid; - kp->ki_cr_flags = ucred.cr_flags; + kp->ki_cr_flags = 0; + if ((ucred.cr_flags & CRED_FLAG_CAPMODE) != 0) + kp->ki_cr_flags |= KI_CRF_CAPABILITY_MODE; + if ((ucred.cr_flags & CRED_FLAG_SYSFILT) != 0) + kp->ki_cr_flags |= KI_CRF_SYSCALLS_FILTER; if (ucred.cr_ngroups > KI_NGROUPS) { kp->ki_ngroups = KI_NGROUPS; kp->ki_cr_flags |= KI_CRF_GRP_OVERFLOW; Index: share/man/man9/syscall_helper_register.9 =================================================================== --- share/man/man9/syscall_helper_register.9 +++ share/man/man9/syscall_helper_register.9 @@ -43,13 +43,13 @@ .Ft struct syscall_helper_data .Fn SYSCALL_INIT_HELPER "syscallname" .Ft struct syscall_helper_data -.Fn SYSCALL_INIT_HELPER_F "syscallname" "int flags" +.Fn SYSCALL_INIT_HELPER_F "syscallname" "int syflags" .\" .Ss COMPATIBILITY INITIALIZER MACROS .Ft struct syscall_helper_data .Fn SYSCALL_INIT_HELPER_COMPAT "syscallname" .Ft struct syscall_helper_data -.Fn SYSCALL_INIT_HELPER_COMPAT_F "syscallname" "int flags" +.Fn SYSCALL_INIT_HELPER_COMPAT_F "syscallname" "int syflags" .\" .Sh DESCRIPTION The @@ -68,13 +68,26 @@ }; .Ed .Pp -The only valid flag for the +Valid flags for the .Fa flags argument to .Fn syscall_helper_register -is -.Dv SY_THR_STATIC . -This flag prevents the syscall from being unregistered. +are: +.Bl -tag -width ".Dv SY_HLP_PRESERVE_SYFLAGS" +.It Dv SY_THR_STATIC +Prevents the syscall from being unregistered. +.It Dv SY_THR_STATIC_KLD +Will be equal to SY_THR_STATIC when not compiling a +.Xr kld 4 +module. Will be 0 otherwise. +.It Dv SY_HLP_PRESERVE_SYFLAGS +Preserve the +.Fa syflags +(see below) +of the existing syscall. +Useful when flags are already specified in +.Pa syscalls.master . +.El .\" .Pp Before use, the structure must be initialized with one of the @@ -87,11 +100,22 @@ For legacy syscall functions named without "sys_" prefixes, the "COMPAT" versions of the macros may be used. .Pp -The only valid flag for the -.Fa flags -argument to the "F" variants of the initializer macros is -.Dv SYF_CAPENABLED . -This flag indicates that the syscall is allowed in capability mode. +Valid flags for the +.Fa syflags +argument to the "F" variants of the initializer macros are: +.Bl -tag -width ".Dv SYF_CAPENABLED" +.It Dv SYF_CAPENABLED +Indicates that the syscall is allowed in +.Xr capsicum 4 +capability mode. +.It Dv SYF_SYSCAT() +Specifies a "category" for the syscall. +This is used by the mac_curtain +.Xr mac 4 +module to restrict syscalls. +Categories are defined in +.In sys/syscat.h . +.El .Pp The .Fn syscall_helper_unregister @@ -119,7 +143,9 @@ The .Fa flags argument contained a value other than -.Dv SY_THR_STATIC . +.Dv SY_THR_STATIC +or +.Dv SY_HLP_PRESERVE_SYFLAGS . .It Bq Er EINVAL The specified syscall number, .Dv sd.syscall_no Index: sys/amd64/amd64/vm_machdep.c =================================================================== --- sys/amd64/amd64/vm_machdep.c +++ sys/amd64/amd64/vm_machdep.c @@ -83,6 +83,8 @@ #include #include +#include + _Static_assert(OFFSETOF_MONITORBUF == offsetof(struct pcpu, pc_monitorbuf), "OFFSETOF_MONITORBUF does not correspond with offset of pc_monitorbuf."); @@ -527,6 +529,13 @@ error = pget(id, PGET_CANSEE | PGET_NOTWEXIT | PGET_NOTID, &p); if (error != 0) break; +#ifdef MAC + error = mac_proc_check_procctl(td->td_ucred, p, com, data); + if (error != 0) { + PROC_UNLOCK(p); + break; + } +#endif switch (com) { case PROC_KPTI_CTL: cpu_procctl_kpti_ctl(p, val); Index: sys/compat/linux/linux_errno.inc =================================================================== --- sys/compat/linux/linux_errno.inc +++ sys/compat/linux/linux_errno.inc @@ -156,9 +156,11 @@ [ENOTRECOVERABLE] = -LINUX_ENOTRECOVERABLE, [EOWNERDEAD] = -LINUX_EOWNERDEAD, [EINTEGRITY] = -LINUX_EINVAL, /* XXX */ + [EMACTRAP] = -LINUX_EPERM, + [EMACKILL] = -LINUX_EPERM, }; -_Static_assert(ELAST == 97, +_Static_assert(ELAST == 99, "missing errno entries in linux_errtbl"); static const int linux_to_bsd_errtbl[LINUX_ELAST + 1] = { Index: sys/compat/linuxkpi/common/src/linux_compat.c =================================================================== --- sys/compat/linuxkpi/common/src/linux_compat.c +++ sys/compat/linuxkpi/common/src/linux_compat.c @@ -1840,7 +1840,7 @@ vp = filp->f_vnode; vn_lock(vp, LK_SHARED | LK_RETRY); - error = VOP_STAT(vp, sb, curthread->td_ucred, NOCRED); + error = VOP_STAT(vp, sb, curthread->td_ucred, fp->f_cred); VOP_UNLOCK(vp); return (error); Index: sys/conf/files =================================================================== --- sys/conf/files +++ sys/conf/files @@ -5085,6 +5085,7 @@ security/mac/mac_audit.c optional mac audit security/mac/mac_cred.c optional mac security/mac/mac_framework.c optional mac +security/mac/mac_generic.c optional mac security/mac/mac_inet.c optional mac inet | mac inet6 security/mac/mac_inet6.c optional mac inet6 security/mac/mac_label.c optional mac Index: sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c =================================================================== --- sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c +++ sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c @@ -91,9 +91,17 @@ #include #include +#include + #ifndef VN_OPEN_INVFS #define VN_OPEN_INVFS 0x0 #endif +#ifndef VN_OPEN_MACWALKCONTINUE +#define VN_OPEN_MACWALKCONTINUE 0x0 +#endif +#ifndef MACWALKCONTINUE +#define MACWALKCONTINUE 0x0 +#endif VFS_SMR_DECLARE; @@ -5344,14 +5352,19 @@ if (error != 0) return (error); +#ifdef MAC + mac_vnode_walk_transfer(td->td_ucred, ap->a_vp, xvp); +#endif flags = FREAD; #if __FreeBSD_version < 1400043 - NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, attrname, - xvp, td); + NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW | MACWALKCONTINUE, UIO_SYSSPACE, + attrname, xvp, td); #else - NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, attrname, xvp); + NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW | MACWALKCONTINUE, UIO_SYSSPACE, + attrname, xvp); #endif - error = vn_open_cred(&nd, &flags, 0, VN_OPEN_INVFS, ap->a_cred, NULL); + error = vn_open_cred(&nd, &flags, 0, VN_OPEN_INVFS | + VN_OPEN_MACWALKCONTINUE, ap->a_cred, NULL); vp = nd.ni_vp; NDFREE_PNBUF(&nd); if (error != 0) @@ -5489,12 +5502,15 @@ if (error != 0) return (error); +#ifdef MAC + mac_vnode_walk_transfer(ap->a_td->td_ucred, ap->a_vp, xvp); +#endif #if __FreeBSD_version < 1400043 - NDINIT_ATVP(&nd, DELETE, NOFOLLOW | LOCKPARENT | LOCKLEAF, - UIO_SYSSPACE, attrname, xvp, ap->a_td); + NDINIT_ATVP(&nd, DELETE, NOFOLLOW | LOCKPARENT | LOCKLEAF | + MACWALKCONTINUE, UIO_SYSSPACE, attrname, xvp, ap->a_td); #else - NDINIT_ATVP(&nd, DELETE, NOFOLLOW | LOCKPARENT | LOCKLEAF, - UIO_SYSSPACE, attrname, xvp); + NDINIT_ATVP(&nd, DELETE, NOFOLLOW | LOCKPARENT | LOCKLEAF | + MACWALKCONTINUE, UIO_SYSSPACE, attrname, xvp); #endif error = namei(&nd); vp = nd.ni_vp; @@ -5634,14 +5650,19 @@ if (error != 0) return (error); +#ifdef MAC + mac_vnode_walk_transfer(td->td_ucred, ap->a_vp, xvp); +#endif flags = FFLAGS(O_WRONLY | O_CREAT); #if __FreeBSD_version < 1400043 - NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, attrname, xvp, td); + NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW | MACWALKCONTINUE, UIO_SYSSPACE, + attrname, xvp, td); #else - NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, attrname, xvp); + NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW | MACWALKCONTINUE, UIO_SYSSPACE, + attrname, xvp); #endif - error = vn_open_cred(&nd, &flags, 0600, VN_OPEN_INVFS, ap->a_cred, - NULL); + error = vn_open_cred(&nd, &flags, 0600, VN_OPEN_INVFS | + VN_OPEN_MACWALKCONTINUE, ap->a_cred, NULL); vp = nd.ni_vp; NDFREE_PNBUF(&nd); if (error != 0) @@ -5821,12 +5842,15 @@ return (error); } +#ifdef MAC + mac_vnode_walk_transfer(td->td_ucred, ap->a_vp, xvp); +#endif #if __FreeBSD_version < 1400043 - NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | LOCKSHARED, - UIO_SYSSPACE, ".", xvp, td); + NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | LOCKSHARED | + MACWALKCONTINUE, UIO_SYSSPACE, ".", xvp, td); #else - NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | LOCKSHARED, - UIO_SYSSPACE, ".", xvp); + NDINIT_ATVP(&nd, LOOKUP, NOFOLLOW | LOCKLEAF | LOCKSHARED | + MACWALKCONTINUE, UIO_SYSSPACE, ".", xvp); #endif error = namei(&nd); vp = nd.ni_vp; Index: sys/fs/fdescfs/fdesc_vnops.c =================================================================== --- sys/fs/fdescfs/fdesc_vnops.c +++ sys/fs/fdescfs/fdesc_vnops.c @@ -61,6 +61,8 @@ #include +#include + #define NFDCACHE 4 #define FD_NHASH(ix) \ (&fdhashtbl[(ix) & fdhash]) @@ -330,6 +332,27 @@ */ if ((error = fget(td, fd, &cap_no_rights, &fp)) != 0) goto bad; +#ifdef MAC + if (mac_vnode_walk_needed(cnp->cn_cred) && fp->f_type == DTYPE_VNODE) { + /* The above fget() will push a new tracker entry for the + * target FD's vnode (if any) and make it the current entry. + * + * When not in nodup mode, rewind to the entry that was current + * before the fget() so that path lookup can continue from the + * fdescfs wrapper vnode. kern_openat() will retrieve the + * target FD after namei() returns. + * + * When in nodup mode, just continue path lookup from the entry + * pushed by fget(). The target FD's vnode will be returned + * directly instead of a wrapper vnode, so that's the vnode the + * MAC walk should continue from. It is very important that + * path lookup does NOT continue from the fdescfs vnode or the + * target FD's vnode could incorrectly inherit its permissions! + */ + if ((VFSTOFDESC(dvp->v_mount)->flags & FMNT_NODUP) == 0) + mac_vnode_walk_failed(cnp->cn_cred, 0); + } +#endif /* Check if we're looking up ourselves. */ if (VTOFDESC(dvp)->fd_ix == FD_DESC + fd) { Index: sys/kern/kern_cpuset.c =================================================================== --- sys/kern/kern_cpuset.c +++ sys/kern/kern_cpuset.c @@ -61,6 +61,7 @@ #include #include #include +#include #include #include @@ -72,6 +73,8 @@ #include #include +#include + #ifdef DDB #include #endif /* DDB */ @@ -1737,6 +1740,19 @@ !(which == CPU_WHICH_PID && id == td->td_proc->p_pid)) return (ECAPMODE); } +#ifdef MAC + if (level != CPU_LEVEL_WHICH || + (which != CPU_WHICH_TID && which != CPU_WHICH_PID)) { + /* + * Mostly the same as for Capsicum, but rely on a p_cansched() + * later on to restrict process/thread visiblity. + */ + int error; + error = mac_system_check_syscat(td->td_ucred, SY_CAT_CPUSET); + if (error != 0) + return (error); + } +#endif return (0); } Index: sys/kern/kern_descrip.c =================================================================== --- sys/kern/kern_descrip.c +++ sys/kern/kern_descrip.c @@ -79,11 +79,13 @@ #include #include #include +#include #include #include #include +#include #include #include @@ -540,6 +542,11 @@ break; case F_SETFD: +#ifdef MAC + error = mac_system_check_syscat(td->td_ucred, SY_CAT_FDESC); + if (error != 0) + break; +#endif error = EBADF; FILEDESC_XLOCK(fdp); fde = fdeget_noref(fdp, fd); @@ -628,7 +635,11 @@ error = EINVAL; break; } - +#ifdef MAC + error = mac_system_check_syscat(td->td_ucred, SY_CAT_FLOCK); + if (error != 0) + break; +#endif error = fget_unlocked(td, fd, &cap_flock_rights, &fp); if (error != 0) break; @@ -734,6 +745,11 @@ break; case F_GETLK: +#ifdef MAC + error = mac_system_check_syscat(td->td_ucred, SY_CAT_FLOCK); + if (error != 0) + break; +#endif error = fget_unlocked(td, fd, &cap_flock_rights, &fp); if (error != 0) break; @@ -768,6 +784,11 @@ break; case F_ADD_SEALS: +#ifdef MAC + error = mac_system_check_syscat(td->td_ucred, SY_CAT_FLOCK); + if (error != 0) + break; +#endif error = fget_unlocked(td, fd, &cap_no_rights, &fp); if (error != 0) break; @@ -776,6 +797,11 @@ break; case F_GET_SEALS: +#ifdef MAC + error = mac_system_check_syscat(td->td_ucred, SY_CAT_FLOCK); + if (error != 0) + break; +#endif error = fget_unlocked(td, fd, &cap_no_rights, &fp); if (error != 0) break; @@ -876,6 +902,11 @@ error = ECAPMODE; break; } +#endif +#ifdef MAC + error = mac_system_check_syscat(td->td_ucred, SY_CAT_SYSINFO); + if (error != 0) + break; #endif error = copyin((void *)arg, &kif_sz, sizeof(kif_sz)); if (error != 0) @@ -951,6 +982,11 @@ return (EBADF); if (new < 0) return (mode == FDDUP_FCNTL ? EINVAL : EBADF); +#ifdef MAC + error = mac_system_check_syscat(td->td_ucred, SY_CAT_FDESC); + if (error != 0) + return (error); +#endif maxfd = getmaxfd(td); if (new >= maxfd) return (mode == FDDUP_FCNTL ? EINVAL : EBADF); @@ -1194,6 +1230,12 @@ struct sigio *osigio, *sigio; int ret; +#ifdef MAC + ret = mac_system_check_syscat(curthread->td_ucred, SY_CAT_FORK); + if (ret) + return (ret); +#endif + if (pgid == 0) { funsetown(sigiop); return (0); @@ -1992,6 +2034,12 @@ FILEDESC_XLOCK_ASSERT(fdp); +#ifdef MAC + error = mac_system_check_syscat(td->td_ucred, SY_CAT_FDESC); + if (error != 0) + return (error); +#endif + if (fdp->fd_freefile > minfd) minfd = fdp->fd_freefile; @@ -2871,6 +2919,15 @@ data, ops); } +static inline void +_fget_unveil(struct thread *td, struct file *fp) +{ +#ifdef MAC + if (mac_vnode_walk_needed(td->td_ucred)) + mac_vnode_walk_start_fp(td->td_ucred, fp, true); +#endif +} + int fget_cap_noref(struct filedesc *fdp, int fd, cap_rights_t *needrightsp, struct file **fpp, struct filecaps *havecapsp) @@ -2897,6 +2954,7 @@ filecaps_copy(&fde->fde_caps, havecapsp, true); *fpp = fde->fde_file; + _fget_unveil(curthread, *fpp); error = 0; out: @@ -2933,6 +2991,7 @@ } *fpp = fp; + _fget_unveil(td, fp); return (0); get_locked: @@ -3247,6 +3306,7 @@ #endif const struct fdescenttbl *fdt; struct file *fp; + int error; #ifdef CAPABILITIES seqc_t seq; const cap_rights_t *haverights; @@ -3288,12 +3348,17 @@ #endif goto out_fdrop; *fpp = fp; - return (0); + goto out_success; out_fdrop: fdrop(fp, td); out_fallback: *fpp = NULL; - return (fget_unlocked_seq(td, fd, needrightsp, fpp, NULL)); + error = fget_unlocked_seq(td, fd, needrightsp, fpp, NULL); + if (error) + return (error); +out_success: + _fget_unveil(curthread, *fpp); + return (0); } /* @@ -3333,6 +3398,7 @@ if (__predict_false(error != 0)) return (error); *fpp = fp; + _fget_unveil(curthread, fp); return (0); } #else @@ -3354,6 +3420,7 @@ MPASS(refcount_load(&fp->f_count) > 0); *fpp = fp; + _fget_unveil(curthread, fp); return (0); } #endif @@ -3465,6 +3532,7 @@ if (maxprotp != NULL) *maxprotp = cap_rights_to_vmprot(&fdrights); *fpp = fp; + _fget_unveil(td, fp); return (0); #endif } @@ -3511,6 +3579,7 @@ return (error); } *fpp = fp; + _fget_unveil(td, fp); return (0); #endif } Index: sys/kern/kern_exec.c =================================================================== --- sys/kern/kern_exec.c +++ sys/kern/kern_exec.c @@ -586,6 +586,9 @@ if (credential_changing && #ifdef CAPABILITY_MODE ((oldcred->cr_flags & CRED_FLAG_CAPMODE) == 0) && +#endif +#ifdef MAC + (imgp->mac_restrictions & IMGACT_MAC_IGNORE_SETID) == 0 && #endif (imgp->vp->v_mount->mnt_flag & MNT_NOSUID) == 0 && (p->p_flag & P_TRACED) == 0) { @@ -660,6 +663,14 @@ goto exec_fail_dealloc; } +#ifdef MAC + if ((imgp->mac_restrictions & IMGACT_MAC_NO_BINARIES) != 0 && + imgp->interpreted != IMGACT_SHELL) { + error = EPERM; + goto exec_fail_dealloc; + } +#endif + /* * Special interpreter operation, cleanup and loop up to try to * activate the interpreter. @@ -770,6 +781,19 @@ sigacts_copy(newsigacts, oldsigacts); } + if ((imgp->sysent->sv_setid_allowed != NULL && + !(*imgp->sysent->sv_setid_allowed)(td, imgp)) || + (p->p_flag2 & P2_NO_NEW_PRIVS) != 0) + execve_nosetid(imgp); +#ifdef MAC + /* + * May modify imgp's newcred ((re)allocating it if needed) for + * credential alterations unrelated to set[ug]id execution or executed + * vnode label transitioning. Must be called without the process lock. + */ + mac_system_execve(oldcred, imgp); +#endif + vn_lock(imgp->vp, LK_SHARED | LK_RETRY); PROC_LOCK(p); @@ -809,11 +833,6 @@ signotify(td); } - if ((imgp->sysent->sv_setid_allowed != NULL && - !(*imgp->sysent->sv_setid_allowed)(td, imgp)) || - (p->p_flag2 & P2_NO_NEW_PRIVS) != 0) - execve_nosetid(imgp); - /* * Implement image setuid/setgid installation. */ @@ -1784,6 +1803,7 @@ return (error); #ifdef MAC + imgp->mac_restrictions = 0; /* may be modified by MAC policies */ error = mac_vnode_check_exec(td->td_ucred, imgp->vp, imgp); if (error) return (error); Index: sys/kern/kern_fork.c =================================================================== --- sys/kern/kern_fork.c +++ sys/kern/kern_fork.c @@ -75,6 +75,7 @@ #include #include #include +#include #include #include @@ -182,6 +183,11 @@ fr.fr_flags2 = FR2_DROPSIG_CAUGHT; } else { fr.fr_flags = uap->flags; +#ifdef MAC + error = mac_system_check_syscat(td->td_ucred, SY_CAT_RFORK); + if (error != 0) + return (error); +#endif } fr.fr_pidp = &pid; error = fork1(td, &fr); Index: sys/kern/kern_jail.c =================================================================== --- sys/kern/kern_jail.c +++ sys/kern/kern_jail.c @@ -2620,6 +2620,11 @@ if (error) goto e_revert_osd; +#ifdef MAC + if ((error = mac_vnode_walk_start_vp(td->td_ucred, pr->pr_root, + true)) != 0) + goto e_revert_osd; +#endif vn_lock(pr->pr_root, LK_EXCLUSIVE | LK_RETRY); if ((error = change_dir(pr->pr_root, td)) != 0) goto e_unlock; Index: sys/kern/kern_mib.c =================================================================== --- sys/kern/kern_mib.c +++ sys/kern/kern_mib.c @@ -693,6 +693,9 @@ SYSCTL_INT(_debug_sizeof, OID_AUTO, proc, CTLFLAG_RD, SYSCTL_NULL_INT_PTR, sizeof(struct proc), "sizeof(struct proc)"); +SYSCTL_INT(_debug_sizeof, OID_AUTO, ucred, CTLFLAG_RD, + SYSCTL_NULL_INT_PTR, sizeof(struct ucred), "sizeof(struct ucred)"); + static int sysctl_kern_pid_max(SYSCTL_HANDLER_ARGS) { Index: sys/kern/kern_proc.c =================================================================== --- sys/kern/kern_proc.c +++ sys/kern/kern_proc.c @@ -1078,6 +1078,8 @@ kp->ki_cr_flags = 0; if (cred->cr_flags & CRED_FLAG_CAPMODE) kp->ki_cr_flags |= KI_CRF_CAPABILITY_MODE; + if (cred->cr_flags & CRED_FLAG_SYSFILT) + kp->ki_cr_flags |= KI_CRF_SYSCALLS_FILTER; /* XXX bde doesn't like KI_NGROUPS */ if (cred->cr_ngroups > KI_NGROUPS) { kp->ki_ngroups = KI_NGROUPS; Index: sys/kern/kern_procctl.c =================================================================== --- sys/kern/kern_procctl.c +++ sys/kern/kern_procctl.c @@ -50,6 +50,8 @@ #include #include +#include + static int protect_setchild(struct thread *td, struct proc *p, int flags) { @@ -1030,6 +1032,12 @@ { PROC_LOCK_ASSERT(p, MA_OWNED); +#ifdef MAC + int error; + error = mac_proc_check_procctl(td->td_ucred, p, com, data); + if (error) + return (error); +#endif return (procctl_cmds_info[com].exec(td, p, data)); } Index: sys/kern/kern_prot.c =================================================================== --- sys/kern/kern_prot.c +++ sys/kern/kern_prot.c @@ -1909,6 +1909,10 @@ __func__, cr->cr_ref, cr)); if (cr->cr_ref > 0) { mtx_unlock(&cr->cr_mtx); +#ifdef MAC + if ((cr->cr_flags & CRED_FLAG_NEEDTRIM) != 0) + mac_cred_trim(cr); +#endif return; } crfree_final(cr); @@ -2055,6 +2059,10 @@ __func__, cr->cr_ref, cr)); if (cr->cr_ref > 0) { mtx_unlock(&cr->cr_mtx); +#ifdef MAC + if ((cr->cr_flags & CRED_FLAG_NEEDTRIM) != 0) + mac_cred_trim(cr); +#endif return; } crfree_final(cr); @@ -2081,13 +2089,13 @@ prison_free(cr->cr_prison); if (cr->cr_loginclass != NULL) loginclass_free(cr->cr_loginclass); + mtx_destroy(&cr->cr_mtx); #ifdef AUDIT audit_cred_destroy(cr); #endif #ifdef MAC mac_cred_destroy(cr); #endif - mtx_destroy(&cr->cr_mtx); if (cr->cr_groups != cr->cr_smallgroups) free(cr->cr_groups, M_CRED); free(cr, M_CRED); Index: sys/kern/kern_resource.c =================================================================== --- sys/kern/kern_resource.c +++ sys/kern/kern_resource.c @@ -56,6 +56,7 @@ #include #include #include +#include #include #include #include @@ -66,6 +67,8 @@ #include #include +#include + static MALLOC_DEFINE(M_PLIMIT, "plimit", "plimit structures"); static MALLOC_DEFINE(M_UIDINFO, "uidinfo", "uidinfo structures"); #define UIHASH(uid) (&uihashtbl[(uid) & uihash]) @@ -330,6 +333,11 @@ PROC_UNLOCK(p); return (copyout(&rtp, uap->rtp, sizeof(struct rtprio))); case RTP_SET: +#ifdef MAC + error = mac_system_check_syscat(td->td_ucred, SY_CAT_SETSCHED); + if (error != 0) + return (error); +#endif if ((error = p_cansched(td, p)) || (error = cierror)) break; @@ -433,6 +441,11 @@ PROC_UNLOCK(p); return (copyout(&rtp, uap->rtp, sizeof(struct rtprio))); case RTP_SET: +#ifdef MAC + error = mac_system_check_syscat(td->td_ucred, SY_CAT_SETSCHED); + if (error != 0) + return (error); +#endif if ((error = p_cansched(td, p)) || (error = cierror)) break; @@ -664,6 +677,11 @@ if (which >= RLIM_NLIMITS) return (EINVAL); +#ifdef MAC + if ((error = mac_system_check_syscat(td->td_ucred, SY_CAT_SETRLIMIT)) != 0) + return (error); +#endif + /* * Preserve historical bugs by treating negative limits as unsigned. */ Index: sys/kern/kern_syscalls.c =================================================================== --- sys/kern/kern_syscalls.c +++ sys/kern/kern_syscalls.c @@ -116,7 +116,7 @@ { int i; - if ((flags & ~SY_THR_STATIC) != 0) + if ((flags & ~(SY_THR_STATIC | SY_HLP_PRESERVE_SYFLAGS)) != 0) return (EINVAL); if (*offset == NO_SYSCALL) { @@ -139,8 +139,11 @@ ("dynamic syscall is not protected")); *old_sysent = sysents[*offset]; new_sysent->sy_thrcnt = SY_THR_ABSENT; + if ((flags & SY_HLP_PRESERVE_SYFLAGS) != 0) + new_sysent->sy_flags = old_sysent->sy_flags; sysents[*offset] = *new_sysent; - atomic_store_rel_32(&sysents[*offset].sy_thrcnt, flags); + atomic_store_rel_32(&sysents[*offset].sy_thrcnt, + (flags & SY_THR_STATIC)); return (0); } Index: sys/kern/kern_sysctl.c =================================================================== --- sys/kern/kern_sysctl.c +++ sys/kern/kern_sysctl.c @@ -64,6 +64,7 @@ #include #include #include +#include #ifdef KTRACE #include #endif @@ -84,6 +85,9 @@ static MALLOC_DEFINE(M_SYSCTLOID, "sysctloid", "sysctl dynamic oids"); static MALLOC_DEFINE(M_SYSCTLTMP, "sysctltmp", "sysctl temp output buffer"); +EVENTHANDLER_LIST_DEFINE(sysctl_register_oid); +EVENTHANDLER_LIST_DEFINE(sysctl_unregister_oid); + /* * The sysctllock protects the MIB tree. It also protects sysctl * contexts used with dynamic sysctls. The sysctl_register_oid() and @@ -520,6 +524,8 @@ /* try to fetch value from kernel environment */ sysctl_load_tunable_by_oid_locked(oidp); } + if (EVENTHANDLER_LIST_IS_READY(sysctl_register_oid)) + EVENTHANDLER_DIRECT_INVOKE(sysctl_register_oid, oidp); } void @@ -574,6 +580,9 @@ } } + if (EVENTHANDLER_LIST_IS_READY(sysctl_unregister_oid)) + EVENTHANDLER_DIRECT_INVOKE(sysctl_unregister_oid, oidp); + /* * This can happen when a module fails to register and is * being unloaded afterwards. It should not be a panic() @@ -2202,6 +2211,15 @@ return (ENOENT); } +void +sysctl_call_with_rlock(void (*cb)(void *ctx), void *ctx) +{ + struct rm_priotracker tracker; + SYSCTL_RLOCK(&tracker); + cb(ctx); + SYSCTL_RUNLOCK(&tracker); +} + /* * Traverse our tree, and find the right node, execute whatever it points * to, and return the resulting error code. Index: sys/kern/kern_thread.c =================================================================== --- sys/kern/kern_thread.c +++ sys/kern/kern_thread.c @@ -89,9 +89,9 @@ "struct thread KBI td_flags"); _Static_assert(offsetof(struct thread, td_pflags) == 0x110, "struct thread KBI td_pflags"); -_Static_assert(offsetof(struct thread, td_frame) == 0x4a8, +_Static_assert(offsetof(struct thread, td_frame) == 0x4b0, "struct thread KBI td_frame"); -_Static_assert(offsetof(struct thread, td_emuldata) == 0x6b0, +_Static_assert(offsetof(struct thread, td_emuldata) == 0x6c0, "struct thread KBI td_emuldata"); _Static_assert(offsetof(struct proc, p_flag) == 0xb8, "struct proc KBI p_flag"); @@ -99,9 +99,9 @@ "struct proc KBI p_pid"); _Static_assert(offsetof(struct proc, p_filemon) == 0x3c8, "struct proc KBI p_filemon"); -_Static_assert(offsetof(struct proc, p_comm) == 0x3e0, +_Static_assert(offsetof(struct proc, p_comm) == 0x3e8, "struct proc KBI p_comm"); -_Static_assert(offsetof(struct proc, p_emuldata) == 0x4c8, +_Static_assert(offsetof(struct proc, p_emuldata) == 0x4d0, "struct proc KBI p_emuldata"); #endif #ifdef __i386__ @@ -109,9 +109,9 @@ "struct thread KBI td_flags"); _Static_assert(offsetof(struct thread, td_pflags) == 0xa4, "struct thread KBI td_pflags"); -_Static_assert(offsetof(struct thread, td_frame) == 0x308, +_Static_assert(offsetof(struct thread, td_frame) == 0x30c, "struct thread KBI td_frame"); -_Static_assert(offsetof(struct thread, td_emuldata) == 0x34c, +_Static_assert(offsetof(struct thread, td_emuldata) == 0x350, "struct thread KBI td_emuldata"); _Static_assert(offsetof(struct proc, p_flag) == 0x6c, "struct proc KBI p_flag"); @@ -119,9 +119,9 @@ "struct proc KBI p_pid"); _Static_assert(offsetof(struct proc, p_filemon) == 0x270, "struct proc KBI p_filemon"); -_Static_assert(offsetof(struct proc, p_comm) == 0x284, +_Static_assert(offsetof(struct proc, p_comm) == 0x288, "struct proc KBI p_comm"); -_Static_assert(offsetof(struct proc, p_emuldata) == 0x310, +_Static_assert(offsetof(struct proc, p_emuldata) == 0x314, "struct proc KBI p_emuldata"); #endif Index: sys/kern/subr_syscall.c =================================================================== --- sys/kern/subr_syscall.c +++ sys/kern/subr_syscall.c @@ -53,6 +53,7 @@ #include #endif #include +#include static inline void syscallenter(struct thread *td) @@ -129,6 +130,14 @@ } #endif +#ifdef MAC + error = mac_system_check_sysent(td->td_ucred, se); + if (__predict_false(error != 0)) { + td->td_errno = error; + goto retval; + } +#endif + /* * Fetch fast sigblock value at the time of syscall entry to * handle sleepqueue primitives which might call cursig(). @@ -220,6 +229,8 @@ p = td->td_proc; sa = &td->td_sa; + + /* Handle special errnos that should trigger signals to be sent. */ if (__predict_false(td->td_errno == ENOTCAPABLE || td->td_errno == ECAPMODE)) { if ((trap_enotcap || @@ -231,6 +242,14 @@ ksi.ksi_info.si_syscall = sa->original_code; trapsignal(td, &ksi); } + } else if (__predict_false(td->td_errno == EMACTRAP || + td->td_errno == EMACKILL)) { + ksiginfo_init_trap(&ksi); + ksi.ksi_signo = td->td_errno == EMACTRAP ? SIGTRAP : SIGKILL; + ksi.ksi_code = SI_MAC; + ksi.ksi_info.si_syscall = sa->original_code; + ksi.ksi_errno = td->td_errno = EPERM; + trapsignal(td, &ksi); } /* Index: sys/kern/sys_generic.c =================================================================== --- sys/kern/sys_generic.c +++ sys/kern/sys_generic.c @@ -77,6 +77,7 @@ #endif #include +#include /* * The following macro defines how many bytes will be allocated from @@ -771,6 +772,11 @@ fp = NULL; goto out; } +#endif +#ifdef MAC + error = mac_generic_check_ioctl(td->td_ucred, fp, com, data); + if (error) + goto out; #endif if ((fp->f_flag & (FREAD | FWRITE)) == 0) { error = EBADF; Index: sys/kern/syscalls.master =================================================================== --- sys/kern/syscalls.master +++ sys/kern/syscalls.master @@ -52,6 +52,8 @@ ; SYSMUX syscall multiplexer. No prototype, argument struct, or ; handler is declared or used. Handled in MD syscall code. ; CAPENABLED syscall is allowed in capability mode +; CAT_* syscall category for MAC framework syscall filtering. +; See sys/syscat.h ; ; To support programmatic generation of both the default ABI and 32-bit compat ; (freebsd32) we impose a number of restrictions on the types of system calls. @@ -113,6 +115,7 @@ #include #include #include +#include %%ABI_HEADERS%% 0 AUE_NULL SYSMUX { @@ -121,29 +124,29 @@ ... ); } -1 AUE_EXIT STD|CAPENABLED { +1 AUE_EXIT STD|CAT_EXIT|CAPENABLED { void exit( int rval ); } -2 AUE_FORK STD|CAPENABLED { +2 AUE_FORK STD|CAT_FORK|CAPENABLED { int fork(void); } -3 AUE_READ STD|CAPENABLED { +3 AUE_READ STD|CAT_GENIO|CAPENABLED { ssize_t read( int fd, _Out_writes_bytes_(nbyte) void *buf, size_t nbyte ); } -4 AUE_WRITE STD|CAPENABLED { +4 AUE_WRITE STD|CAT_GENIO|CAPENABLED { ssize_t write( int fd, _In_reads_bytes_(nbyte) const void *buf, size_t nbyte ); } -5 AUE_OPEN_RWTC STD { +5 AUE_OPEN_RWTC STD|CAT_PATH { int open( _In_z_ const char *path, int flags, @@ -152,12 +155,12 @@ } ; XXX should be { int open(const char *path, int flags, ...); } ; but we're not ready for varargs. -6 AUE_CLOSE STD|CAPENABLED { +6 AUE_CLOSE STD|CAT_GENIO|CAPENABLED { int close( int fd ); } -7 AUE_WAIT4 STD { +7 AUE_WAIT4 STD|CAT_WAIT { int wait4( int pid, _Out_opt_ int *status, @@ -165,77 +168,77 @@ _Out_opt_ _Contains_long_timet_ struct rusage *rusage ); } -8 AUE_CREAT COMPAT { +8 AUE_CREAT COMPAT|CAT_WRITE_PATH { int creat( _In_z_ const char *path, int mode ); } -9 AUE_LINK STD { +9 AUE_LINK STD|CAT_CREATE_PATH { int link( _In_z_ const char *path, _In_z_ const char *link ); } -10 AUE_UNLINK STD { +10 AUE_UNLINK STD|CAT_DELETE_PATH { int unlink( _In_z_ const char *path ); } 11 AUE_NULL OBSOL execv -12 AUE_CHDIR STD { +12 AUE_CHDIR STD|CAT_PATH { int chdir( _In_z_ const char *path ); } -13 AUE_FCHDIR STD { +13 AUE_FCHDIR STD|CAT_PATH { int fchdir( int fd ); } -14 AUE_MKNOD COMPAT11 { +14 AUE_MKNOD COMPAT11|CAT_CREATE_PATH { int mknod( _In_z_ const char *path, int mode, uint32_t dev ); } -15 AUE_CHMOD STD { +15 AUE_CHMOD STD|CAT_FATTR_PATH { int chmod( _In_z_ const char *path, mode_t mode ); } -16 AUE_CHOWN STD { +16 AUE_CHOWN STD|CAT_FATTR_PATH { int chown( _In_z_ const char *path, int uid, int gid ); } -17 AUE_NULL STD|CAPENABLED { +17 AUE_NULL STD|CAT_MMAN|CAPENABLED { void *break( _In_ char *nsize ); } -18 AUE_GETFSSTAT COMPAT4 { +18 AUE_GETFSSTAT COMPAT4|CAT_GETFSSTAT { int getfsstat( _Out_writes_bytes_opt_(bufsize) _Contains_long_ struct ostatfs *buf, long bufsize, int mode ); } -19 AUE_LSEEK COMPAT|CAPENABLED { +19 AUE_LSEEK COMPAT|CAT_GENIO|CAPENABLED { long lseek( int fd, long offset, int whence ); } -20 AUE_GETPID STD|CAPENABLED { +20 AUE_GETPID STD|CAT_STATUS|CAPENABLED { pid_t getpid(void); } -21 AUE_MOUNT STD { +21 AUE_MOUNT STD|CAT_MOUNT { int mount( _In_z_ const char *type, _In_z_ const char *path, @@ -243,24 +246,24 @@ _In_opt_ void *data ); } -22 AUE_UMOUNT STD { +22 AUE_UMOUNT STD|CAT_MOUNT { int unmount( _In_z_ const char *path, int flags ); } -23 AUE_SETUID STD|CAPENABLED { +23 AUE_SETUID STD|CAT_SETCRED|CAPENABLED { int setuid( uid_t uid ); } -24 AUE_GETUID STD|CAPENABLED { +24 AUE_GETUID STD|CAT_GETCRED|CAPENABLED { uid_t getuid(void); } -25 AUE_GETEUID STD|CAPENABLED { +25 AUE_GETEUID STD|CAT_GETCRED|CAPENABLED { uid_t geteuid(void); } -26 AUE_PTRACE STD { +26 AUE_PTRACE STD|CAT_TRACE { int ptrace( int req, pid_t pid, @@ -268,21 +271,21 @@ int data ); } -27 AUE_RECVMSG STD|CAPENABLED { +27 AUE_RECVMSG STD|CAT_SOCKIO|CAPENABLED { ssize_t recvmsg( int s, _Inout_ _Contains_ptr_ struct msghdr *msg, int flags ); } -28 AUE_SENDMSG STD|CAPENABLED { +28 AUE_SENDMSG STD|CAT_SOCKIO|CAPENABLED { ssize_t sendmsg( int s, _In_ _Contains_ptr_ const struct msghdr *msg, int flags ); } -29 AUE_RECVFROM STD|CAPENABLED { +29 AUE_RECVFROM STD|CAT_SOCKIO|CAPENABLED { ssize_t recvfrom( int s, _Out_writes_bytes_(len) void *buf, @@ -292,81 +295,81 @@ _Inout_opt_ __socklen_t *fromlenaddr ); } -30 AUE_ACCEPT STD|CAPENABLED { +30 AUE_ACCEPT STD|CAT_SOCK|CAPENABLED { int accept( int s, _Out_writes_bytes_opt_(*anamelen) struct sockaddr *name, _Inout_opt_ __socklen_t *anamelen ); } -31 AUE_GETPEERNAME STD|CAPENABLED { +31 AUE_GETPEERNAME STD|CAT_SOCK|CAPENABLED { int getpeername( int fdes, _Out_writes_bytes_(*alen) struct sockaddr *asa, _Inout_opt_ __socklen_t *alen ); } -32 AUE_GETSOCKNAME STD|CAPENABLED { +32 AUE_GETSOCKNAME STD|CAT_SOCK|CAPENABLED { int getsockname( int fdes, _Out_writes_bytes_(*alen) struct sockaddr *asa, _Inout_ __socklen_t *alen ); } -33 AUE_ACCESS STD { +33 AUE_ACCESS STD|CAT_PATH { int access( _In_z_ const char *path, int amode ); } -34 AUE_CHFLAGS STD { +34 AUE_CHFLAGS STD|CAT_FATTR_PATH { int chflags( _In_z_ const char *path, u_long flags ); } -35 AUE_FCHFLAGS STD|CAPENABLED { +35 AUE_FCHFLAGS STD|CAT_FATTR|CAPENABLED { int fchflags( int fd, u_long flags ); } -36 AUE_SYNC STD|CAPENABLED { +36 AUE_SYNC STD|CAT_WRITE_PATH|CAPENABLED { int sync(void); } -37 AUE_KILL STD|CAPENABLED { +37 AUE_KILL STD|CAT_SIGSEND|CAPENABLED { int kill( int pid, int signum ); } -38 AUE_STAT COMPAT { +38 AUE_STAT COMPAT|CAT_STAT_PATH { int stat( _In_z_ const char *path, _Out_ _Contains_timet_ struct ostat *ub ); } -39 AUE_GETPPID STD|CAPENABLED { +39 AUE_GETPPID STD|CAT_STATUS|CAPENABLED { pid_t getppid(void); } -40 AUE_LSTAT COMPAT { +40 AUE_LSTAT COMPAT|CAT_STAT_PATH { int lstat( _In_z_ const char *path, _Out_ _Contains_timet_ struct ostat *ub ); } -41 AUE_DUP STD|CAPENABLED { +41 AUE_DUP STD|CAT_FDESC|CAPENABLED { int dup( u_int fd ); } -42 AUE_PIPE COMPAT10|CAPENABLED { +42 AUE_PIPE COMPAT10|CAT_PIPE|CAPENABLED { int pipe(void); } -43 AUE_GETEGID STD|CAPENABLED { +43 AUE_GETEGID STD|CAT_GETCRED|CAPENABLED { gid_t getegid(void); } -44 AUE_PROFILE STD|CAPENABLED { +44 AUE_PROFILE STD|CAT_PROCCTL|CAPENABLED { int profil( _Out_writes_bytes_(size) char *samples, size_t size, @@ -374,7 +377,7 @@ u_int scale ); } -45 AUE_KTRACE STD { +45 AUE_KTRACE STD|CAT_TRACE { int ktrace( _In_z_ const char *fname, int ops, @@ -382,17 +385,17 @@ int pid ); } -46 AUE_SIGACTION COMPAT|CAPENABLED { +46 AUE_SIGACTION COMPAT|CAT_SIGHAND|CAPENABLED { int sigaction( int signum, _In_opt_ _Contains_ptr_ struct osigaction *nsa, _Out_opt_ _Contains_ptr_ struct osigaction *osa ); } -47 AUE_GETGID STD|CAPENABLED { +47 AUE_GETGID STD|CAT_GETCRED|CAPENABLED { gid_t getgid(void); } -48 AUE_SIGPROCMASK COMPAT|CAPENABLED { +48 AUE_SIGPROCMASK COMPAT|CAT_SIGMASK|CAPENABLED { int sigprocmask( int how, osigset_t mask @@ -401,85 +404,85 @@ ; XXX note nonstandard (bogus) calling convention - the libc stub passes ; us the mask, not a pointer to it, and we return the old mask as the ; (int) return value. -49 AUE_GETLOGIN STD|CAPENABLED { +49 AUE_GETLOGIN STD|CAT_GETCRED|CAPENABLED { int getlogin( _Out_writes_z_(namelen) char *namebuf, u_int namelen ); } -50 AUE_SETLOGIN STD { +50 AUE_SETLOGIN STD|CAT_SETCRED { int setlogin( _In_z_ const char *namebuf ); } -51 AUE_ACCT STD { +51 AUE_ACCT STD|CAT_SYSMGMT { int acct( _In_z_ const char *path ); } -52 AUE_SIGPENDING COMPAT|CAPENABLED { +52 AUE_SIGPENDING COMPAT|CAT_SIGWAIT|CAPENABLED { int sigpending(void); } -53 AUE_SIGALTSTACK STD|CAPENABLED { +53 AUE_SIGALTSTACK STD|CAT_SIGHAND|CAPENABLED { int sigaltstack( _In_opt_ _Contains_long_ptr_ const struct sigaltstack *ss, _Out_opt_ _Contains_long_ptr_ struct sigaltstack *oss ); } -54 AUE_IOCTL STD|CAPENABLED { +54 AUE_IOCTL STD|CAT_IOCTL|CAPENABLED { int ioctl( int fd, u_long com, _Inout_opt_ _Contains_long_ptr_ char *data ); } -55 AUE_REBOOT STD { +55 AUE_REBOOT STD|CAT_SYSMGMT { int reboot( int opt ); } -56 AUE_REVOKE STD { +56 AUE_REVOKE STD|CAT_TTYMGMT { int revoke( _In_z_ const char *path ); } -57 AUE_SYMLINK STD { +57 AUE_SYMLINK STD|CAT_CREATE_PATH { int symlink( _In_z_ const char *path, _In_z_ const char *link ); } -58 AUE_READLINK STD { +58 AUE_READLINK STD|CAT_READ_PATH { ssize_t readlink( _In_z_ const char *path, _Out_writes_z_(count) char *buf, size_t count ); } -59 AUE_EXECVE STD { +59 AUE_EXECVE STD|CAT_EXEC_PATH { int execve( _In_z_ const char *fname, _In_z_ char **argv, _In_z_ char **envv ); } -60 AUE_UMASK STD|CAPENABLED { +60 AUE_UMASK STD|CAT_FDESC|CAPENABLED { mode_t umask( mode_t newmask ); } -61 AUE_CHROOT STD { +61 AUE_CHROOT STD|CAT_CHROOT { int chroot( _In_z_ const char *path ); } -62 AUE_FSTAT COMPAT|CAPENABLED { +62 AUE_FSTAT COMPAT|CAT_GENIO|CAPENABLED { int fstat( int fd, _Out_ _Contains_timet_ struct ostat *sb ); } -63 AUE_NULL COMPAT { +63 AUE_NULL COMPAT|CAT_SYSINFO { int getkerninfo( int op, _Out_writes_bytes_opt(*size) char *where, @@ -487,32 +490,32 @@ int arg ); } -64 AUE_NULL COMPAT|CAPENABLED { +64 AUE_NULL COMPAT|CAT_SYSINFO|CAPENABLED { int getpagesize(void); } -65 AUE_MSYNC STD|CAPENABLED { +65 AUE_MSYNC STD|CAT_MMAN|CAPENABLED { int msync( _In_ void *addr, size_t len, int flags ); } -66 AUE_VFORK STD { +66 AUE_VFORK STD|CAT_FORK { int vfork(void); } 67 AUE_NULL OBSOL vread 68 AUE_NULL OBSOL vwrite -69 AUE_SBRK STD|CAPENABLED { +69 AUE_SBRK STD|CAT_MMAN|CAPENABLED { int sbrk( int incr ); } -70 AUE_SSTK STD|CAPENABLED { +70 AUE_SSTK STD|CAT_MMAN|CAPENABLED { int sstk( int incr ); } -71 AUE_MMAP COMPAT|CAPENABLED { +71 AUE_MMAP COMPAT|CAT_MMAN|CAPENABLED { void *mmap( _In_ void *addr, int len, @@ -522,25 +525,25 @@ long pos ); } -72 AUE_O_VADVISE COMPAT11 { +72 AUE_O_VADVISE COMPAT11|CAT_MMAN { int vadvise( int anom ); } -73 AUE_MUNMAP STD|CAPENABLED { +73 AUE_MUNMAP STD|CAT_MMAN|CAPENABLED { int munmap( _In_ void *addr, size_t len ); } -74 AUE_MPROTECT STD|CAPENABLED { +74 AUE_MPROTECT STD|CAT_MMAN|CAPENABLED { int mprotect( _In_ void *addr, size_t len, int prot ); } -75 AUE_MADVISE STD|CAPENABLED { +75 AUE_MADVISE STD|CAT_MMAN|CAPENABLED { int madvise( _In_ void *addr, size_t len, @@ -549,78 +552,78 @@ } 76 AUE_NULL OBSOL vhangup 77 AUE_NULL OBSOL vlimit -78 AUE_MINCORE STD|CAPENABLED { +78 AUE_MINCORE STD|CAT_MMAN|CAPENABLED { int mincore( _In_ const void *addr, size_t len, _Out_writes_bytes_(len/PAGE_SIZE) char *vec ); } -79 AUE_GETGROUPS STD|CAPENABLED { +79 AUE_GETGROUPS STD|CAT_GETCRED|CAPENABLED { int getgroups( int gidsetsize, _Out_writes_opt_(gidsetsize) gid_t *gidset ); } -80 AUE_SETGROUPS STD { +80 AUE_SETGROUPS STD|CAT_SETCRED { int setgroups( int gidsetsize, _In_reads_(gidsetsize) const gid_t *gidset ); } -81 AUE_GETPGRP STD|CAPENABLED { +81 AUE_GETPGRP STD|CAT_STATUS|CAPENABLED { int getpgrp(void); } -82 AUE_SETPGRP STD { +82 AUE_SETPGRP STD|CAT_FORK { int setpgid( int pid, int pgid ); } -83 AUE_SETITIMER STD|CAPENABLED { +83 AUE_SETITIMER STD|CAT_TIMER|CAPENABLED { int setitimer( int which, _In_ _Contains_timet_ const struct itimerval *itv, _Out_opt_ _Contains_timet_ struct itimerval *oitv ); } -84 AUE_WAIT4 COMPAT { +84 AUE_WAIT4 COMPAT|CAT_WAIT { int wait(void); } -85 AUE_SWAPON STD { +85 AUE_SWAPON STD|CAT_SYSMGMT { int swapon( _In_z_ const char *name ); } -86 AUE_GETITIMER STD|CAPENABLED { +86 AUE_GETITIMER STD|CAT_TIMER|CAPENABLED { int getitimer( int which, _Out_ _Contains_timet_ struct itimerval *itv ); } -87 AUE_SYSCTL COMPAT|CAPENABLED { +87 AUE_SYSCTL COMPAT|CAT_SYSINFO|CAPENABLED { int gethostname( _Out_writes_z_(len) char *hostname, u_int len ); } -88 AUE_SYSCTL COMPAT { +88 AUE_SYSCTL COMPAT|CAT_SYSMGMT { int sethostname( _In_reads_z_(len) char *hostname, u_int len ); } -89 AUE_GETDTABLESIZE STD|CAPENABLED { +89 AUE_GETDTABLESIZE STD|CAT_FDESC|CAPENABLED { int getdtablesize(void); } -90 AUE_DUP2 STD|CAPENABLED { +90 AUE_DUP2 STD|CAT_FDESC|CAPENABLED { int dup2( u_int from, u_int to ); } 91 AUE_NULL RESERVED -92 AUE_FCNTL STD|CAPENABLED { +92 AUE_FCNTL STD|CAT_GENIO|CAPENABLED { int fcntl( int fd, int cmd, @@ -629,7 +632,7 @@ } ; XXX should be { int fcntl(int fd, int cmd, ...); } ; but we're not ready for varargs. -93 AUE_SELECT STD|CAPENABLED { +93 AUE_SELECT STD|CAT_POLL|CAPENABLED { int select( int nd, _Inout_opt_ fd_set *in, @@ -639,46 +642,46 @@ ); } 94 AUE_NULL RESERVED -95 AUE_FSYNC STD|CAPENABLED { +95 AUE_FSYNC STD|CAT_GENIO|CAPENABLED { int fsync( int fd ); } -96 AUE_SETPRIORITY STD|CAPENABLED { +96 AUE_SETPRIORITY STD|CAT_SETSCHED|CAPENABLED { int setpriority( int which, int who, int prio ); } -97 AUE_SOCKET STD|CAPENABLED { +97 AUE_SOCKET STD|CAT_SOCK|CAPENABLED { int socket( int domain, int type, int protocol ); } -98 AUE_CONNECT STD { +98 AUE_CONNECT STD|CAT_SOCK { int connect( int s, _In_reads_bytes_(namelen) const struct sockaddr *name, __socklen_t namelen ); } -99 AUE_ACCEPT COMPAT|CAPENABLED { +99 AUE_ACCEPT COMPAT|CAT_SOCK|CAPENABLED { int accept( int s, _Out_writes_bytes_opt_(*anamelen) struct sockaddr *name, __socklen_t *anamelen ); } -100 AUE_GETPRIORITY STD|CAPENABLED { +100 AUE_GETPRIORITY STD|CAT_GETSCHED|CAPENABLED { int getpriority( int which, int who ); } -101 AUE_SEND COMPAT|CAPENABLED { +101 AUE_SEND COMPAT|CAT_SOCKIO|CAPENABLED { int send( int s, _In_reads_bytes_(len) const void *buf, @@ -686,7 +689,7 @@ int flags ); } -102 AUE_RECV COMPAT|CAPENABLED { +102 AUE_RECV COMPAT|CAT_SOCKIO|CAPENABLED { int recv( int s, _Out_writes_bytes_(len) void *buf, @@ -694,19 +697,19 @@ int flags ); } -103 AUE_SIGRETURN COMPAT|CAPENABLED { +103 AUE_SIGRETURN COMPAT|CAT_CORE|CAPENABLED { int sigreturn( _In_ struct osigcontext *sigcntxp ); } -104 AUE_BIND STD { +104 AUE_BIND STD|CAT_SOCK { int bind( int s, _In_reads_bytes_(namelen) const struct sockaddr *name, __socklen_t namelen ); } -105 AUE_SETSOCKOPT STD|CAPENABLED { +105 AUE_SETSOCKOPT STD|CAT_SOCKIO|CAPENABLED { int setsockopt( int s, int level, @@ -715,51 +718,51 @@ __socklen_t valsize ); } -106 AUE_LISTEN STD|CAPENABLED { +106 AUE_LISTEN STD|CAT_SOCK|CAPENABLED { int listen( int s, int backlog ); } 107 AUE_NULL OBSOL vtimes -108 AUE_NULL COMPAT|CAPENABLED { +108 AUE_NULL COMPAT|CAT_SIGHAND|CAPENABLED { int sigvec( int signum, _In_opt_ _Contains_ptr_ struct sigvec *nsv, _Out_opt_ _Contains_ptr_ struct sigvec *osv ); } -109 AUE_NULL COMPAT|CAPENABLED { +109 AUE_NULL COMPAT|CAT_SIGMASK|CAPENABLED { int sigblock( int mask ); } -110 AUE_NULL COMPAT|CAPENABLED { +110 AUE_NULL COMPAT|CAT_SIGMASK|CAPENABLED { int sigsetmask( int mask ); } -111 AUE_NULL COMPAT|CAPENABLED { +111 AUE_NULL COMPAT|CAT_SIGMASK|CAPENABLED { int sigsuspend( osigset_t mask ); } ; XXX note nonstandard (bogus) calling convention - the libc stub passes ; us the mask, not a pointer to it. -112 AUE_NULL COMPAT|CAPENABLED { +112 AUE_NULL COMPAT|CAT_SIGHAND|CAPENABLED { int sigstack( _In_opt_ _Contains_ptr_ struct sigstack *nss, _Out_opt_ _Contains_ptr_ struct sigstack *oss ); } -113 AUE_RECVMSG COMPAT|CAPENABLED { +113 AUE_RECVMSG COMPAT|CAT_SOCKIO|CAPENABLED { int recvmsg( int s, _Inout_ _Contains_ptr_ struct omsghdr *msg, int flags ); } -114 AUE_SENDMSG COMPAT|CAPENABLED { +114 AUE_SENDMSG COMPAT|CAT_SOCKIO|CAPENABLED { int sendmsg( int s, _In_ _Contains_ptr_ const struct omsghdr *msg, @@ -767,19 +770,19 @@ ); } 115 AUE_NULL OBSOL vtrace -116 AUE_GETTIMEOFDAY STD|CAPENABLED { +116 AUE_GETTIMEOFDAY STD|CAT_CLOCK|CAPENABLED { int gettimeofday( _Out_ _Contains_long_timet_ struct timeval *tp, _Out_opt_ struct timezone *tzp ); } -117 AUE_GETRUSAGE STD|CAPENABLED { +117 AUE_GETRUSAGE STD|CAT_STATUS|CAPENABLED { int getrusage( int who, _Out_ _Contains_long_ struct rusage *rusage ); } -118 AUE_GETSOCKOPT STD|CAPENABLED { +118 AUE_GETSOCKOPT STD|CAT_SOCKIO|CAPENABLED { int getsockopt( int s, int level, @@ -789,40 +792,40 @@ ); } 119 AUE_NULL RESERVED -120 AUE_READV STD|CAPENABLED { +120 AUE_READV STD|CAT_GENIO|CAPENABLED { int readv( int fd, _Inout_updates_(iovcnt) _Contains_long_ptr_ struct iovec *iovp, u_int iovcnt ); } -121 AUE_WRITEV STD|CAPENABLED { +121 AUE_WRITEV STD|CAT_GENIO|CAPENABLED { int writev( int fd, _In_reads_opt_(iovcnt) _Contains_long_ptr_ struct iovec *iovp, u_int iovcnt ); } -122 AUE_SETTIMEOFDAY STD { +122 AUE_SETTIMEOFDAY STD|CAT_SETTIME { int settimeofday( _In_ _Contains_long_timet_ const struct timeval *tv, _In_opt_ const struct timezone *tzp ); } -123 AUE_FCHOWN STD|CAPENABLED { +123 AUE_FCHOWN STD|CAT_FATTR|CAPENABLED { int fchown( int fd, int uid, int gid ); } -124 AUE_FCHMOD STD|CAPENABLED { +124 AUE_FCHMOD STD|CAT_FATTR|CAPENABLED { int fchmod( int fd, mode_t mode ); } -125 AUE_RECVFROM COMPAT|CAPENABLED { +125 AUE_RECVFROM COMPAT|CAT_SOCKIO|CAPENABLED { int recvfrom( int s, _Out_writes_(len) void *buf, @@ -832,49 +835,49 @@ _Inout_ __socklen_t *fromlenaddr ); } -126 AUE_SETREUID STD|CAPENABLED { +126 AUE_SETREUID STD|CAT_SETCRED|CAPENABLED { int setreuid( int ruid, int euid ); } -127 AUE_SETREGID STD|CAPENABLED { +127 AUE_SETREGID STD|CAT_SETCRED|CAPENABLED { int setregid( int rgid, int egid ); } -128 AUE_RENAME STD { +128 AUE_RENAME STD|CAT_RENAME_PATH { int rename( _In_z_ const char *from, _In_z_ const char *to ); } -129 AUE_TRUNCATE COMPAT { +129 AUE_TRUNCATE COMPAT|CAT_WRITE_PATH { int truncate( _In_z_ const char *path, long length ); } -130 AUE_FTRUNCATE COMPAT|CAPENABLED { +130 AUE_FTRUNCATE COMPAT|CAT_GENIO|CAPENABLED { int ftruncate( int fd, long length ); } -131 AUE_FLOCK STD|CAPENABLED { +131 AUE_FLOCK STD|CAT_FLOCK|CAPENABLED { int flock( int fd, int how ); } -132 AUE_MKFIFO STD { +132 AUE_MKFIFO STD|CAT_CREATE_PATH { int mkfifo( _In_z_ const char *path, mode_t mode ); } -133 AUE_SENDTO STD|CAPENABLED { +133 AUE_SENDTO STD|CAT_SOCKIO|CAPENABLED { ssize_t sendto( int s, _In_reads_bytes_(len) const void *buf, @@ -884,13 +887,13 @@ __socklen_t tolen ); } -134 AUE_SHUTDOWN STD|CAPENABLED { +134 AUE_SHUTDOWN STD|CAT_SOCKIO|CAPENABLED { int shutdown( int s, int how ); } -135 AUE_SOCKETPAIR STD|CAPENABLED { +135 AUE_SOCKETPAIR STD|CAT_PIPE|CAPENABLED { int socketpair( int domain, int type, @@ -898,67 +901,67 @@ _Out_writes_(2) int *rsv ); } -136 AUE_MKDIR STD { +136 AUE_MKDIR STD|CAT_CREATE_PATH { int mkdir( _In_z_ const char *path, mode_t mode ); } -137 AUE_RMDIR STD { +137 AUE_RMDIR STD|CAT_DELETE_PATH { int rmdir( _In_z_ const char *path ); } -138 AUE_UTIMES STD { +138 AUE_UTIMES STD|CAT_FATTR_PATH { int utimes( _In_z_ const char *path, _In_ _Contains_long_timet_ const struct timeval *tptr ); } 139 AUE_NULL OBSOL 4.2 sigreturn -140 AUE_ADJTIME STD { +140 AUE_ADJTIME STD|CAT_SETTIME_ { int adjtime( _In_ _Contains_long_timet_ const struct timeval *delta, _Out_opt_ _Contains_long_timet_ struct timeval *olddelta ); } -141 AUE_GETPEERNAME COMPAT|CAPENABLED { +141 AUE_GETPEERNAME COMPAT|CAT_SOCK|CAPENABLED { int getpeername( int fdes, _Out_writes_bytes_(*alen) struct sockaddr *asa, _Inout_opt_ __socklen_t *alen ); } -142 AUE_SYSCTL COMPAT|CAPENABLED { +142 AUE_SYSCTL COMPAT|CAT_SYSINFO|CAPENABLED { long gethostid(void); } -143 AUE_SYSCTL COMPAT { +143 AUE_SYSCTL COMPAT|CAT_SYSMGMT { int sethostid( long hostid ); } -144 AUE_GETRLIMIT COMPAT|CAPENABLED { +144 AUE_GETRLIMIT COMPAT|CAT_GETRLIMIT|CAPENABLED { int getrlimit( u_int which, _Out_ struct orlimit *rlp ); } -145 AUE_SETRLIMIT COMPAT|CAPENABLED { +145 AUE_SETRLIMIT COMPAT|CAT_SETRLIMIT|CAPENABLED { int setrlimit( u_int which, _Out_ struct orlimit *rlp ); } -146 AUE_KILLPG COMPAT { +146 AUE_KILLPG COMPAT|CAT_SIGSEND { int killpg( int pgid, int signum ); } -147 AUE_SETSID STD|CAPENABLED { +147 AUE_SETSID STD|CAT_FORK|CAPENABLED { int setsid(void); } -148 AUE_QUOTACTL STD { +148 AUE_QUOTACTL STD|CAT_QUOTA { int quotactl( _In_z_ const char *path, int cmd, @@ -966,10 +969,10 @@ _In_ void *arg ); } -149 AUE_O_QUOTA COMPAT { +149 AUE_O_QUOTA COMPAT|CAT_QUOTA { int quota(void); } -150 AUE_GETSOCKNAME COMPAT|CAPENABLED { +150 AUE_GETSOCKNAME COMPAT|CAT_SOCK|CAPENABLED { int getsockname( int fdes, _Out_writes_bytes_(*alen) struct sockaddr *asa, @@ -993,7 +996,7 @@ _In_ void *argp ); } -156 AUE_GETDIRENTRIES COMPAT|CAPENABLED { +156 AUE_GETDIRENTRIES COMPAT|CAT_READ_PATH|CAPENABLED { int getdirentries( int fd, _Out_writes_bytes_(count) char *buf, @@ -1001,55 +1004,55 @@ _Out_ long *basep ); } -157 AUE_STATFS COMPAT4 { +157 AUE_STATFS COMPAT4|CAT_STATFS_PATH { int statfs( _In_z_ const char *path, _Out_ _Contains_long_ struct ostatfs *buf ); } -158 AUE_FSTATFS COMPAT4|CAPENABLED { +158 AUE_FSTATFS COMPAT4|CAT_STATFS|CAPENABLED { int fstatfs( int fd, _Out_ _Contains_long_ struct ostatfs *buf ); } 159 AUE_NULL RESERVED -160 AUE_LGETFH STD { +160 AUE_LGETFH STD|CAT_FH { int lgetfh( _In_z_ const char *fname, _Out_ struct fhandle *fhp ); } -161 AUE_NFS_GETFH STD { +161 AUE_NFS_GETFH STD|CAT_FH { int getfh( _In_z_ const char *fname, _Out_ struct fhandle *fhp ); } -162 AUE_SYSCTL COMPAT4|CAPENABLED { +162 AUE_SYSCTL COMPAT4|CAT_SYSINFO|CAPENABLED { int getdomainname( _Out_writes_z_(len) char *domainname, int len ); } -163 AUE_SYSCTL COMPAT4 { +163 AUE_SYSCTL COMPAT4|CAT_SYSMGMT { int setdomainname( _In_reads_z_(len) char *domainname, int len ); } -164 AUE_NULL COMPAT4 { +164 AUE_NULL COMPAT4|CAT_SYSINFO { int uname( _Out_ struct utsname *name ); } -165 AUE_SYSARCH STD|CAPENABLED { +165 AUE_SYSARCH STD|CAT_CORE|CAPENABLED { int sysarch( int op, _In_z_ char *parms ); } -166 AUE_RTPRIO STD|CAPENABLED { +166 AUE_RTPRIO STD|CAT_SCHED_|CAPENABLED { int rtprio( int function, pid_t pid, @@ -1057,7 +1060,7 @@ ); } 167-168 AUE_NULL RESERVED -169 AUE_SEMSYS NOSTD { +169 AUE_SEMSYS NOSTD|CAT_SYSVSEM { int semsys( int which, int a2, @@ -1067,7 +1070,7 @@ ); } ; XXX should be { int semsys(int which, ...); } -170 AUE_MSGSYS NOSTD { +170 AUE_MSGSYS NOSTD|CAT_SYSVMSG { int msgsys( int which, int a2, @@ -1078,7 +1081,7 @@ ); } ; XXX should be { int msgsys(int which, ...); } -171 AUE_SHMSYS NOSTD { +171 AUE_SHMSYS NOSTD|CAT_SYSVSHM { int shmsys( int which, int a2, @@ -1088,7 +1091,7 @@ } ; XXX should be { int shmsys(int which, ...); } 172 AUE_NULL RESERVED -173 AUE_PREAD COMPAT6|CAPENABLED { +173 AUE_PREAD COMPAT6|CAT_GENIO|CAPENABLED { ssize_t pread( int fd, _Out_writes_bytes_(nbyte) void *buf, @@ -1097,7 +1100,7 @@ off_t offset ); } -174 AUE_PWRITE COMPAT6|CAPENABLED { +174 AUE_PWRITE COMPAT6|CAT_GENIO|CAPENABLED { ssize_t pwrite( int fd, _In_reads_bytes_(nbyte) const void *buf, @@ -1106,28 +1109,28 @@ off_t offset ); } -175 AUE_SETFIB STD { +175 AUE_SETFIB STD|CAT_SOCK { int setfib( int fibnum ); } -176 AUE_NTP_ADJTIME STD { +176 AUE_NTP_ADJTIME STD|CAT_SETTIME { int ntp_adjtime( _Inout_ _Contains_long_ struct timex *tp ); } 177-180 AUE_NULL RESERVED -181 AUE_SETGID STD|CAPENABLED { +181 AUE_SETGID STD|CAT_SETCRED|CAPENABLED { int setgid( gid_t gid ); } -182 AUE_SETEGID STD|CAPENABLED { +182 AUE_SETEGID STD|CAT_SETCRED|CAPENABLED { int setegid( gid_t egid ); } -183 AUE_SETEUID STD|CAPENABLED { +183 AUE_SETEUID STD|CAT_SETCRED|CAPENABLED { int seteuid( uid_t euid ); @@ -1136,50 +1139,50 @@ 185 AUE_NULL OBSOL lfs_markv 186 AUE_NULL OBSOL lfs_segclean 187 AUE_NULL OBSOL lfs_segwait -188 AUE_STAT COMPAT11 { +188 AUE_STAT COMPAT11|CAT_STAT_PATH { int stat( _In_z_ const char *path, _Out_ _Contains_timet_ struct freebsd11_stat *ub ); } -189 AUE_FSTAT COMPAT11|CAPENABLED { +189 AUE_FSTAT COMPAT11|CAT_GENIO|CAPENABLED { int fstat( int fd, _Out_ _Contains_timet_ struct freebsd11_stat *sb ); } -190 AUE_LSTAT COMPAT11 { +190 AUE_LSTAT COMPAT11|CAT_STAT_PATH { int lstat( _In_z_ const char *path, _Out_ _Contains_timet_ struct freebsd11_stat *ub ); } -191 AUE_PATHCONF STD { +191 AUE_PATHCONF STD|CAT_PATH { int pathconf( _In_z_ const char *path, int name ); } -192 AUE_FPATHCONF STD|CAPENABLED { +192 AUE_FPATHCONF STD|CAT_GENIO|CAPENABLED { int fpathconf( int fd, int name ); } 193 AUE_NULL RESERVED -194 AUE_GETRLIMIT STD|CAPENABLED { +194 AUE_GETRLIMIT STD|CAT_GETRLIMIT|CAPENABLED { int getrlimit( u_int which, _Out_ struct rlimit *rlp ); } -195 AUE_SETRLIMIT STD|CAPENABLED { +195 AUE_SETRLIMIT STD|CAT_SETRLIMIT|CAPENABLED { int setrlimit( u_int which, _In_ struct rlimit *rlp ); } -196 AUE_GETDIRENTRIES COMPAT11|CAPENABLED { +196 AUE_GETDIRENTRIES COMPAT11|CAT_READ_PATH|CAPENABLED { int getdirentries( int fd, _Out_writes_bytes_(count) char *buf, @@ -1187,7 +1190,7 @@ _Out_ long *basep ); } -197 AUE_MMAP COMPAT6|CAPENABLED { +197 AUE_MMAP COMPAT6|CAT_MMAN|CAPENABLED { void *mmap( _In_ void *addr, size_t len, @@ -1204,7 +1207,7 @@ ... ); } -199 AUE_LSEEK COMPAT6|CAPENABLED { +199 AUE_LSEEK COMPAT6|CAT_GENIO|CAPENABLED { off_t lseek( int fd, int pad, @@ -1212,21 +1215,21 @@ int whence ); } -200 AUE_TRUNCATE COMPAT6 { +200 AUE_TRUNCATE COMPAT6|CAT_WRITE_PATH { int truncate( _In_z_ const char *path, int pad, off_t length ); } -201 AUE_FTRUNCATE COMPAT6|CAPENABLED { +201 AUE_FTRUNCATE COMPAT6|CAT_GENIO|CAPENABLED { int ftruncate( int fd, int pad, off_t length ); } -202 AUE_SYSCTL STD|CAPENABLED { +202 AUE_SYSCTL STD|CAT_SYSINFO|CAPENABLED { int __sysctl( _In_reads_(namelen) int *name, u_int namelen, @@ -1236,36 +1239,36 @@ size_t newlen ); } -203 AUE_MLOCK STD|CAPENABLED { +203 AUE_MLOCK STD|CAT_MLOCK|CAPENABLED { int mlock( _In_ const void *addr, size_t len ); } -204 AUE_MUNLOCK STD|CAPENABLED { +204 AUE_MUNLOCK STD|CAT_MLOCK|CAPENABLED { int munlock( _In_ const void *addr, size_t len ); } -205 AUE_UNDELETE STD { +205 AUE_UNDELETE STD|CAT_CREATE_PATH { int undelete( _In_z_ const char *path ); } -206 AUE_FUTIMES STD|CAPENABLED { +206 AUE_FUTIMES STD|CAT_FATTR|CAPENABLED { int futimes( int fd, _In_reads_(2) _Contains_long_timet_ const struct timeval *tptr ); } -207 AUE_GETPGID STD|CAPENABLED { +207 AUE_GETPGID STD|CAT_STATUS|CAPENABLED { int getpgid( pid_t pid ); } 208 AUE_NULL RESERVED -209 AUE_POLL STD|CAPENABLED { +209 AUE_POLL STD|CAT_POLL|CAPENABLED { int poll( _Inout_updates_(nfds) struct pollfd *fds, u_int nfds, @@ -1286,7 +1289,7 @@ 218 AUE_NULL NODEF|NOTSTATIC lkmnosys lkmnosys nosys_args int 219 AUE_NULL NODEF|NOTSTATIC lkmnosys lkmnosys nosys_args int -220 AUE_SEMCTL COMPAT7|NOSTD { +220 AUE_SEMCTL COMPAT7|NOSTD|CAT_SYSVSEM { int __semctl( int semid, int semnum, @@ -1294,14 +1297,14 @@ _Contains_ptr_ union semun_old *arg ); } -221 AUE_SEMGET NOSTD { +221 AUE_SEMGET NOSTD|CAT_SYSVSEM { int semget( key_t key, int nsems, int semflg ); } -222 AUE_SEMOP NOSTD { +222 AUE_SEMOP NOSTD|CAT_SYSVSEM { int semop( int semid, _In_reads_(nsops) struct sembuf *sops, @@ -1309,20 +1312,20 @@ ); } 223 AUE_NULL OBSOL semconfig -224 AUE_MSGCTL COMPAT7|NOSTD { +224 AUE_MSGCTL COMPAT7|NOSTD|CAT_SYSVMSG { int msgctl( int msqid, int cmd, _Contains_long_ptr_timet_ struct msqid_ds_old *buf ); } -225 AUE_MSGGET NOSTD { +225 AUE_MSGGET NOSTD|CAT_SYSVMSG { int msgget( key_t key, int msgflg ); } -226 AUE_MSGSND NOSTD { +226 AUE_MSGSND NOSTD|CAT_SYSVMSG { int msgsnd( int msqid, _In_reads_bytes_(msgsz) _Contains_long_ const void *msgp, @@ -1330,7 +1333,7 @@ int msgflg ); } -227 AUE_MSGRCV NOSTD { +227 AUE_MSGRCV NOSTD|CAT_SYSVMSG { ssize_t msgrcv( int msqid, _Out_writes_bytes_(msgsz) _Contains_long_ void *msgp, @@ -1339,63 +1342,63 @@ int msgflg ); } -228 AUE_SHMAT NOSTD { +228 AUE_SHMAT NOSTD|CAT_SYSVSHM { void *shmat( int shmid, _In_ const void *shmaddr, int shmflg ); } -229 AUE_SHMCTL COMPAT7|NOSTD { +229 AUE_SHMCTL COMPAT7|NOSTD|CAT_SYSVSHM { int shmctl( int shmid, int cmd, _Inout_opt_ _Contains_long_ struct shmid_ds_old *buf ); } -230 AUE_SHMDT NOSTD { +230 AUE_SHMDT NOSTD|CAT_SYSVSHM { int shmdt( _In_ const void *shmaddr ); } -231 AUE_SHMGET NOSTD { +231 AUE_SHMGET NOSTD|CAT_SYSVSHM { int shmget( key_t key, size_t size, int shmflg ); } -232 AUE_NULL STD|CAPENABLED { +232 AUE_NULL STD|CAT_CLOCK|CAPENABLED { int clock_gettime( clockid_t clock_id, _Out_ _Contains_long_timet_ struct timespec *tp ); } -233 AUE_CLOCK_SETTIME STD { +233 AUE_CLOCK_SETTIME STD|CAT_SETTIME { int clock_settime( clockid_t clock_id, _In_ _Contains_long_timet_ const struct timespec *tp ); } -234 AUE_NULL STD|CAPENABLED { +234 AUE_NULL STD|CAT_CLOCK|CAPENABLED { int clock_getres( clockid_t clock_id, _Out_ _Contains_long_timet_ struct timespec *tp ); } -235 AUE_NULL STD|CAPENABLED { +235 AUE_NULL STD|CAT_TIMER|CAPENABLED { int ktimer_create( clockid_t clock_id, _In_ _Contains_long_ptr_ struct sigevent *evp, _Out_ int *timerid ); } -236 AUE_NULL STD|CAPENABLED { +236 AUE_NULL STD|CAT_TIMER|CAPENABLED { int ktimer_delete( int timerid ); } -237 AUE_NULL STD|CAPENABLED { +237 AUE_NULL STD|CAT_TIMER|CAPENABLED { int ktimer_settime( int timerid, int flags, @@ -1403,39 +1406,39 @@ _Out_opt_ _Contains_long_timet_ struct itimerspec *ovalue ); } -238 AUE_NULL STD|CAPENABLED { +238 AUE_NULL STD|CAT_TIMER|CAPENABLED { int ktimer_gettime( int timerid, _Out_ _Contains_long_timet_ struct itimerspec *value ); } -239 AUE_NULL STD|CAPENABLED { +239 AUE_NULL STD|CAT_TIMER|CAPENABLED { int ktimer_getoverrun( int timerid ); } -240 AUE_NULL STD|CAPENABLED { +240 AUE_NULL STD|CAT_CORE|CAPENABLED { int nanosleep( _In_ _Contains_long_timet_ const struct timespec *rqtp, _Out_opt_ _Contains_long_timet_ struct timespec *rmtp ); } -241 AUE_NULL STD { +241 AUE_NULL STD|CAT_FFCLOCK { int ffclock_getcounter( _Out_ ffcounter *ffcount ); } -242 AUE_NULL STD { +242 AUE_NULL STD|CAT_FFCLOCK { int ffclock_setestimate( _In_ _Contains_timet_ struct ffclock_estimate *cest ); } -243 AUE_NULL STD { +243 AUE_NULL STD|CAT_FFCLOCK { int ffclock_getestimate( _Out_ _Contains_timet_ struct ffclock_estimate *cest ); } -244 AUE_NULL STD { +244 AUE_NULL STD|CAT_CLOCK { int clock_nanosleep( clockid_t clock_id, int flags, @@ -1444,53 +1447,53 @@ ); } 245-246 AUE_NULL RESERVED -247 AUE_NULL STD { +247 AUE_NULL STD|CAT_CLOCK { int clock_getcpuclockid2( id_t id, int which, _Out_ clockid_t *clock_id ); } -248 AUE_NULL STD|CAPENABLED { +248 AUE_NULL STD|CAT_SETTIME|CAPENABLED { int ntp_gettime( _Out_ _Contains_long_timet_ struct ntptimeval *ntvp ); } 249 AUE_NULL RESERVED -250 AUE_MINHERIT STD|CAPENABLED { +250 AUE_MINHERIT STD|CAT_MMAN|CAPENABLED { int minherit( _In_ void *addr, size_t len, int inherit ); } -251 AUE_RFORK STD { +251 AUE_RFORK STD|CAT_RFORK_ { int rfork( int flags ); } 252 AUE_POLL OBSOL openbsd_poll -253 AUE_ISSETUGID STD|CAPENABLED { +253 AUE_ISSETUGID STD|CAT_CORE|CAPENABLED { int issetugid(void); } -254 AUE_LCHOWN STD { +254 AUE_LCHOWN STD|CAT_FATTR_PATH { int lchown( _In_z_ const char *path, int uid, int gid ); } -255 AUE_AIO_READ STD|CAPENABLED { +255 AUE_AIO_READ STD|CAT_AIO|CAPENABLED { int aio_read( _Inout_ _Contains_long_ptr_ struct aiocb *aiocbp ); } -256 AUE_AIO_WRITE STD|CAPENABLED { +256 AUE_AIO_WRITE STD|CAT_AIO|CAPENABLED { int aio_write( _Inout_ _Contains_long_ptr_ struct aiocb *aiocbp ); } -257 AUE_LIO_LISTIO STD|CAPENABLED { +257 AUE_LIO_LISTIO STD|CAT_AIO|CAPENABLED { int lio_listio( int mode, _Inout_updates_(nent) _Contains_long_ptr_ struct aiocb * const *acb_list, @@ -1499,7 +1502,7 @@ ); } 258-271 AUE_NULL RESERVED -272 AUE_O_GETDENTS COMPAT11|CAPENABLED { +272 AUE_O_GETDENTS COMPAT11|CAT_READ_PATH|CAPENABLED { int getdents( int fd, _Out_writes_bytes_(count) char *buf, @@ -1507,40 +1510,40 @@ ); } 273 AUE_NULL RESERVED -274 AUE_LCHMOD STD { +274 AUE_LCHMOD STD|CAT_FATTR_PATH { int lchmod( _In_z_ const char *path, mode_t mode ); } 275 AUE_NULL OBSOL netbsd_lchown -276 AUE_LUTIMES STD { +276 AUE_LUTIMES STD|CAT_FATTR_PATH { int lutimes( _In_z_ const char *path, _In_ _Contains_long_timet_ const struct timeval *tptr ); } 277 AUE_NULL OBSOL netbsd_msync -278 AUE_STAT COMPAT11 { +278 AUE_STAT COMPAT11|CAT_STAT_PATH { int nstat( _In_z_ const char *path, _Out_ _Contains_long_timet_ struct nstat *ub ); } -279 AUE_FSTAT COMPAT11 { +279 AUE_FSTAT COMPAT11|CAT_GENIO { int nfstat( int fd, _Out_ _Contains_long_timet_ struct nstat *sb ); } -280 AUE_LSTAT COMPAT11 { +280 AUE_LSTAT COMPAT11|CAT_STAT_PATH { int nlstat( _In_z_ const char *path, _Out_ _Contains_long_timet_ struct nstat *ub ); } 281-288 AUE_NULL RESERVED -289 AUE_PREADV STD|CAPENABLED { +289 AUE_PREADV STD|CAT_GENIO|CAPENABLED { ssize_t preadv( int fd, _In_reads_(iovcnt) _Contains_long_ptr_ struct iovec *iovp, @@ -1548,7 +1551,7 @@ off_t offset ); } -290 AUE_PWRITEV STD|CAPENABLED { +290 AUE_PWRITEV STD|CAT_GENIO|CAPENABLED { ssize_t pwritev( int fd, _In_reads_(iovcnt) _Contains_long_ptr_ struct iovec *iovp, @@ -1557,89 +1560,89 @@ ); } 291-296 AUE_NULL RESERVED -297 AUE_FHSTATFS COMPAT4 { +297 AUE_FHSTATFS COMPAT4|CAT_FH { int fhstatfs( _In_ const struct fhandle *u_fhp, _Out_ _Contains_long_ struct ostatfs *buf ); } -298 AUE_FHOPEN STD { +298 AUE_FHOPEN STD|CAT_FH { int fhopen( _In_ const struct fhandle *u_fhp, int flags ); } -299 AUE_FHSTAT COMPAT11 { +299 AUE_FHSTAT COMPAT11|CAT_FH { int fhstat( _In_ const struct fhandle *u_fhp, _Out_ _Contains_long_timet_ struct freebsd11_stat *sb ); } -300 AUE_NULL STD { +300 AUE_NULL STD|CAT_KMODSTAT { int modnext( int modid ); } -301 AUE_NULL STD { +301 AUE_NULL STD|CAT_KMODSTAT { int modstat( int modid, _Out_ _Contains_long_ struct module_stat *stat ); } -302 AUE_NULL STD { +302 AUE_NULL STD|CAT_KMODSTAT { int modfnext( int modid ); } -303 AUE_NULL STD { +303 AUE_NULL STD|CAT_KMODSTAT { int modfind( _In_z_ const char *name ); } -304 AUE_MODLOAD STD { +304 AUE_MODLOAD STD|CAT_KMODMGMT { int kldload( _In_z_ const char *file ); } -305 AUE_MODUNLOAD STD { +305 AUE_MODUNLOAD STD|CAT_KMODMGMT { int kldunload( int fileid ); } -306 AUE_NULL STD { +306 AUE_NULL STD|CAT_KMODSTAT { int kldfind( _In_z_ const char *file ); } -307 AUE_NULL STD { +307 AUE_NULL STD|CAT_KMODSTAT { int kldnext( int fileid ); } -308 AUE_NULL STD { +308 AUE_NULL STD|CAT_KMODSTAT { int kldstat( int fileid, _Out_ _Contains_long_ptr_ struct kld_file_stat *stat ); } -309 AUE_NULL STD { +309 AUE_NULL STD|CAT_KMODSTAT { int kldfirstmod( int fileid ); } -310 AUE_GETSID STD|CAPENABLED { +310 AUE_GETSID STD|CAT_STATUS|CAPENABLED { int getsid( pid_t pid ); } -311 AUE_SETRESUID STD|CAPENABLED { +311 AUE_SETRESUID STD|CAT_SETCRED|CAPENABLED { int setresuid( uid_t ruid, uid_t euid, uid_t suid ); } -312 AUE_SETRESGID STD|CAPENABLED { +312 AUE_SETRESGID STD|CAT_SETCRED|CAPENABLED { int setresgid( gid_t rgid, gid_t egid, @@ -1647,40 +1650,40 @@ ); } 313 AUE_NULL OBSOL signanosleep -314 AUE_AIO_RETURN STD|CAPENABLED { +314 AUE_AIO_RETURN STD|CAT_AIO|CAPENABLED { ssize_t aio_return( _Inout_ _Contains_long_ptr_ struct aiocb *aiocbp ); } -315 AUE_AIO_SUSPEND STD|CAPENABLED { +315 AUE_AIO_SUSPEND STD|CAT_AIO|CAPENABLED { int aio_suspend( _Inout_updates_(nent) _Contains_long_ptr_ struct aiocb * const * aiocbp, int nent, _In_opt_ _Contains_long_timet_ const struct timespec *timeout ); } -316 AUE_AIO_CANCEL STD|CAPENABLED { +316 AUE_AIO_CANCEL STD|CAT_AIO|CAPENABLED { int aio_cancel( int fd, _In_opt_ _Contains_long_ptr_ struct aiocb *aiocbp ); } -317 AUE_AIO_ERROR STD|CAPENABLED { +317 AUE_AIO_ERROR STD|CAT_AIO|CAPENABLED { int aio_error( _In_ _Contains_long_ptr_ struct aiocb *aiocbp ); } -318 AUE_AIO_READ COMPAT6|CAPENABLED { +318 AUE_AIO_READ COMPAT6|CAT_AIO|CAPENABLED { int aio_read( _Inout_ _Contains_long_ptr_ struct oaiocb *aiocbp ); } -319 AUE_AIO_WRITE COMPAT6|CAPENABLED { +319 AUE_AIO_WRITE COMPAT6|CAT_AIO|CAPENABLED { int aio_write( _Inout_ _Contains_long_ptr_ struct oaiocb *aiocbp ); } -320 AUE_LIO_LISTIO COMPAT6|CAPENABLED { +320 AUE_LIO_LISTIO COMPAT6|CAT_AIO|CAPENABLED { int lio_listio( int mode, _Inout_updates_(nent) _Contains_long_ptr_ struct oaiocb * const *acb_list, @@ -1688,75 +1691,75 @@ _In_opt_ _Contains_ptr_ struct osigevent *sig ); } -321 AUE_NULL STD|CAPENABLED { +321 AUE_NULL STD|CAT_CORE|CAPENABLED { int yield(void); } 322 AUE_NULL OBSOL thr_sleep 323 AUE_NULL OBSOL thr_wakeup -324 AUE_MLOCKALL STD|CAPENABLED { +324 AUE_MLOCKALL STD|CAT_MLOCK|CAPENABLED { int mlockall( int how ); } -325 AUE_MUNLOCKALL STD|CAPENABLED { +325 AUE_MUNLOCKALL STD|CAT_MLOCK|CAPENABLED { int munlockall(void); } -326 AUE_GETCWD STD { +326 AUE_GETCWD STD|CAT_PATH { int __getcwd( _Out_writes_z_(buflen) char *buf, size_t buflen ); } -327 AUE_NULL STD|CAPENABLED { +327 AUE_NULL STD|CAT_SETSCHED|CAPENABLED { int sched_setparam( pid_t pid, _In_ const struct sched_param *param ); } -328 AUE_NULL STD|CAPENABLED { +328 AUE_NULL STD|CAT_GETSCHED|CAPENABLED { int sched_getparam( pid_t pid, _Out_ struct sched_param *param ); } -329 AUE_NULL STD|CAPENABLED { +329 AUE_NULL STD|CAT_SETSCHED|CAPENABLED { int sched_setscheduler( pid_t pid, int policy, _In_ const struct sched_param *param ); } -330 AUE_NULL STD|CAPENABLED { +330 AUE_NULL STD|CAT_GETSCHED|CAPENABLED { int sched_getscheduler( pid_t pid ); } -331 AUE_NULL STD|CAPENABLED { +331 AUE_NULL STD|CAT_CORE|CAPENABLED { int sched_yield(void); } -332 AUE_NULL STD|CAPENABLED { +332 AUE_NULL STD|CAT_GETSCHED|CAPENABLED { int sched_get_priority_max( int policy ); } -333 AUE_NULL STD|CAPENABLED { +333 AUE_NULL STD|CAT_GETSCHED|CAPENABLED { int sched_get_priority_min( int policy ); } -334 AUE_NULL STD|CAPENABLED { +334 AUE_NULL STD|CAT_GETSCHED|CAPENABLED { int sched_rr_get_interval( pid_t pid, _Out_ _Contains_long_timet_ struct timespec *interval ); } -335 AUE_NULL STD|CAPENABLED { +335 AUE_NULL STD|CAT_CORE|CAPENABLED { int utrace( _In_reads_bytes_(len) const void *addr, size_t len ); } -336 AUE_SENDFILE COMPAT4|CAPENABLED { +336 AUE_SENDFILE COMPAT4|CAT_SENDFILE|CAPENABLED { int sendfile( int fd, int s, @@ -1767,14 +1770,14 @@ int flags ); } -337 AUE_NULL STD { +337 AUE_NULL STD|CAT_KMODSTAT { int kldsym( int fileid, int cmd, _In_ _Contains_long_ptr_ void *data ); } -338 AUE_JAIL STD { +338 AUE_JAIL STD|CAT_JAIL { int jail( _In_ _Contains_ptr_ struct jail *jail ); @@ -1788,103 +1791,103 @@ int a_followSymlinks ); } -340 AUE_SIGPROCMASK STD|CAPENABLED { +340 AUE_SIGPROCMASK STD|CAT_SIGMASK|CAPENABLED { int sigprocmask( int how, _In_opt_ const sigset_t *set, _Out_opt_ sigset_t *oset ); } -341 AUE_SIGSUSPEND STD|CAPENABLED { +341 AUE_SIGSUSPEND STD|CAT_SIGMASK|CAPENABLED { int sigsuspend( _In_ const sigset_t *sigmask ); } -342 AUE_SIGACTION COMPAT4|CAPENABLED { +342 AUE_SIGACTION COMPAT4|CAT_SIGHAND|CAPENABLED { int sigaction( int sig, _In_opt_ _Contains_ptr_ const struct sigaction *act, _Out_opt_ _Contains_ptr_ struct sigaction *oact ); } -343 AUE_SIGPENDING STD|CAPENABLED { +343 AUE_SIGPENDING STD|CAT_SIGWAIT|CAPENABLED { int sigpending( _In_ sigset_t *set ); } -344 AUE_SIGRETURN COMPAT4|CAPENABLED { +344 AUE_SIGRETURN COMPAT4|CAT_CORE|CAPENABLED { int sigreturn( _In_ _Contains_long_ptr_ const struct freebsd4_ucontext *sigcntxp ); } -345 AUE_SIGWAIT STD|CAPENABLED { +345 AUE_SIGWAIT STD|CAT_SIGWAIT|CAPENABLED { int sigtimedwait( _In_ const sigset_t *set, _Out_opt_ _Contains_long_ptr_ struct siginfo *info, _In_opt_ _Contains_long_timet_ const struct timespec *timeout ); } -346 AUE_NULL STD|CAPENABLED { +346 AUE_NULL STD|CAT_SIGWAIT|CAPENABLED { int sigwaitinfo( _In_ const sigset_t *set, _Out_opt_ _Contains_long_ptr_ struct siginfo *info ); } -347 AUE_ACL_GET_FILE STD { +347 AUE_ACL_GET_FILE STD|CAT_GETACL_PATH { int __acl_get_file( _In_z_ const char *path, acl_type_t type, _Out_ struct acl *aclp ); } -348 AUE_ACL_SET_FILE STD { +348 AUE_ACL_SET_FILE STD|CAT_SETACL_PATH { int __acl_set_file( _In_z_ const char *path, acl_type_t type, _In_ struct acl *aclp ); } -349 AUE_ACL_GET_FD STD|CAPENABLED { +349 AUE_ACL_GET_FD STD|CAT_GETACL|CAPENABLED { int __acl_get_fd( int filedes, acl_type_t type, _Out_ struct acl *aclp ); } -350 AUE_ACL_SET_FD STD|CAPENABLED { +350 AUE_ACL_SET_FD STD|CAT_SETACL|CAPENABLED { int __acl_set_fd( int filedes, acl_type_t type, _In_ struct acl *aclp ); } -351 AUE_ACL_DELETE_FILE STD { +351 AUE_ACL_DELETE_FILE STD|CAT_SETACL_PATH { int __acl_delete_file( _In_z_ const char *path, acl_type_t type ); } -352 AUE_ACL_DELETE_FD STD|CAPENABLED { +352 AUE_ACL_DELETE_FD STD|CAT_SETACL|CAPENABLED { int __acl_delete_fd( int filedes, acl_type_t type ); } -353 AUE_ACL_CHECK_FILE STD { +353 AUE_ACL_CHECK_FILE STD|CAT_GETACL_PATH { int __acl_aclcheck_file( _In_z_ const char *path, acl_type_t type, _In_ struct acl *aclp ); } -354 AUE_ACL_CHECK_FD STD|CAPENABLED { +354 AUE_ACL_CHECK_FD STD|CAT_GETACL|CAPENABLED { int __acl_aclcheck_fd( int filedes, acl_type_t type, _In_ struct acl *aclp ); } -355 AUE_EXTATTRCTL STD { +355 AUE_EXTATTRCTL STD|CAT_SYSMGMT { int extattrctl( _In_z_ const char *path, int cmd, @@ -1893,7 +1896,7 @@ _In_z_ const char *attrname ); } -356 AUE_EXTATTR_SET_FILE STD { +356 AUE_EXTATTR_SET_FILE STD|CAT_SETEXTATTR_PATH { ssize_t extattr_set_file( _In_z_ const char *path, int attrnamespace, @@ -1902,7 +1905,7 @@ size_t nbytes ); } -357 AUE_EXTATTR_GET_FILE STD { +357 AUE_EXTATTR_GET_FILE STD|CAT_GETEXTATTR_PATH { ssize_t extattr_get_file( _In_z_ const char *path, int attrnamespace, @@ -1911,37 +1914,37 @@ size_t nbytes ); } -358 AUE_EXTATTR_DELETE_FILE STD { +358 AUE_EXTATTR_DELETE_FILE STD|CAT_SETEXTATTR_PATH { int extattr_delete_file( _In_z_ const char *path, int attrnamespace, _In_z_ const char *attrname ); } -359 AUE_AIO_WAITCOMPLETE STD|CAPENABLED { +359 AUE_AIO_WAITCOMPLETE STD|CAT_AIO|CAPENABLED { ssize_t aio_waitcomplete( _Outptr_result_maybenull_ struct aiocb **aiocbp, _In_opt_ _Contains_long_timet_ struct timespec *timeout ); } -360 AUE_GETRESUID STD|CAPENABLED { +360 AUE_GETRESUID STD|CAT_GETCRED|CAPENABLED { int getresuid( _Out_opt_ uid_t *ruid, _Out_opt_ uid_t *euid, _Out_opt_ uid_t *suid ); } -361 AUE_GETRESGID STD|CAPENABLED { +361 AUE_GETRESGID STD|CAT_GETCRED|CAPENABLED { int getresgid( _Out_opt_ gid_t *rgid, _Out_opt_ gid_t *egid, _Out_opt_ gid_t *sgid ); } -362 AUE_KQUEUE STD|CAPENABLED { +362 AUE_KQUEUE STD|CAT_POLL|CAPENABLED { int kqueue(void); } -363 AUE_KEVENT COMPAT11|CAPENABLED { +363 AUE_KEVENT COMPAT11|CAT_POLL|CAPENABLED { int kevent( int fd, _In_reads_opt_(nchanges) _Contains_ptr_ const struct freebsd11_kevent *changelist, @@ -1958,7 +1961,7 @@ 368 AUE_NULL OBSOL __cap_set_fd 369 AUE_NULL OBSOL __cap_set_file 370 AUE_NULL RESERVED -371 AUE_EXTATTR_SET_FD STD|CAPENABLED { +371 AUE_EXTATTR_SET_FD STD|CAT_SETEXTATTR|CAPENABLED { ssize_t extattr_set_fd( int fd, int attrnamespace, @@ -1967,7 +1970,7 @@ size_t nbytes ); } -372 AUE_EXTATTR_GET_FD STD|CAPENABLED { +372 AUE_EXTATTR_GET_FD STD|CAT_GETEXTATTR|CAPENABLED { ssize_t extattr_get_fd( int fd, int attrnamespace, @@ -1976,20 +1979,20 @@ size_t nbytes ); } -373 AUE_EXTATTR_DELETE_FD STD|CAPENABLED { +373 AUE_EXTATTR_DELETE_FD STD|CAT_SETEXTATTR|CAPENABLED { int extattr_delete_fd( int fd, int attrnamespace, _In_z_ const char *attrname ); } -374 AUE_SETUGID STD { +374 AUE_SETUGID STD|CAT_SETCRED { int __setugid( int flag ); } 375 AUE_NULL OBSOL nfsclnt -376 AUE_EACCESS STD { +376 AUE_EACCESS STD|CAT_PATH { int eaccess( _In_z_ const char *path, int amode @@ -2006,7 +2009,7 @@ long parm6 ); } -378 AUE_NMOUNT STD { +378 AUE_NMOUNT STD|CAT_MOUNT { int nmount( _In_reads_(iovcnt) _Contains_long_ptr_ struct iovec *iovp, unsigned int iovcnt, @@ -2018,41 +2021,41 @@ 381 AUE_NULL OBSOL kse_create 382 AUE_NULL OBSOL kse_thr_interrupt 383 AUE_NULL OBSOL kse_release -384 AUE_NULL STD|CAPENABLED { +384 AUE_NULL STD|CAT_GETMAC_PROC|CAPENABLED { int __mac_get_proc( _In_ _Contains_long_ptr_ struct mac *mac_p ); } -385 AUE_NULL STD|CAPENABLED { +385 AUE_NULL STD|CAT_SETMAC_PROC|CAPENABLED { int __mac_set_proc( _In_ _Contains_long_ptr_ struct mac *mac_p ); } -386 AUE_NULL STD|CAPENABLED { +386 AUE_NULL STD|CAT_GETMAC|CAPENABLED { int __mac_get_fd( int fd, _In_ _Contains_long_ptr_ struct mac *mac_p ); } -387 AUE_NULL STD { +387 AUE_NULL STD|CAT_GETMAC_PATH { int __mac_get_file( _In_z_ const char *path_p, _In_ _Contains_long_ptr_ struct mac *mac_p ); } -388 AUE_NULL STD|CAPENABLED { +388 AUE_NULL STD|CAT_SETMAC|CAPENABLED { int __mac_set_fd( int fd, _In_ _Contains_long_ptr_ struct mac *mac_p ); } -389 AUE_NULL STD { +389 AUE_NULL STD|CAT_SETMAC_PATH { int __mac_set_file( _In_z_ const char *path_p, _In_ _Contains_long_ptr_ struct mac *mac_p ); } -390 AUE_NULL STD { +390 AUE_NULL STD|CAT_KENV { int kenv( int what, _In_z_opt_ const char *name, @@ -2060,19 +2063,19 @@ int len ); } -391 AUE_LCHFLAGS STD { +391 AUE_LCHFLAGS STD|CAT_FATTR_PATH { int lchflags( _In_z_ const char *path, u_long flags ); } -392 AUE_NULL STD|CAPENABLED { +392 AUE_NULL STD|CAT_CORE|CAPENABLED { int uuidgen( _Out_writes_(count) struct uuid *store, int count ); } -393 AUE_SENDFILE STD|CAPENABLED { +393 AUE_SENDFILE STD|CAT_SENDFILE|CAPENABLED { int sendfile( int fd, int s, @@ -2083,66 +2086,66 @@ int flags ); } -394 AUE_NULL STD { +394 AUE_NULL STD|CAT_MAC_SYSCALL { int mac_syscall( _In_z_ const char *policy, int call, _In_opt_ void *arg ); } -395 AUE_GETFSSTAT COMPAT11 { +395 AUE_GETFSSTAT COMPAT11|CAT_GETFSSTAT { int getfsstat( _Out_writes_bytes_opt_(bufsize) struct freebsd11_statfs *buf, long bufsize, int mode ); } -396 AUE_STATFS COMPAT11 { +396 AUE_STATFS COMPAT11|CAT_STATFS_PATH { int statfs( _In_z_ const char *path, _Out_ struct freebsd11_statfs *buf ); } -397 AUE_FSTATFS COMPAT11|CAPENABLED { +397 AUE_FSTATFS COMPAT11|CAT_STATFS|CAPENABLED { int fstatfs( int fd, _Out_ struct freebsd11_statfs *buf ); } -398 AUE_FHSTATFS COMPAT11 { +398 AUE_FHSTATFS COMPAT11|CAT_FH { int fhstatfs( _In_ const struct fhandle *u_fhp, _Out_ struct freebsd11_statfs *buf ); } 399 AUE_NULL RESERVED -400 AUE_SEMCLOSE NOSTD { +400 AUE_SEMCLOSE NOSTD|CAT_POSIXSEM { int ksem_close( semid_t id ); } -401 AUE_SEMPOST NOSTD { +401 AUE_SEMPOST NOSTD|CAT_POSIXSEM { int ksem_post( semid_t id ); } -402 AUE_SEMWAIT NOSTD { +402 AUE_SEMWAIT NOSTD|CAT_POSIXSEM { int ksem_wait( semid_t id ); } -403 AUE_SEMTRYWAIT NOSTD { +403 AUE_SEMTRYWAIT NOSTD|CAT_POSIXSEM { int ksem_trywait( semid_t id ); } -404 AUE_SEMINIT NOSTD { +404 AUE_SEMINIT NOSTD|CAT_POSIXSEM { int ksem_init( _Out_ semid_t *idp, unsigned int value ); } -405 AUE_SEMOPEN NOSTD { +405 AUE_SEMOPEN NOSTD|CAT_POSIXSEM { int ksem_open( _Out_ semid_t *idp, _In_z_ const char *name, @@ -2151,41 +2154,41 @@ unsigned int value ); } -406 AUE_SEMUNLINK NOSTD { +406 AUE_SEMUNLINK NOSTD|CAT_POSIXSEM { int ksem_unlink( _In_z_ const char *name ); } -407 AUE_SEMGETVALUE NOSTD { +407 AUE_SEMGETVALUE NOSTD|CAT_POSIXSEM { int ksem_getvalue( semid_t id, _Out_ int *val ); } -408 AUE_SEMDESTROY NOSTD { +408 AUE_SEMDESTROY NOSTD|CAT_POSIXSEM { int ksem_destroy( semid_t id ); } -409 AUE_NULL STD { +409 AUE_NULL STD|CAT_GETMAC_PROC { int __mac_get_pid( pid_t pid, _In_ _Contains_long_ptr_ struct mac *mac_p ); } -410 AUE_NULL STD { +410 AUE_NULL STD|CAT_GETMAC_PATH { int __mac_get_link( _In_z_ const char *path_p, _In_ _Contains_long_ptr_ struct mac *mac_p ); } -411 AUE_NULL STD { +411 AUE_NULL STD|CAT_SETMAC_PATH { int __mac_set_link( _In_z_ const char *path_p, _In_ _Contains_long_ptr_ struct mac *mac_p ); } -412 AUE_EXTATTR_SET_LINK STD { +412 AUE_EXTATTR_SET_LINK STD|CAT_SETEXTATTR_PATH { ssize_t extattr_set_link( _In_z_ const char *path, int attrnamespace, @@ -2194,7 +2197,7 @@ size_t nbytes ); } -413 AUE_EXTATTR_GET_LINK STD { +413 AUE_EXTATTR_GET_LINK STD|CAT_GETEXTATTR_PATH { ssize_t extattr_get_link( _In_z_ const char *path, int attrnamespace, @@ -2203,14 +2206,14 @@ size_t nbytes ); } -414 AUE_EXTATTR_DELETE_LINK STD { +414 AUE_EXTATTR_DELETE_LINK STD|CAT_SETEXTATTR_PATH { int extattr_delete_link( _In_z_ const char *path, int attrnamespace, _In_z_ const char *attrname ); } -415 AUE_NULL STD { +415 AUE_NULL STD|CAT_MAC_EXEC_PATH { int __mac_execve( _In_z_ const char *fname, _In_ char **argv, @@ -2218,115 +2221,115 @@ _In_ _Contains_long_ptr_ struct mac *mac_p ); } -416 AUE_SIGACTION STD|CAPENABLED { +416 AUE_SIGACTION STD|CAT_SIGHAND|CAPENABLED { int sigaction( int sig, _In_opt_ _Contains_ptr_ const struct sigaction *act, _Out_opt_ _Contains_ptr_ struct sigaction *oact ); } -417 AUE_SIGRETURN STD|CAPENABLED { +417 AUE_SIGRETURN STD|CAT_CORE|CAPENABLED { int sigreturn( _In_ _Contains_long_ptr_ const struct __ucontext *sigcntxp ); } 418-420 AUE_NULL RESERVED -421 AUE_NULL STD|CAPENABLED { +421 AUE_NULL STD|CAT_THREAD|CAPENABLED { int getcontext( _Out_ _Contains_long_ptr_ struct __ucontext *ucp ); } -422 AUE_NULL STD|CAPENABLED { +422 AUE_NULL STD|CAT_THREAD|CAPENABLED { int setcontext( _In_ _Contains_long_ptr_ const struct __ucontext *ucp ); } -423 AUE_NULL STD { +423 AUE_NULL STD|CAT_THREAD { int swapcontext( _Out_ _Contains_long_ptr_ struct __ucontext *oucp, _In_ _Contains_long_ptr_ const struct __ucontext *ucp ); } -424 AUE_SWAPOFF COMPAT13 { +424 AUE_SWAPOFF COMPAT13|CAT_SYSMGMT { int swapoff( _In_z_ const char *name ); } -425 AUE_ACL_GET_LINK STD { +425 AUE_ACL_GET_LINK STD|CAT_GETACL_PATH { int __acl_get_link( _In_z_ const char *path, acl_type_t type, _Out_ struct acl *aclp ); } -426 AUE_ACL_SET_LINK STD { +426 AUE_ACL_SET_LINK STD|CAT_SETACL_PATH { int __acl_set_link( _In_z_ const char *path, acl_type_t type, _In_ struct acl *aclp ); } -427 AUE_ACL_DELETE_LINK STD { +427 AUE_ACL_DELETE_LINK STD|CAT_SETACL_PATH { int __acl_delete_link( _In_z_ const char *path, acl_type_t type ); } -428 AUE_ACL_CHECK_LINK STD { +428 AUE_ACL_CHECK_LINK STD|CAT_GETACL_PATH { int __acl_aclcheck_link( _In_z_ const char *path, acl_type_t type, _In_ struct acl *aclp ); } -429 AUE_SIGWAIT STD|CAPENABLED { +429 AUE_SIGWAIT STD|CAT_SIGWAIT|CAPENABLED { int sigwait( _In_ const sigset_t *set, _Out_ int *sig ); } -430 AUE_THR_CREATE STD|CAPENABLED { +430 AUE_THR_CREATE STD|CAT_THREAD|CAPENABLED { int thr_create( _In_ _Contains_long_ptr_ ucontext_t *ctx, _Out_ long *id, int flags ); } -431 AUE_THR_EXIT STD|CAPENABLED { +431 AUE_THR_EXIT STD|CAT_THREAD|CAPENABLED { void thr_exit( _Out_opt_ long *state ); } -432 AUE_NULL STD|CAPENABLED { +432 AUE_NULL STD|CAT_THREAD_|CAPENABLED { int thr_self( _Out_ long *id ); } -433 AUE_THR_KILL STD|CAPENABLED { +433 AUE_THR_KILL STD|CAT_THREAD_|CAPENABLED { int thr_kill( long id, int sig ); } -434 AUE_NULL COMPAT10 { +434 AUE_NULL COMPAT10|CAT_UMTX { int _umtx_lock( _Inout_ struct umtx *umtx ); } -435 AUE_NULL COMPAT10 { +435 AUE_NULL COMPAT10|CAT_UMTX { int _umtx_unlock( _Inout_ struct umtx *umtx ); } -436 AUE_JAIL_ATTACH STD { +436 AUE_JAIL_ATTACH STD|CAT_JAIL { int jail_attach( int jid ); } -437 AUE_EXTATTR_LIST_FD STD|CAPENABLED { +437 AUE_EXTATTR_LIST_FD STD|CAT_GETEXTATTR|CAPENABLED { ssize_t extattr_list_fd( int fd, int attrnamespace, @@ -2334,7 +2337,7 @@ size_t nbytes ); } -438 AUE_EXTATTR_LIST_FILE STD { +438 AUE_EXTATTR_LIST_FILE STD|CAT_GETEXTATTR_PATH { ssize_t extattr_list_file( _In_z_ const char *path, int attrnamespace, @@ -2342,7 +2345,7 @@ size_t nbytes ); } -439 AUE_EXTATTR_LIST_LINK STD { +439 AUE_EXTATTR_LIST_LINK STD|CAT_GETEXTATTR_PATH { ssize_t extattr_list_link( _In_z_ const char *path, int attrnamespace, @@ -2351,79 +2354,79 @@ ); } 440 AUE_NULL OBSOL kse_switchin -441 AUE_SEMWAIT NOSTD { +441 AUE_SEMWAIT NOSTD|CAT_POSIXSEM { int ksem_timedwait( semid_t id, _In_opt_ _Contains_long_timet_ const struct timespec *abstime ); } -442 AUE_NULL STD|CAPENABLED { +442 AUE_NULL STD|CAT_THREAD|CAPENABLED { int thr_suspend( _In_opt_ _Contains_long_timet_ const struct timespec *timeout ); } -443 AUE_NULL STD|CAPENABLED { +443 AUE_NULL STD|CAT_THREAD|CAPENABLED { int thr_wake( long id ); } -444 AUE_MODUNLOAD STD { +444 AUE_MODUNLOAD STD|CAT_KMODMGMT { int kldunloadf( int fileid, int flags ); } -445 AUE_AUDIT STD { +445 AUE_AUDIT STD|CAT_AUDIT { int audit( _In_reads_bytes_(length) const void *record, u_int length ); } -446 AUE_AUDITON STD { +446 AUE_AUDITON STD|CAT_AUDIT { int auditon( int cmd, _In_opt_ void *data, u_int length ); } -447 AUE_GETAUID STD|CAPENABLED { +447 AUE_GETAUID STD|CAT_AUDIT|CAPENABLED { int getauid( _Out_ uid_t *auid ); } -448 AUE_SETAUID STD|CAPENABLED { +448 AUE_SETAUID STD|CAT_AUDIT|CAPENABLED { int setauid( _In_ uid_t *auid ); } -449 AUE_GETAUDIT STD|CAPENABLED { +449 AUE_GETAUDIT STD|CAT_AUDIT|CAPENABLED { int getaudit( _Out_ struct auditinfo *auditinfo ); } -450 AUE_SETAUDIT STD|CAPENABLED { +450 AUE_SETAUDIT STD|CAT_AUDIT|CAPENABLED { int setaudit( _In_ struct auditinfo *auditinfo ); } -451 AUE_GETAUDIT_ADDR STD|CAPENABLED { +451 AUE_GETAUDIT_ADDR STD|CAT_AUDIT|CAPENABLED { int getaudit_addr( _Out_writes_bytes_(length) struct auditinfo_addr *auditinfo_addr, u_int length ); } -452 AUE_SETAUDIT_ADDR STD|CAPENABLED { +452 AUE_SETAUDIT_ADDR STD|CAT_AUDIT|CAPENABLED { int setaudit_addr( _In_reads_bytes_(length) struct auditinfo_addr *auditinfo_addr, u_int length ); } -453 AUE_AUDITCTL STD { +453 AUE_AUDITCTL STD|CAT_AUDIT { int auditctl( _In_z_ const char *path ); } -454 AUE_NULL STD|CAPENABLED { +454 AUE_NULL STD|CAT_UMTX|CAPENABLED { int _umtx_op( _Inout_ void *obj, int op, @@ -2432,13 +2435,13 @@ _In_ void *uaddr2 ); } -455 AUE_THR_NEW STD|CAPENABLED { +455 AUE_THR_NEW STD|CAT_THREAD|CAPENABLED { int thr_new( _In_ _Contains_long_ptr_ struct thr_param *param, int param_size ); } -456 AUE_NULL STD|CAPENABLED { +456 AUE_NULL STD|CAT_SIGSEND|CAPENABLED { int sigqueue( pid_t pid, int signum, @@ -2446,7 +2449,7 @@ ); } -457 AUE_MQ_OPEN NOSTD { +457 AUE_MQ_OPEN NOSTD|CAT_POSIXMSG { int kmq_open( _In_z_ const char *path, int flags, @@ -2454,14 +2457,14 @@ _In_opt_ _Contains_long_ const struct mq_attr *attr ); } -458 AUE_MQ_SETATTR NOSTD|CAPENABLED { +458 AUE_MQ_SETATTR NOSTD|CAT_POSIXMSG|CAPENABLED { int kmq_setattr( int mqd, _In_opt_ _Contains_long_ const struct mq_attr *attr, _Out_opt_ _Contains_long_ struct mq_attr *oattr ); } -459 AUE_MQ_TIMEDRECEIVE NOSTD|CAPENABLED { +459 AUE_MQ_TIMEDRECEIVE NOSTD|CAT_POSIXMSG|CAPENABLED { int kmq_timedreceive( int mqd, _Out_writes_bytes_(msg_len) char *msg_ptr, @@ -2470,7 +2473,7 @@ _In_opt_ _Contains_long_timet_ const struct timespec *abs_timeout ); } -460 AUE_MQ_TIMEDSEND NOSTD|CAPENABLED { +460 AUE_MQ_TIMEDSEND NOSTD|CAT_POSIXMSG|CAPENABLED { int kmq_timedsend( int mqd, _In_reads_bytes_(msg_len) const char *msg_ptr, @@ -2479,37 +2482,37 @@ _In_opt_ _Contains_long_timet_ const struct timespec *abs_timeout ); } -461 AUE_MQ_NOTIFY NOSTD|CAPENABLED { +461 AUE_MQ_NOTIFY NOSTD|CAT_POSIXMSG|CAPENABLED { int kmq_notify( int mqd, _In_opt_ _Contains_long_ptr_ const struct sigevent *sigev ); } -462 AUE_MQ_UNLINK NOSTD { +462 AUE_MQ_UNLINK NOSTD|CAT_POSIXMSG { int kmq_unlink( _In_z_ const char *path ); } -463 AUE_NULL STD|CAPENABLED { +463 AUE_NULL STD|CAT_EXIT|CAPENABLED { void abort2( _In_z_ const char *why, int nargs, _In_reads_(nargs) void **args ); } -464 AUE_NULL STD|CAPENABLED { +464 AUE_NULL STD|CAT_THREAD|CAPENABLED { int thr_set_name( long id, _In_z_ const char *name ); } -465 AUE_AIO_FSYNC STD|CAPENABLED { +465 AUE_AIO_FSYNC STD|CAT_AIO|CAPENABLED { int aio_fsync( int op, _In_ _Contains_long_ptr_ struct aiocb *aiocbp ); } -466 AUE_RTPRIO STD|CAPENABLED { +466 AUE_RTPRIO STD|CAT_SCHED_|CAPENABLED { int rtprio_thread( int function, lwpid_t lwpid, @@ -2517,13 +2520,13 @@ ); } 467-470 AUE_NULL RESERVED -471 AUE_SCTP_PEELOFF NOSTD|CAPENABLED { +471 AUE_SCTP_PEELOFF NOSTD|CAT_SOCK|CAPENABLED { int sctp_peeloff( int sd, uint32_t name ); } -472 AUE_SCTP_GENERIC_SENDMSG NOSTD|CAPENABLED { +472 AUE_SCTP_GENERIC_SENDMSG NOSTD|CAT_SOCKIO|CAPENABLED { int sctp_generic_sendmsg( int sd, _In_reads_bytes_(mlen) void *msg, @@ -2534,7 +2537,7 @@ int flags ); } -473 AUE_SCTP_GENERIC_SENDMSG_IOV NOSTD|CAPENABLED { +473 AUE_SCTP_GENERIC_SENDMSG_IOV NOSTD|CAT_SOCKIO|CAPENABLED { int sctp_generic_sendmsg_iov( int sd, _In_reads_(iovlen) _Contains_long_ptr_ struct iovec *iov, @@ -2545,7 +2548,7 @@ int flags ); } -474 AUE_SCTP_GENERIC_RECVMSG NOSTD|CAPENABLED { +474 AUE_SCTP_GENERIC_RECVMSG NOSTD|CAT_SOCKIO|CAPENABLED { int sctp_generic_recvmsg( int sd, _In_reads_(iovlen) _Contains_long_ptr_ struct iovec *iov, @@ -2556,7 +2559,7 @@ _Out_opt_ int *msg_flags ); } -475 AUE_PREAD STD|CAPENABLED { +475 AUE_PREAD STD|CAT_GENIO|CAPENABLED { ssize_t pread( int fd, _Out_writes_bytes_(nbyte) void *buf, @@ -2564,7 +2567,7 @@ off_t offset ); } -476 AUE_PWRITE STD|CAPENABLED { +476 AUE_PWRITE STD|CAT_GENIO|CAPENABLED { ssize_t pwrite( int fd, _In_reads_bytes_(nbyte) const void *buf, @@ -2572,7 +2575,7 @@ off_t offset ); } -477 AUE_MMAP STD|CAPENABLED { +477 AUE_MMAP STD|CAT_MMAN|CAPENABLED { void *mmap( _In_ void *addr, size_t len, @@ -2582,57 +2585,57 @@ off_t pos ); } -478 AUE_LSEEK STD|CAPENABLED { +478 AUE_LSEEK STD|CAT_GENIO|CAPENABLED { off_t lseek( int fd, off_t offset, int whence ); } -479 AUE_TRUNCATE STD { +479 AUE_TRUNCATE STD|CAT_WRITE_PATH { int truncate( _In_z_ const char *path, off_t length ); } -480 AUE_FTRUNCATE STD|CAPENABLED { +480 AUE_FTRUNCATE STD|CAT_GENIO|CAPENABLED { int ftruncate( int fd, off_t length ); } -481 AUE_THR_KILL2 STD { +481 AUE_THR_KILL2 STD|CAT_THREAD { int thr_kill2( pid_t pid, long id, int sig ); } -482 AUE_SHMOPEN COMPAT12|CAPENABLED { +482 AUE_SHMOPEN COMPAT12|CAT_POSIXSHM_|CAPENABLED { int shm_open( _In_z_ const char *path, int flags, mode_t mode ); } -483 AUE_SHMUNLINK STD { +483 AUE_SHMUNLINK STD|CAT_POSIXSHM { int shm_unlink( _In_z_ const char *path ); } -484 AUE_NULL STD { +484 AUE_NULL STD|CAT_CPUSET { int cpuset( _Out_ cpusetid_t *setid ); } -485 AUE_NULL STD { +485 AUE_NULL STD|CAT_CPUSET { int cpuset_setid( cpuwhich_t which, id_t id, cpusetid_t setid ); } -486 AUE_NULL STD { +486 AUE_NULL STD|CAT_CPUSET { int cpuset_getid( cpulevel_t level, cpuwhich_t which, @@ -2640,7 +2643,7 @@ _Out_ cpusetid_t *setid ); } -487 AUE_NULL STD|CAPENABLED { +487 AUE_NULL STD|CAT_GETCPUSET_|CAPENABLED { int cpuset_getaffinity( cpulevel_t level, cpuwhich_t which, @@ -2649,7 +2652,7 @@ _Out_ cpuset_t *mask ); } -488 AUE_NULL STD|CAPENABLED { +488 AUE_NULL STD|CAT_SETCPUSET_|CAPENABLED { int cpuset_setaffinity( cpulevel_t level, cpuwhich_t which, @@ -2658,7 +2661,7 @@ _Out_ const cpuset_t *mask ); } -489 AUE_FACCESSAT STD|CAPENABLED { +489 AUE_FACCESSAT STD|CAT_PATH|CAPENABLED { int faccessat( int fd, _In_z_ const char *path, @@ -2666,7 +2669,7 @@ int flag ); } -490 AUE_FCHMODAT STD|CAPENABLED { +490 AUE_FCHMODAT STD|CAT_FATTR_PATH|CAPENABLED { int fchmodat( int fd, _In_z_ const char *path, @@ -2674,7 +2677,7 @@ int flag ); } -491 AUE_FCHOWNAT STD|CAPENABLED { +491 AUE_FCHOWNAT STD|CAT_FATTR_PATH|CAPENABLED { int fchownat( int fd, _In_z_ const char *path, @@ -2683,14 +2686,14 @@ int flag ); } -492 AUE_FEXECVE STD|CAPENABLED { +492 AUE_FEXECVE STD|CAT_EXEC|CAPENABLED { int fexecve( int fd, _In_ char **argv, _In_ char **envv ); } -493 AUE_FSTATAT COMPAT11|CAPENABLED { +493 AUE_FSTATAT COMPAT11|CAT_STAT_PATH|CAPENABLED { int fstatat( int fd, _In_z_ const char *path, @@ -2698,14 +2701,14 @@ int flag ); } -494 AUE_FUTIMESAT STD|CAPENABLED { +494 AUE_FUTIMESAT STD|CAT_FATTR_PATH|CAPENABLED { int futimesat( int fd, _In_z_ const char *path, _In_reads_(2) _Contains_long_timet_ const struct timeval *times ); } -495 AUE_LINKAT STD|CAPENABLED { +495 AUE_LINKAT STD|CAT_CREATE_PATH|CAPENABLED { int linkat( int fd1, _In_z_ const char *path1, @@ -2714,21 +2717,21 @@ int flag ); } -496 AUE_MKDIRAT STD|CAPENABLED { +496 AUE_MKDIRAT STD|CAT_CREATE_PATH|CAPENABLED { int mkdirat( int fd, _In_z_ const char *path, mode_t mode ); } -497 AUE_MKFIFOAT STD|CAPENABLED { +497 AUE_MKFIFOAT STD|CAT_CREATE_PATH|CAPENABLED { int mkfifoat( int fd, _In_z_ const char *path, mode_t mode ); } -498 AUE_MKNODAT COMPAT11|CAPENABLED { +498 AUE_MKNODAT COMPAT11|CAT_CREATE_PATH|CAPENABLED { int mknodat( int fd, _In_z_ const char *path, @@ -2737,7 +2740,7 @@ ); } ; XXX: see the comment for open -499 AUE_OPENAT_RWTC STD|CAPENABLED { +499 AUE_OPENAT_RWTC STD|CAT_PATH|CAPENABLED { int openat( int fd, _In_z_ const char *path, @@ -2745,7 +2748,7 @@ mode_t mode ); } -500 AUE_READLINKAT STD|CAPENABLED { +500 AUE_READLINKAT STD|CAT_READ_PATH|CAPENABLED { ssize_t readlinkat( int fd, _In_z_ const char *path, @@ -2753,7 +2756,7 @@ size_t bufsize ); } -501 AUE_RENAMEAT STD|CAPENABLED { +501 AUE_RENAMEAT STD|CAT_RENAME_PATH|CAPENABLED { int renameat( int oldfd, _In_z_ const char *old, @@ -2761,21 +2764,21 @@ _In_z_ const char *new ); } -502 AUE_SYMLINKAT STD|CAPENABLED { +502 AUE_SYMLINKAT STD|CAT_CREATE_PATH|CAPENABLED { int symlinkat( _In_z_ const char *path1, int fd, _In_z_ const char *path2 ); } -503 AUE_UNLINKAT STD|CAPENABLED { +503 AUE_UNLINKAT STD|CAT_DELETE_PATH|CAPENABLED { int unlinkat( int fd, _In_z_ const char *path, int flag ); } -504 AUE_POSIX_OPENPT STD { +504 AUE_POSIX_OPENPT STD|CAT_TTYMGMT { int posix_openpt( int flags ); @@ -2786,31 +2789,31 @@ _In_z_ const char *path ); } -506 AUE_JAIL_GET STD { +506 AUE_JAIL_GET STD|CAT_JAIL { int jail_get( _In_reads_(iovcnt) _Contains_long_ptr_ struct iovec *iovp, unsigned int iovcnt, int flags ); } -507 AUE_JAIL_SET STD { +507 AUE_JAIL_SET STD|CAT_JAIL { int jail_set( _In_reads_(iovcnt) _Contains_long_ptr_ struct iovec *iovp, unsigned int iovcnt, int flags ); } -508 AUE_JAIL_REMOVE STD { +508 AUE_JAIL_REMOVE STD|CAT_JAIL { int jail_remove( int jid ); } -509 AUE_CLOSEFROM COMPAT12|CAPENABLED { +509 AUE_CLOSEFROM COMPAT12|CAT_FDESC|CAPENABLED { int closefrom( int lowfd ); } -510 AUE_SEMCTL NOSTD { +510 AUE_SEMCTL NOSTD|CAT_SYSVSEM { int __semctl( int semid, int semnum, @@ -2818,62 +2821,62 @@ _Inout_ _Contains_ptr_ union semun *arg ); } -511 AUE_MSGCTL NOSTD { +511 AUE_MSGCTL NOSTD|CAT_SYSVMSG { int msgctl( int msqid, int cmd, _Inout_opt_ _Contains_long_ptr_ struct msqid_ds *buf ); } -512 AUE_SHMCTL NOSTD { +512 AUE_SHMCTL NOSTD|CAT_SYSVSHM { int shmctl( int shmid, int cmd, _Inout_opt_ _Contains_long_ struct shmid_ds *buf ); } -513 AUE_LPATHCONF STD { +513 AUE_LPATHCONF STD|CAT_PATH { int lpathconf( _In_z_ const char *path, int name ); } 514 AUE_NULL OBSOL cap_new -515 AUE_CAP_RIGHTS_GET STD|CAPENABLED { +515 AUE_CAP_RIGHTS_GET STD|CAT_CAPSICUM|CAPENABLED { int __cap_rights_get( int version, int fd, _Out_ cap_rights_t *rightsp ); } -516 AUE_CAP_ENTER STD|CAPENABLED { +516 AUE_CAP_ENTER STD|CAT_CAPSICUM|CAPENABLED { int cap_enter(void); } -517 AUE_CAP_GETMODE STD|CAPENABLED { +517 AUE_CAP_GETMODE STD|CAT_CAPSICUM|CAPENABLED { int cap_getmode( _Out_ u_int *modep ); } -518 AUE_PDFORK STD|CAPENABLED { +518 AUE_PDFORK STD|CAT_FORK|CAPENABLED { int pdfork( _Out_ int *fdp, int flags ); } -519 AUE_PDKILL STD|CAPENABLED { +519 AUE_PDKILL STD|CAT_SIGSEND|CAPENABLED { int pdkill( int fd, int signum ); } -520 AUE_PDGETPID STD|CAPENABLED { +520 AUE_PDGETPID STD|CAT_WAIT|CAPENABLED { int pdgetpid( int fd, _Out_ pid_t *pidp ); } 521 AUE_NULL RESERVED -522 AUE_SELECT STD|CAPENABLED { +522 AUE_SELECT STD|CAT_POLL|CAPENABLED { int pselect( int nd, _Inout_opt_ fd_set *in, @@ -2883,18 +2886,18 @@ _In_opt_ const sigset_t *sm ); } -523 AUE_GETLOGINCLASS STD|CAPENABLED { +523 AUE_GETLOGINCLASS STD|CAT_GETCRED|CAPENABLED { int getloginclass( _Out_writes_z_(namelen) char *namebuf, size_t namelen ); } -524 AUE_SETLOGINCLASS STD { +524 AUE_SETLOGINCLASS STD|CAT_SETCRED { int setloginclass( _In_z_ const char *namebuf ); } -525 AUE_NULL STD { +525 AUE_NULL STD|CAT_SYSMGMT { int rctl_get_racct( _In_reads_bytes_(inbuflen) const void *inbufp, size_t inbuflen, @@ -2902,7 +2905,7 @@ size_t outbuflen ); } -526 AUE_NULL STD { +526 AUE_NULL STD|CAT_SYSMGMT { int rctl_get_rules( _In_reads_bytes_(inbuflen) const void *inbufp, size_t inbuflen, @@ -2910,7 +2913,7 @@ size_t outbuflen ); } -527 AUE_NULL STD { +527 AUE_NULL STD|CAT_SYSMGMT { int rctl_get_limits( _In_reads_bytes_(inbuflen) const void *inbufp, size_t inbuflen, @@ -2918,7 +2921,7 @@ size_t outbuflen ); } -528 AUE_NULL STD { +528 AUE_NULL STD|CAT_SYSMGMT { int rctl_add_rule( _In_reads_bytes_(inbuflen) const void *inbufp, size_t inbuflen, @@ -2926,7 +2929,7 @@ size_t outbuflen ); } -529 AUE_NULL STD { +529 AUE_NULL STD|CAT_SYSMGMT { int rctl_remove_rule( _In_reads_bytes_(inbuflen) const void *inbufp, size_t inbuflen, @@ -2934,14 +2937,14 @@ size_t outbuflen ); } -530 AUE_POSIX_FALLOCATE STD|CAPENABLED { +530 AUE_POSIX_FALLOCATE STD|CAT_GENIO|CAPENABLED { int posix_fallocate( int fd, off_t offset, off_t len ); } -531 AUE_POSIX_FADVISE STD|CAPENABLED { +531 AUE_POSIX_FADVISE STD|CAT_GENIO|CAPENABLED { int posix_fadvise( int fd, off_t offset, @@ -2949,7 +2952,7 @@ int advice ); } -532 AUE_WAIT6 STD { +532 AUE_WAIT6 STD|CAT_WAIT { int wait6( idtype_t idtype, id_t id, @@ -2959,39 +2962,39 @@ _Out_opt_ _Contains_long_ptr_ struct siginfo *info ); } -533 AUE_CAP_RIGHTS_LIMIT STD|CAPENABLED { +533 AUE_CAP_RIGHTS_LIMIT STD|CAT_CAPSICUM|CAPENABLED { int cap_rights_limit( int fd, _In_ cap_rights_t *rightsp ); } -534 AUE_CAP_IOCTLS_LIMIT STD|CAPENABLED { +534 AUE_CAP_IOCTLS_LIMIT STD|CAT_CAPSICUM|CAPENABLED { int cap_ioctls_limit( int fd, _In_reads_(ncmds) const u_long *cmds, size_t ncmds ); } -535 AUE_CAP_IOCTLS_GET STD|CAPENABLED { +535 AUE_CAP_IOCTLS_GET STD|CAT_CAPSICUM|CAPENABLED { ssize_t cap_ioctls_get( int fd, _Out_writes_(maxcmds) u_long *cmds, size_t maxcmds ); } -536 AUE_CAP_FCNTLS_LIMIT STD|CAPENABLED { +536 AUE_CAP_FCNTLS_LIMIT STD|CAT_CAPSICUM|CAPENABLED { int cap_fcntls_limit( int fd, uint32_t fcntlrights ); } -537 AUE_CAP_FCNTLS_GET STD|CAPENABLED { +537 AUE_CAP_FCNTLS_GET STD|CAT_CAPSICUM|CAPENABLED { int cap_fcntls_get( int fd, _Out_ uint32_t *fcntlrightsp ); } -538 AUE_BINDAT STD|CAPENABLED { +538 AUE_BINDAT STD|CAT_SOCK|CAPENABLED { int bindat( int fd, int s, @@ -2999,7 +3002,7 @@ __socklen_t namelen ); } -539 AUE_CONNECTAT STD|CAPENABLED { +539 AUE_CONNECTAT STD|CAT_SOCK|CAPENABLED { int connectat( int fd, int s, @@ -3007,7 +3010,7 @@ __socklen_t namelen ); } -540 AUE_CHFLAGSAT STD|CAPENABLED { +540 AUE_CHFLAGSAT STD|CAT_FATTR_PATH|CAPENABLED { int chflagsat( int fd, _In_z_ const char *path, @@ -3015,7 +3018,7 @@ int atflag ); } -541 AUE_ACCEPT STD|CAPENABLED { +541 AUE_ACCEPT STD|CAT_SOCK|CAPENABLED { int accept4( int s, _Out_writes_bytes_opt_(*anamelen) struct sockaddr *name, @@ -3023,18 +3026,18 @@ int flags ); } -542 AUE_PIPE STD|CAPENABLED { +542 AUE_PIPE STD|CAT_PIPE|CAPENABLED { int pipe2( _Out_writes_(2) int *fildes, int flags ); } -543 AUE_AIO_MLOCK STD { +543 AUE_AIO_MLOCK STD|CAT_AIO_MLOCK { int aio_mlock( _In_ _Contains_long_ptr_ struct aiocb *aiocbp ); } -544 AUE_PROCCTL STD { +544 AUE_PROCCTL STD|CAT_PROCCTL { int procctl( idtype_t idtype, id_t id, @@ -3042,7 +3045,7 @@ _In_opt_ void *data ); } -545 AUE_POLL STD|CAPENABLED { +545 AUE_POLL STD|CAT_POLL|CAPENABLED { int ppoll( _Inout_updates_(nfds) struct pollfd *fds, u_int nfds, @@ -3050,13 +3053,13 @@ _In_opt_ const sigset_t *set ); } -546 AUE_FUTIMES STD|CAPENABLED { +546 AUE_FUTIMES STD|CAT_FATTR|CAPENABLED { int futimens( int fd, _In_reads_(2) _Contains_long_timet_ const struct timespec *times ); } -547 AUE_FUTIMESAT STD|CAPENABLED { +547 AUE_FUTIMESAT STD|CAT_FATTR_PATH|CAPENABLED { int utimensat( int fd, _In_z_ const char *path, @@ -3066,18 +3069,18 @@ } 548 AUE_NULL OBSOL numa_getaffinity 549 AUE_NULL OBSOL numa_setaffinity -550 AUE_FSYNC STD|CAPENABLED { +550 AUE_FSYNC STD|CAT_GENIO|CAPENABLED { int fdatasync( int fd ); } -551 AUE_FSTAT STD|CAPENABLED { +551 AUE_FSTAT STD|CAT_GENIO|CAPENABLED { int fstat( int fd, _Out_ _Contains_long_timet_ struct stat *sb ); } -552 AUE_FSTATAT STD|CAPENABLED { +552 AUE_FSTATAT STD|CAT_STAT_PATH|CAPENABLED { int fstatat( int fd, _In_z_ const char *path, @@ -3085,13 +3088,13 @@ int flag ); } -553 AUE_FHSTAT STD { +553 AUE_FHSTAT STD|CAT_FH { int fhstat( _In_ const struct fhandle *u_fhp, _Out_ _Contains_long_timet_ struct stat *sb ); } -554 AUE_GETDIRENTRIES STD|CAPENABLED { +554 AUE_GETDIRENTRIES STD|CAT_READ_PATH|CAPENABLED { ssize_t getdirentries( int fd, _Out_writes_bytes_(count) char *buf, @@ -3099,32 +3102,32 @@ _Out_ off_t *basep ); } -555 AUE_STATFS STD { +555 AUE_STATFS STD|CAT_STATFS_PATH { int statfs( _In_z_ const char *path, _Out_ struct statfs *buf ); } -556 AUE_FSTATFS STD|CAPENABLED { +556 AUE_FSTATFS STD|CAT_STATFS|CAPENABLED { int fstatfs( int fd, _Out_ struct statfs *buf ); } -557 AUE_GETFSSTAT STD { +557 AUE_GETFSSTAT STD|CAT_GETFSSTAT { int getfsstat( _Out_writes_bytes_opt_(bufsize) struct statfs *buf, long bufsize, int mode ); } -558 AUE_FHSTATFS STD { +558 AUE_FHSTATFS STD|CAT_FH { int fhstatfs( _In_ const struct fhandle *u_fhp, _Out_ struct statfs *buf ); } -559 AUE_MKNODAT STD|CAPENABLED { +559 AUE_MKNODAT STD|CAT_CREATE_PATH|CAPENABLED { int mknodat( int fd, _In_z_ const char *path, @@ -3132,7 +3135,7 @@ dev_t dev ); } -560 AUE_KEVENT STD|CAPENABLED { +560 AUE_KEVENT STD|CAT_POLL|CAPENABLED { int kevent( int fd, _In_reads_opt_(nchanges) _Contains_ptr_ const struct kevent *changelist, @@ -3142,7 +3145,7 @@ _In_opt_ _Contains_long_timet_ const struct timespec *timeout ); } -561 AUE_NULL STD|CAPENABLED { +561 AUE_NULL STD|CAT_GETCPUSET_|CAPENABLED { int cpuset_getdomain( cpulevel_t level, cpuwhich_t which, @@ -3152,7 +3155,7 @@ _Out_ int *policy ); } -562 AUE_NULL STD|CAPENABLED { +562 AUE_NULL STD|CAT_SETCPUSET_|CAPENABLED { int cpuset_setdomain( cpulevel_t level, cpuwhich_t which, @@ -3162,14 +3165,14 @@ int policy ); } -563 AUE_NULL STD|CAPENABLED { +563 AUE_NULL STD|CAT_CORE|CAPENABLED { int getrandom( _Out_writes_bytes_(buflen) void *buf, size_t buflen, unsigned int flags ); } -564 AUE_NULL STD { +564 AUE_NULL STD|CAT_FH { int getfhat( int fd, _In_z_ char *path, @@ -3177,27 +3180,27 @@ int flags ); } -565 AUE_NULL STD { +565 AUE_NULL STD|CAT_FH { int fhlink( _In_ struct fhandle *fhp, _In_z_ const char *to ); } -566 AUE_NULL STD { +566 AUE_NULL STD|CAT_FH { int fhlinkat( _In_ struct fhandle *fhp, int tofd, _In_z_ const char *to, ); } -567 AUE_NULL STD { +567 AUE_NULL STD|CAT_FH { int fhreadlink( _In_ struct fhandle *fhp, _Out_writes_(bufsize) char *buf, size_t bufsize ); } -568 AUE_UNLINKAT STD|CAPENABLED { +568 AUE_UNLINKAT STD|CAT_DELETE_PATH|CAPENABLED { int funlinkat( int dfd, _In_z_ const char *path, @@ -3205,7 +3208,7 @@ int flag ); } -569 AUE_NULL STD|CAPENABLED { +569 AUE_NULL STD|CAT_GENIO|CAPENABLED { ssize_t copy_file_range( int infd, _Inout_opt_ off_t *inoffp, @@ -3215,7 +3218,7 @@ unsigned int flags ); } -570 AUE_SYSCTL STD|CAPENABLED { +570 AUE_SYSCTL STD|CAT_SYSINFO|CAPENABLED { int __sysctlbyname( _In_reads_(namelen) const char *name, size_t namelen, @@ -3225,7 +3228,7 @@ size_t newlen ); } -571 AUE_SHMOPEN STD|CAPENABLED { +571 AUE_SHMOPEN STD|CAT_POSIXSHM_|CAPENABLED { int shm_open2( _In_z_ const char *path, int flags, @@ -3234,20 +3237,20 @@ _In_z_ const char *name ); } -572 AUE_SHMRENAME STD { +572 AUE_SHMRENAME STD|CAT_POSIXSHM { int shm_rename( _In_z_ const char *path_from, _In_z_ const char *path_to, int flags ); } -573 AUE_NULL STD|CAPENABLED { +573 AUE_NULL STD|CAT_SIGMASK|CAPENABLED { int sigfastblock( int cmd, _Inout_opt_ uint32_t *ptr ); } -574 AUE_REALPATHAT STD { +574 AUE_REALPATHAT STD|CAT_PATH { int __realpathat( int fd, _In_z_ const char *path, @@ -3256,7 +3259,7 @@ int flags ); } -575 AUE_CLOSERANGE STD|CAPENABLED { +575 AUE_CLOSERANGE STD|CAT_FDESC|CAPENABLED { int close_range( u_int lowfd, u_int highfd, @@ -3270,24 +3273,24 @@ _In_z_ const char *path ); } -577 AUE_SPECIALFD STD|CAPENABLED { +577 AUE_SPECIALFD STD|CAT_POLL|CAPENABLED { int __specialfd( int type, _In_reads_bytes_(len) const void *req, size_t len ); } -578 AUE_AIO_WRITEV STD|CAPENABLED { +578 AUE_AIO_WRITEV STD|CAT_AIO|CAPENABLED { int aio_writev( _Inout_ _Contains_long_ptr_ struct aiocb *aiocbp ); } -579 AUE_AIO_READV STD|CAPENABLED { +579 AUE_AIO_READV STD|CAT_AIO|CAPENABLED { int aio_readv( _Inout_ _Contains_long_ptr_ struct aiocb *aiocbp ); } -580 AUE_FSPACECTL STD|CAPENABLED { +580 AUE_FSPACECTL STD|CAT_GENIO|CAPENABLED { int fspacectl( int fd, int cmd, @@ -3296,11 +3299,11 @@ _Out_opt_ struct spacectl_range *rmsr, ); } -581 AUE_NULL STD|CAPENABLED { +581 AUE_NULL STD|CAT_GETSCHED|CAPENABLED { int sched_getcpu(void); } -582 AUE_SWAPOFF STD { +582 AUE_SWAPOFF STD|CAT_SYSMGMT { int swapoff( _In_z_ const char *name, u_int flags, Index: sys/kern/sysv_msg.c =================================================================== --- sys/kern/sysv_msg.c +++ sys/kern/sysv_msg.c @@ -301,11 +301,13 @@ osd_free_reserved(rsv); sx_sunlock(&allprison_lock); - error = syscall_helper_register(msg_syscalls, SY_THR_STATIC_KLD); + error = syscall_helper_register(msg_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error != 0) return (error); #ifdef COMPAT_FREEBSD32 - error = syscall32_helper_register(msg32_syscalls, SY_THR_STATIC_KLD); + error = syscall32_helper_register(msg32_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error != 0) return (error); #endif Index: sys/kern/sysv_sem.c =================================================================== --- sys/kern/sysv_sem.c +++ sys/kern/sysv_sem.c @@ -332,11 +332,13 @@ osd_free_reserved(rsv); sx_sunlock(&allprison_lock); - error = syscall_helper_register(sem_syscalls, SY_THR_STATIC_KLD); + error = syscall_helper_register(sem_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error != 0) return (error); #ifdef COMPAT_FREEBSD32 - error = syscall32_helper_register(sem32_syscalls, SY_THR_STATIC_KLD); + error = syscall32_helper_register(sem32_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error != 0) return (error); #endif Index: sys/kern/sysv_shm.c =================================================================== --- sys/kern/sysv_shm.c +++ sys/kern/sysv_shm.c @@ -761,6 +761,8 @@ shmseg->u.shm_lpid = shmseg->u.shm_nattch = 0; shmseg->u.shm_atime = shmseg->u.shm_dtime = 0; #ifdef MAC + if (shmseg->label == NULL) /* deal with late loaded MAC modules */ + mac_sysvshm_init(shmseg); mac_sysvshm_create(cred, shmseg); #endif shmseg->u.shm_ctime = time_second; @@ -990,11 +992,13 @@ osd_free_reserved(rsv); sx_sunlock(&allprison_lock); - error = syscall_helper_register(shm_syscalls, SY_THR_STATIC_KLD); + error = syscall_helper_register(shm_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error != 0) return (error); #ifdef COMPAT_FREEBSD32 - error = syscall32_helper_register(shm32_syscalls, SY_THR_STATIC_KLD); + error = syscall32_helper_register(shm32_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error != 0) return (error); #endif Index: sys/kern/uipc_mqueue.c =================================================================== --- sys/kern/uipc_mqueue.c +++ sys/kern/uipc_mqueue.c @@ -2889,11 +2889,13 @@ { int error; - error = syscall_helper_register(mq_syscalls, SY_THR_STATIC_KLD); + error = syscall_helper_register(mq_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error != 0) return (error); #ifdef COMPAT_FREEBSD32 - error = syscall32_helper_register(mq32_syscalls, SY_THR_STATIC_KLD); + error = syscall32_helper_register(mq32_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error != 0) return (error); #endif Index: sys/kern/uipc_sem.c =================================================================== --- sys/kern/uipc_sem.c +++ sys/kern/uipc_sem.c @@ -1038,11 +1038,13 @@ p31b_setcfg(CTL_P1003_1B_SEM_NSEMS_MAX, SEM_MAX); p31b_setcfg(CTL_P1003_1B_SEM_VALUE_MAX, SEM_VALUE_MAX); - error = syscall_helper_register(ksem_syscalls, SY_THR_STATIC_KLD); + error = syscall_helper_register(ksem_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error) return (error); #ifdef COMPAT_FREEBSD32 - error = syscall32_helper_register(ksem32_syscalls, SY_THR_STATIC_KLD); + error = syscall32_helper_register(ksem32_syscalls, + SY_THR_STATIC_KLD | SY_HLP_PRESERVE_SYFLAGS); if (error) return (error); #endif Index: sys/kern/uipc_shm.c =================================================================== --- sys/kern/uipc_shm.c +++ sys/kern/uipc_shm.c @@ -55,6 +55,7 @@ #include #include +#include #include #include #include @@ -596,16 +597,29 @@ int error; char *path; const char *pr_path; - size_t pr_pathlen; + size_t off; path = malloc(MAXPATHLEN, M_SHMFD, M_WAITOK); - pr_path = td->td_ucred->cr_prison->pr_path; + off = 0; /* Construct a full pathname for jailed callers. */ - pr_pathlen = strcmp(pr_path, "/") == - 0 ? 0 : strlcpy(path, pr_path, MAXPATHLEN); - error = copyinstr(userpath_in, path + pr_pathlen, - MAXPATHLEN - pr_pathlen, NULL); + pr_path = td->td_ucred->cr_prison->pr_path; + if (strcmp(pr_path, "/") != 0) { + off += strlcpy(path, pr_path, MAXPATHLEN); + if (off >= MAXPATHLEN) { + error = ENAMETOOLONG; + goto out; + } + } + +#ifdef MAC + /* Allow MAC modules to add a path prefix similarly to jails. */ + error = mac_posixshm_path_prefix(td->td_ucred, path, &off, MAXPATHLEN); + if (error != 0) + goto out; +#endif + + error = copyinstr(userpath_in, path + off, MAXPATHLEN - off, NULL); if (error != 0) goto out; @@ -615,7 +629,7 @@ #endif /* Require paths to start with a '/' character. */ - if (path[pr_pathlen] != '/') { + if (path[off] != '/') { error = EINVAL; goto out; } @@ -1068,13 +1082,20 @@ if ((shmflags & SHM_ALLOW_SEALING) != 0) initial_seals &= ~F_SEAL_SEAL; + if (userpath != SHM_ANON) { #ifdef CAPABILITY_MODE - /* - * shm_open(2) is only allowed for anonymous objects. - */ - if (IN_CAPABILITY_MODE(td) && (userpath != SHM_ANON)) - return (ECAPMODE); + /* + * shm_open(2) is only allowed for anonymous objects. + */ + if (IN_CAPABILITY_MODE(td)) + return (ECAPMODE); #endif +#ifdef MAC + error = mac_system_check_syscat(td->td_ucred, SY_CAT_POSIXSHM); + if (error) + return (error); +#endif + } AUDIT_ARG_FFLAGS(flags); AUDIT_ARG_MODE(mode); @@ -1798,29 +1819,41 @@ shm_fill_kinfo_locked(struct shmfd *shmfd, struct kinfo_file *kif, bool list) { const char *path, *pr_path; - size_t pr_pathlen; - bool visible; + size_t off, pr_pathlen; sx_assert(&shm_dict_lock, SA_LOCKED); kif->kf_type = KF_TYPE_SHM; kif->kf_un.kf_file.kf_file_mode = S_IFREG | shmfd->shm_mode; kif->kf_un.kf_file.kf_file_size = shmfd->shm_size; + if (shmfd->shm_path != NULL) { - if (shmfd->shm_path != NULL) { - path = shmfd->shm_path; - pr_path = curthread->td_ucred->cr_prison->pr_path; - if (strcmp(pr_path, "/") != 0) { - /* Return the jail-rooted pathname. */ - pr_pathlen = strlen(pr_path); - visible = strncmp(path, pr_path, pr_pathlen) - == 0 && path[pr_pathlen] == '/'; - if (list && !visible) - return (EPERM); - if (visible) - path += pr_pathlen; - } - strlcpy(kif->kf_path, path, sizeof(kif->kf_path)); + path = shmfd->shm_path; + off = 0; + + /* Return the jail-rooted pathname. */ + pr_path = curthread->td_ucred->cr_prison->pr_path; + if (strcmp(pr_path, "/") != 0) { + pr_pathlen = strlen(pr_path); + if (strncmp(path, pr_path, pr_pathlen) == 0 && + path[pr_pathlen] == '/') + off += pr_pathlen; /* trim reported path */ + else if (list) + return (ENOENT); /* skip object in listings */ } + +#ifdef MAC + /* + * Similarly, check and trim prefixes added by MAC modules. + * The offset may be advanced to the NUL at the end of the path + * to indicate that it did not match the expected prefixes. + * The reported path will thus be empty (if not erroring out). + */ + mac_posixshm_path_unprefix(curthread->td_ucred, path, &off); + if (list && path[off] == '\0') + return (ENOENT); +#endif + + strlcpy(kif->kf_path, path + off, sizeof(kif->kf_path)); } return (0); } @@ -2043,7 +2076,7 @@ LIST_FOREACH(shmm, &shm_dictionary[i], sm_link) { error = shm_fill_kinfo_locked(shmm->sm_shmfd, &kif, true); - if (error == EPERM) { + if (error == ENOENT) { error = 0; continue; } Index: sys/kern/uipc_socket.c =================================================================== --- sys/kern/uipc_socket.c +++ sys/kern/uipc_socket.c @@ -144,6 +144,7 @@ #include #include #include +#include #include #include #include @@ -3149,6 +3150,12 @@ error = EINVAL; goto bad; } +#ifdef MAC + error = mac_net_check_fibnum(sopt->sopt_td->td_ucred, + optval); + if (error) + goto bad; +#endif if (((so->so_proto->pr_domain->dom_family == PF_INET) || (so->so_proto->pr_domain->dom_family == PF_INET6) || (so->so_proto->pr_domain->dom_family == PF_ROUTE))) Index: sys/kern/uipc_syscalls.c =================================================================== --- sys/kern/uipc_syscalls.c +++ sys/kern/uipc_syscalls.c @@ -569,8 +569,7 @@ fflag |= FNONBLOCK; } #ifdef MAC - /* We might want to have a separate check for socket pairs. */ - error = mac_socket_check_create(td->td_ucred, domain, type, + error = mac_socket_check_create_pair(td->td_ucred, domain, type, protocol); if (error != 0) return (error); @@ -1265,7 +1264,11 @@ &fp, NULL, NULL); if (error == 0) { so = fp->f_data; - error = sosetopt(so, &sopt); +#ifdef MAC + error = mac_socket_check_setsockopt(td->td_ucred, so, &sopt); +#endif + if (error == 0) + error = sosetopt(so, &sopt); fdrop(fp, td); } return(error); @@ -1330,8 +1333,13 @@ &fp, NULL, NULL); if (error == 0) { so = fp->f_data; - error = sogetopt(so, &sopt); - *valsize = sopt.sopt_valsize; +#ifdef MAC + error = mac_socket_check_getsockopt(td->td_ucred, so, &sopt); +#endif + if (error == 0) { + error = sogetopt(so, &sopt); + *valsize = sopt.sopt_valsize; + } fdrop(fp, td); } return (error); Index: sys/kern/uipc_usrreq.c =================================================================== --- sys/kern/uipc_usrreq.c +++ sys/kern/uipc_usrreq.c @@ -2038,6 +2038,15 @@ goto next; fdep = data; +#ifdef MAC + for (i = 0; i < newfds; i++) { + error = mac_generic_check_recvfd(td->td_ucred, + td, fdep[i]->fde_file); + if (error) + break; + } +#endif + /* If we're not outputting the descriptors free them. */ if (error || controlp == NULL) { unp_freerights(fdep, newfds); @@ -2273,6 +2282,14 @@ error = EOPNOTSUPP; goto out; } +#ifdef MAC + error = mac_generic_check_sendfd(td->td_ucred, + td, fp); + if (error) { + FILEDESC_SUNLOCK(fdesc); + goto out; + } +#endif } /* Index: sys/kern/vfs_cache.c =================================================================== --- sys/kern/vfs_cache.c +++ sys/kern/vfs_cache.c @@ -2889,19 +2889,22 @@ VNPASS(VN_IS_DOOMED(vp), vp); if (cache_has_entries(vp)) { cache_purge_impl(vp); - return; + } else { + /* + * Serialize against a potential thread doing cache_purge. + */ + vlp = VP2VNODELOCK(vp); + mtx_wait_unlocked(vlp); + if (cache_has_entries(vp)) { + cache_purge_impl(vp); + } } - /* - * Serialize against a potential thread doing cache_purge. + * mac_curtain (ab)uses v_hash and v_nchash to detect when a vnode no + * longer refers to the same file. v_nchash is incremented on each + * reclaim so that it can be used as a sort of generation counter. */ - vlp = VP2VNODELOCK(vp); - mtx_wait_unlocked(vlp); - if (cache_has_entries(vp)) { - cache_purge_impl(vp); - return; - } - return; + vp->v_nchash++; } /* @@ -4245,6 +4248,12 @@ cache_fpl_aborted_early(fpl); return (false); } +#ifdef MAC + if (mac_vnode_walk_needed(cnp->cn_cred)) { + cache_fpl_aborted_early(fpl); + return (false); + } +#endif if (AUDITING_TD(td)) { cache_fpl_aborted_early(fpl); return (false); Index: sys/kern/vfs_lookup.c =================================================================== --- sys/kern/vfs_lookup.c +++ sys/kern/vfs_lookup.c @@ -323,6 +323,13 @@ return (ECAPMODE); } } +#endif +#ifdef MAC + if ((cnp->cn_flags & NOMACCHECK) == 0 && + mac_vnode_walk_needed(cnp->cn_cred)) + ndp->ni_lcf |= NI_LCF_MACWALK_ACTIVE | + ((cnp->cn_flags & MACWALKCONTINUE) == 0 ? + NI_LCF_MACWALK_ADVANCE : NI_LCF_MACWALK_RESUME); #endif error = 0; @@ -354,6 +361,11 @@ AUDIT_ARG_ATFD2(ndp->ni_dirfd); error = fgetvp_lookup(ndp->ni_dirfd, ndp, dpp); +#ifdef MAC + /* Reuse fgetvp_lookup()'s tracker slot. */ + if (error == 0) + ndp->ni_lcf &= ~NI_LCF_MACWALK_ADVANCE; +#endif } if (error == 0 && (*dpp)->v_type != VDIR && (cnp->cn_pnbuf[0] != '\0' || @@ -485,7 +497,7 @@ } #ifdef MAC if ((cnp->cn_flags & NOMACCHECK) == 0) { - error = mac_vnode_check_readlink(td->td_ucred, ndp->ni_vp); + error = mac_vnode_check_readlink(cnp->cn_cred, ndp->ni_vp); if (error != 0) goto out; } @@ -677,9 +689,8 @@ error = vfs_lookup(ndp); if (error != 0) goto out; - /* - * If not a symbolic link, we're done. + * If not a (followed) symbolic link, we're done. */ if ((cnp->cn_flags & ISSYMLINK) == 0) { SDT_PROBE4(vfs, namei, lookup, return, error, @@ -690,24 +701,41 @@ cnp->cn_flags |= HASBUF; nameicap_cleanup(ndp); pwd_drop(pwd); - if (error == 0) - NDVALIDATE(ndp); + NDVALIDATE(ndp); +#ifdef MAC + if (ndp->ni_lcf & NI_LCF_MACWALK_ACTIVE) { + error = mac_vnode_walk_finish( + cnp->cn_cred, ndp->ni_dvp, ndp->ni_vp); + if (error != 0) + NDFREE(ndp, 0); + } +#endif return (error); } error = namei_follow_link(ndp); if (error != 0) break; - vput(ndp->ni_vp); dp = ndp->ni_dvp; /* * Check if root directory should replace current directory. */ cnp->cn_nameptr = cnp->cn_pnbuf; if (*(cnp->cn_nameptr) == '/') { + vput(ndp->ni_vp); vrele(dp); error = namei_handle_root(ndp, &dp); if (error != 0) goto out; + } else { +#ifdef MAC + /* Can resume MAC walk from containing directory. */ + if (ndp->ni_lcf & NI_LCF_MACWALK_ACTIVE) { + mac_vnode_walk_return(cnp->cn_cred, + ndp->ni_vp, dp); + ndp->ni_lcf |= NI_LCF_MACWALK_RESUME; + } +#endif + vput(ndp->ni_vp); } } vput(ndp->ni_vp); @@ -719,6 +747,10 @@ namei_cleanup_cnp(cnp); nameicap_cleanup(ndp); pwd_drop(pwd); +#ifdef MAC + if (ndp->ni_lcf & NI_LCF_MACWALK_ACTIVE) + error = mac_vnode_walk_failed(cnp->cn_cred, error); +#endif return (error); } @@ -906,15 +938,14 @@ int rdonly; /* lookup read-only flag bit */ int error = 0; int dpunlocked = 0; /* dp has already been unlocked */ + int ni_dvp_unlocked = 0; /* ni_dvp already unlocked/released */ int relookup = 0; /* do not consume the path component */ struct componentname *cnp = &ndp->ni_cnd; int lkflags_save; - int ni_dvp_unlocked; /* * Setup: break out flag bits into variables. */ - ni_dvp_unlocked = 0; wantparent = cnp->cn_flags & (LOCKPARENT | WANTPARENT); KASSERT(cnp->cn_nameiop == LOOKUP || wantparent, ("CREATE, DELETE, RENAME require LOCKPARENT or WANTPARENT.")); @@ -941,6 +972,18 @@ dp = ndp->ni_startdir; ndp->ni_startdir = NULLVP; +#ifdef MAC + if ((ndp->ni_lcf & NI_LCF_MACWALK_ACTIVE) != 0) { + if ((ndp->ni_lcf & NI_LCF_MACWALK_RESUME) == 0) { + error = mac_vnode_walk_start_vp(cnp->cn_cred, dp, + (ndp->ni_lcf & NI_LCF_MACWALK_ADVANCE) != 0); + if (error != 0) + goto bad_unlocked; + } + ndp->ni_lcf &= ~(NI_LCF_MACWALK_RESUME | NI_LCF_MACWALK_ADVANCE); + } +#endif + /* * Leading slashes, if any, are supposed to be skipped by the caller. */ @@ -1119,6 +1162,10 @@ } tdp = dp; dp = dp->v_mount->mnt_vnodecovered; +#ifdef MAC + if (ndp->ni_lcf & NI_LCF_MACWALK_ACTIVE) + mac_vnode_walk_transfer(cnp->cn_cred, tdp, dp); +#endif VREF(dp); vput(tdp); vn_lock(dp, @@ -1140,6 +1187,7 @@ */ unionlookup: #ifdef MAC + /* NOTE: NOMACCHECK check is done by mac_vnode_check_lookup_impl(). */ error = mac_vnode_check_lookup(cnp->cn_cred, dp, cnp); if (__predict_false(error)) goto bad; @@ -1182,6 +1230,10 @@ (dp->v_mount->mnt_flag & MNT_UNION)) { tdp = dp; dp = dp->v_mount->mnt_vnodecovered; +#ifdef MAC + if (ndp->ni_lcf & NI_LCF_MACWALK_ACTIVE) + mac_vnode_walk_transfer(cnp->cn_cred, tdp, dp); +#endif VREF(dp); vput(tdp); vn_lock(dp, @@ -1217,6 +1269,10 @@ error = ENOENT; goto bad; } +#ifdef MAC + if (ndp->ni_lcf & NI_LCF_MACWALK_ACTIVE) + mac_vnode_walk_lookup(cnp->cn_cred, dp, cnp, NULL); +#endif if ((cnp->cn_flags & LOCKPARENT) == 0) VOP_UNLOCK(dp); /* @@ -1237,6 +1293,11 @@ #endif dp = ndp->ni_vp; +#ifdef MAC + if (ndp->ni_lcf & NI_LCF_MACWALK_ACTIVE) + mac_vnode_walk_lookup(cnp->cn_cred, ndp->ni_dvp, cnp, dp); +#endif + /* * Check to see if the vnode has been mounted on; * if so find the root of the mounted filesystem. @@ -1245,7 +1306,7 @@ (cnp->cn_flags & NOCROSSMOUNT) == 0) { if (vfs_busy(mp, 0)) continue; - vput(dp); + VOP_UNLOCK(dp); if (dp != ndp->ni_dvp) vput(ndp->ni_dvp); else @@ -1258,9 +1319,15 @@ if (vn_lock(vp_crossmp, LK_SHARED | LK_NOWAIT)) panic("vp_crossmp exclusively locked or reclaimed"); if (error) { + vrele(dp); dpunlocked = 1; goto bad2; } +#ifdef MAC + if (ndp->ni_lcf & NI_LCF_MACWALK_ACTIVE) + mac_vnode_walk_transfer(cnp->cn_cred, dp, tdp); +#endif + vrele(dp); ndp->ni_vp = dp = tdp; } Index: sys/kern/vfs_syscalls.c =================================================================== --- sys/kern/vfs_syscalls.c +++ sys/kern/vfs_syscalls.c @@ -1127,7 +1127,8 @@ struct vnode *vp; struct nameidata nd; cap_rights_t rights; - int cmode, error, indx; + mode_t cmode; + int error, indx; indx = -1; fdp = p->p_fd; @@ -1164,6 +1165,9 @@ /* Set the flags early so the finit in devfs can pick them up. */ fp->f_flag = flags & FMASK; cmode = ((mode & ~pdp->pd_cmask) & ALLPERMS) & ~S_ISTXT; +#ifdef MAC + mac_generic_filter_setmode(td->td_ucred, NULL, &cmode); +#endif NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | AUDITVNODE1 | WANTIOCTLCAPS, pathseg, path, fd, &rights); td->td_dupfd = -1; /* XXX check for fdopen */ @@ -2945,6 +2949,9 @@ if ((error = namei(&nd)) != 0) return (error); NDFREE_NOTHING(&nd); +#ifdef MAC + mac_generic_filter_setmode(td->td_ucred, NULL, &mode); +#endif error = setfmode(td, td->td_ucred, nd.ni_vp, mode); vrele(nd.ni_vp); return (error); @@ -2963,6 +2970,7 @@ sys_fchmod(struct thread *td, struct fchmod_args *uap) { struct file *fp; + mode_t mode; int error; AUDIT_ARG_FD(uap->fd); @@ -2971,7 +2979,11 @@ error = fget(td, uap->fd, &cap_fchmod_rights, &fp); if (error != 0) return (error); - error = fo_chmod(fp, uap->mode, td->td_ucred, td); + mode = uap->mode; +#ifdef MAC + mac_generic_filter_setmode(td->td_ucred, fp, &mode); +#endif + error = fo_chmod(fp, mode, td->td_ucred, td); fdrop(fp, td); return (error); } @@ -4209,7 +4221,14 @@ loff = auio.uio_offset = foffset; #ifdef MAC error = mac_vnode_check_readdir(td->td_ucred, vp); - if (error == 0) + if (error != 0) { + VOP_UNLOCK(vp); + goto fail; + } + if (mac_vnode_walk_needed(td->td_ucred)) + error = mac_vnode_readdir_filtered(td->td_ucred, fp->f_cred, + vp, &auio); + else #endif error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, NULL); @@ -4224,6 +4243,10 @@ struct vnode *tvp = vp; vp = vp->v_mount->mnt_vnodecovered; +#ifdef MAC + if (mac_vnode_walk_needed(td->td_ucred)) + mac_vnode_walk_transfer(td->td_ucred, tvp, vp); +#endif VREF(vp); fp->f_vnode = vp; foffset = 0; Index: sys/kern/vfs_vnops.c =================================================================== --- sys/kern/vfs_vnops.c +++ sys/kern/vfs_vnops.c @@ -215,6 +215,10 @@ res |= NOCAPCHECK; if ((vn_open_flags & VN_OPEN_WANTIOCTLCAPS) != 0) res |= WANTIOCTLCAPS; +#ifdef MAC + if ((vn_open_flags & VN_OPEN_MACWALKCONTINUE) != 0) + res |= MACWALKCONTINUE; +#endif return (res); } @@ -285,6 +289,10 @@ #endif error = VOP_CREATE(ndp->ni_dvp, &ndp->ni_vp, &ndp->ni_cnd, vap); +#ifdef MAC + if (error == 0 && mac_vnode_walk_needed(cred)) + mac_vnode_walk_created(cred, ndp->ni_dvp, ndp->ni_vp); +#endif vp = ndp->ni_vp; if (error == 0 && (fmode & O_EXCL) != 0 && (fmode & (O_EXLOCK | O_SHLOCK)) != 0) { @@ -429,6 +437,8 @@ error = mac_vnode_check_open(cred, vp, accmode); if (error != 0) return (error); + if (fp != NULL) + mac_vnode_walk_amend_fp(cred, fp, vp); accmode &= ~(VCREAT | VVERIFY); #endif Index: sys/net/route/route_tables.c =================================================================== --- sys/net/route/route_tables.c +++ sys/net/route/route_tables.c @@ -50,11 +50,14 @@ #include #include #include +#include #include #include #include +#include + /* Kernel config default option. */ #ifdef ROUTETABLES #if ROUTETABLES <= 0 @@ -152,6 +155,12 @@ { int error = 0; +#ifdef MAC + error = mac_net_check_fibnum(td->td_ucred, uap->fibnum); + if (error) + return (error); +#endif + CURVNET_SET(TD_TO_VNET(td)); if (uap->fibnum >= 0 && uap->fibnum < V_rt_numfibs) td->td_proc->p_fibnum = uap->fibnum; Index: sys/security/mac/mac_cred.c =================================================================== --- sys/security/mac/mac_cred.c +++ sys/security/mac/mac_cred.c @@ -113,6 +113,14 @@ } } +void +mac_cred_trim(struct ucred *cred) +{ + cred->cr_flags &= ~CRED_FLAG_NEEDTRIM; + + MAC_POLICY_PERFORM_NOSLEEP(cred_trim_label, cred); +} + /* * When a thread becomes an NFS server daemon, its credential may need to be * updated to reflect this so that policies can recognize when file system Index: sys/security/mac/mac_framework.h =================================================================== --- sys/security/mac/mac_framework.h +++ sys/security/mac/mac_framework.h @@ -59,6 +59,8 @@ struct cdev; struct componentname; struct devfs_dirent; +struct dirent; +struct file; struct ifnet; struct ifreq; struct image_params; @@ -79,8 +81,10 @@ struct shmid_kernel; struct sockaddr; struct socket; +struct sockopt; struct sysctl_oid; struct sysctl_req; +struct sysent; struct pipepair; struct thread; struct timespec; @@ -91,6 +95,8 @@ #include /* XXX acl_type_t */ #include /* accmode_t */ +#include /* vm_prot_t */ +#include /* ucred's cr_flags */ /* * Entry points to the TrustedBSD MAC Framework from the remainder of the @@ -128,6 +134,7 @@ void mac_cred_create_init(struct ucred *cred); void mac_cred_create_swapper(struct ucred *cred); void mac_cred_destroy(struct ucred *); +void mac_cred_trim(struct ucred *); void mac_cred_init(struct ucred *); void mac_devfs_create_device(struct ucred *cred, struct mount *mp, @@ -183,6 +190,8 @@ int mac_ifnet_ioctl_set(struct ucred *cred, struct ifreq *ifr, struct ifnet *ifp); +int mac_net_check_fibnum(struct ucred *cred, int fibnum); + int mac_inpcb_check_deliver(struct inpcb *inp, struct mbuf *m); int mac_inpcb_check_visible(struct ucred *cred, struct inpcb *inp); void mac_inpcb_create(struct socket *so, struct inpcb *inp); @@ -287,6 +296,10 @@ void mac_posixsem_destroy(struct ksem *); void mac_posixsem_init(struct ksem *); +int mac_posixshm_path_prefix(struct ucred *active_cred, char *path, + size_t *prefix_len, size_t path_size); +void mac_posixshm_path_unprefix(struct ucred *cred, const char *path, + size_t *prefix_len); int mac_posixshm_check_create(struct ucred *cred, const char *path); int mac_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, int prot, int flags); @@ -346,6 +359,8 @@ int mac_proc_check_signal(struct ucred *cred, struct proc *p, int signum); int mac_proc_check_wait(struct ucred *cred, struct proc *p); +int mac_proc_check_procctl(struct ucred *cred, struct proc *p, + int com, void *data); void mac_proc_destroy(struct proc *); void mac_proc_init(struct proc *); void mac_proc_vm_revoke(struct thread *td); @@ -362,6 +377,8 @@ struct sockaddr *sa); int mac_socket_check_create(struct ucred *cred, int domain, int type, int proto); +int mac_socket_check_create_pair(struct ucred *cred, int domain, int type, + int proto); int mac_socket_check_deliver(struct socket *so, struct mbuf *m); int mac_socket_check_listen(struct ucred *cred, struct socket *so); int mac_socket_check_poll(struct ucred *cred, struct socket *so); @@ -369,6 +386,10 @@ int mac_socket_check_send(struct ucred *cred, struct socket *so); int mac_socket_check_stat(struct ucred *cred, struct socket *so); int mac_socket_check_visible(struct ucred *cred, struct socket *so); +int mac_socket_check_setsockopt(struct ucred *cred, struct socket *so, + struct sockopt *opt); +int mac_socket_check_getsockopt(struct ucred *cred, struct socket *so, + struct sockopt *opt); void mac_socket_create_mbuf(struct socket *so, struct mbuf *m); void mac_socket_create(struct ucred *cred, struct socket *so); void mac_socket_destroy(struct socket *); @@ -400,6 +421,32 @@ int mac_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, void *arg1, int arg2, struct sysctl_req *req); +int mac_system_check_syscat_impl(struct ucred *cred, int syscat); + +static inline int +mac_system_check_syscat(struct ucred *cred, int syscat) +{ +#ifdef MAC + if ((cred->cr_flags & CRED_FLAG_SYSFILT) != 0) + return (mac_system_check_syscat_impl(cred, syscat)); +#endif + return (0); +} + +int mac_system_check_sysent_impl(struct ucred *cred, const struct sysent *se); + +static inline int +mac_system_check_sysent(struct ucred *cred, const struct sysent *se) +{ +#ifdef MAC + if ((cred->cr_flags & CRED_FLAG_SYSFILT) != 0) + return (mac_system_check_sysent_impl(cred, se)); +#endif + return (0); +} + +void mac_system_execve(struct ucred *cred, struct image_params *imgp); + void mac_sysvmsg_cleanup(struct msg *msgptr); void mac_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, struct msg *msgptr); @@ -685,4 +732,54 @@ */ int vop_stdsetlabel_ea(struct vop_setlabel_args *ap); +static inline bool +mac_vnode_walk_needed(struct ucred *cred) +{ + return ((cred->cr_flags & CRED_FLAG_SYSFILT) != 0); +} + +int mac_vnode_readdir_filtered(struct ucred *active_ucred, + struct ucred *file_cred, struct vnode *vp, struct uio *uio); + +/* + * The vnode "walk" functions let policies keep track of vnode permissions + * during traversals (without relying on per-vnode labels stored in the + * filesystem). Used by mac_curtain(4) to implement "unveils". + */ +void mac_vnode_walk_amend_fp(struct ucred *cred, + struct file *fp, struct vnode *vp); +int mac_vnode_walk_start_fp(struct ucred *cred, struct file *fp, + bool advance); +int mac_vnode_walk_start_vp(struct ucred *cred, struct vnode *vp, + bool advance); +void mac_vnode_walk_lookup(struct ucred *cred, + struct vnode *dvp, struct componentname *cnp, struct vnode *vp); +void mac_vnode_walk_return(struct ucred *cred, + struct vnode *from_vp, struct vnode *to_vp); +void mac_vnode_walk_transfer(struct ucred *cred, + struct vnode *from_vp, struct vnode *to_vp); +void mac_vnode_walk_created(struct ucred *cred, + struct vnode *dvp, struct vnode *vp); +int mac_vnode_walk_finish(struct ucred *cred, + struct vnode *dvp, struct vnode *vp); +int mac_vnode_walk_failed(struct ucred *cred, int error); +bool mac_vnode_walk_dirent_visible(struct ucred *cred, + struct vnode *vp, struct dirent *dp); + +/* + * Checks done on generic file objects rather than specific kernel object + * types. Added in a rather ad-hoc manner to support mac_curtain(4). The file + * argument may be NULL when it is not known or when none apply. + */ +void mac_generic_filter_setmode(struct ucred *cred, struct file *fp, + mode_t *mode); +int mac_generic_check_ioctl(struct ucred *cred, struct file *fp, + unsigned long cmd, void *data); +int mac_generic_check_vm_prot(struct ucred *cred, struct file *fp, + vm_prot_t prot); +int mac_generic_check_sendfd(struct ucred *cred, struct thread *td, + struct file *fp); +int mac_generic_check_recvfd(struct ucred *cred, struct thread *td, + struct file *fp); + #endif /* !_SECURITY_MAC_MAC_FRAMEWORK_H_ */ Index: sys/security/mac/mac_framework.c =================================================================== --- sys/security/mac/mac_framework.c +++ sys/security/mac/mac_framework.c @@ -704,6 +704,13 @@ if (error1 == EDEADLK || error2 == EDEADLK) return (EDEADLK); + /* Precedence for errors that should send signals. */ + if (error1 == EMACKILL || error2 == EMACKILL) + return (EMACKILL); + + if (error1 == EMACTRAP || error2 == EMACTRAP) + return (EMACTRAP); + /* Invalid arguments should be reported where possible. */ if (error1 == EINVAL || error2 == EINVAL) return (EINVAL); Index: sys/security/mac/mac_generic.c =================================================================== --- /dev/null +++ sys/security/mac/mac_generic.c @@ -0,0 +1,72 @@ +#include +__FBSDID("$FreeBSD$"); + +#include "opt_mac.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +void +mac_generic_filter_setmode(struct ucred *cred, struct file *fp, + mode_t *mode) +{ + + MAC_POLICY_PERFORM_NOSLEEP(generic_filter_setmode, cred, fp, mode); +} + +MAC_CHECK_PROBE_DEFINE4(generic_check_ioctl, "struct ucred *", + "struct file *", "unsigned long", "void *"); + +int +mac_generic_check_ioctl(struct ucred *cred, struct file *fp, + u_long cmd, void *data) +{ + int error; + + MAC_POLICY_CHECK_NOSLEEP(generic_check_ioctl, cred, fp, cmd, data); + MAC_CHECK_PROBE4(generic_check_ioctl, error, cred, fp, cmd, data); + + return (error); +} + +MAC_CHECK_PROBE_DEFINE3(generic_check_vm_prot, "struct ucred *", + "struct file *", "vm_prot_t"); + +int +mac_generic_check_vm_prot(struct ucred *cred, struct file *fp, vm_prot_t prot) +{ + int error; + + MAC_POLICY_CHECK(generic_check_vm_prot, cred, fp, prot); + MAC_CHECK_PROBE3(generic_check_vm_prot, error, cred, fp, prot); + + return (error); +} + +int +mac_generic_check_sendfd(struct ucred *cred, struct thread *td, struct file *fp) +{ + int error; + + MAC_POLICY_CHECK(generic_check_sendfd, cred, td, fp); + + return (error); +} + +int +mac_generic_check_recvfd(struct ucred *cred, struct thread *td, struct file *fp) +{ + int error; + + MAC_POLICY_CHECK(generic_check_recvfd, cred, td, fp); + + return (error); +} Index: sys/security/mac/mac_net.c =================================================================== --- sys/security/mac/mac_net.c +++ sys/security/mac/mac_net.c @@ -500,3 +500,14 @@ mac_ifnet_label_free(intlabel); return (0); } + +int +mac_net_check_fibnum(struct ucred *cred, int fibnum) +{ + int error; + + MAC_POLICY_CHECK_NOSLEEP(net_check_fibnum, cred, fibnum); + + return (error); +} + Index: sys/security/mac/mac_policy.h =================================================================== --- sys/security/mac/mac_policy.h +++ sys/security/mac/mac_policy.h @@ -63,8 +63,11 @@ * Operations are sorted first by general class of operation, then * alphabetically. */ +#include +#include /* module_t */ #include /* XXX acl_type_t */ #include /* XXX accmode_t */ +#include /* vm_prot_t */ struct acl; struct auditinfo; @@ -73,6 +76,8 @@ struct cdev; struct componentname; struct devfs_dirent; +struct dirent; +struct file; struct ifnet; struct image_params; struct inpcb; @@ -93,8 +98,10 @@ struct shmid_kernel; struct sockaddr; struct socket; +struct sockopt; struct sysctl_oid; struct sysctl_req; +struct sysent; struct thread; struct ucred; struct vattr; @@ -160,6 +167,7 @@ typedef void (*mpo_cred_create_init_t)(struct ucred *cred); typedef void (*mpo_cred_create_swapper_t)(struct ucred *cred); typedef void (*mpo_cred_destroy_label_t)(struct label *label); +typedef void (*mpo_cred_trim_label_t)(struct ucred *cred); typedef int (*mpo_cred_externalize_label_t)(struct label *label, char *element_name, struct sbuf *sb, int *claimed); typedef void (*mpo_cred_init_label_t)(struct label *label); @@ -210,6 +218,8 @@ typedef void (*mpo_ifnet_relabel_t)(struct ucred *cred, struct ifnet *ifp, struct label *ifplabel, struct label *newlabel); +typedef int (*mpo_net_check_fibnum_t)(struct ucred *cred, int fibnum); + typedef int (*mpo_inpcb_check_deliver_t)(struct inpcb *inp, struct label *inplabel, struct mbuf *m, struct label *mlabel); @@ -351,6 +361,10 @@ typedef void (*mpo_posixsem_destroy_label_t)(struct label *label); typedef void (*mpo_posixsem_init_label_t)(struct label *label); +typedef int (*mpo_posixshm_path_prefix_t)(struct ucred *cred, + char *path, size_t *prefix_len, size_t path_size); +typedef void (*mpo_posixshm_path_unprefix_t)(struct ucred *cred, + const char *path, size_t *prefix_len); typedef int (*mpo_posixshm_check_create_t)(struct ucred *cred, const char *path); typedef int (*mpo_posixshm_check_mmap_t)(struct ucred *cred, @@ -395,6 +409,8 @@ struct proc *proc, int signum); typedef int (*mpo_proc_check_wait_t)(struct ucred *cred, struct proc *proc); +typedef int (*mpo_proc_check_procctl_t)(struct ucred *cred, + struct proc *proc, int com, void *data); typedef void (*mpo_proc_destroy_label_t)(struct label *label); typedef void (*mpo_proc_init_label_t)(struct label *label); @@ -426,6 +442,9 @@ struct socket *so, struct label *solabel); typedef int (*mpo_socket_check_visible_t)(struct ucred *cred, struct socket *so, struct label *solabel); +typedef int (*mpo_socket_check_sockopt_t)(struct ucred *cred, + struct socket *so, struct label *solabel, + struct sockopt *sopt); typedef void (*mpo_socket_copy_label_t)(struct label *src, struct label *dest); typedef void (*mpo_socket_create_t)(struct ucred *cred, struct socket *so, @@ -479,6 +498,11 @@ typedef int (*mpo_system_check_sysctl_t)(struct ucred *cred, struct sysctl_oid *oidp, void *arg1, int arg2, struct sysctl_req *req); +typedef int (*mpo_system_check_syscat_t)(struct ucred *cred, int syscat); +typedef int (*mpo_system_check_sysent_t)(struct ucred *cred, + const struct sysent *se); +typedef void (*mpo_system_execve_t)(struct ucred *ucred, + struct image_params *imgp); typedef void (*mpo_sysvmsg_cleanup_t)(struct label *msglabel); typedef void (*mpo_sysvmsg_create_t)(struct ucred *cred, @@ -670,6 +694,39 @@ struct vnode *vp, struct label *vplabel, struct label *intlabel); +typedef void (*mpo_vnode_walk_amend_fp_t)(struct ucred *cred, + struct file *fp, struct vnode *vp); +typedef int (*mpo_vnode_walk_start_fp_t)(struct ucred *cred, + struct file *fp, bool advance); +typedef int (*mpo_vnode_walk_start_vp_t)(struct ucred *cred, + struct vnode *vp, bool advance); +typedef void (*mpo_vnode_walk_lookup_t)(struct ucred *cred, + struct vnode *dvp, struct componentname *cnp, + struct vnode *vp); +typedef void (*mpo_vnode_walk_return_t)(struct ucred *cred, + struct vnode *from_vp, struct vnode *to_vp); +typedef void (*mpo_vnode_walk_transfer_t)(struct ucred *cred, + struct vnode *from_vp, struct vnode *to_vp); +typedef void (*mpo_vnode_walk_created_t)(struct ucred *cred, + struct vnode *dvp, struct vnode *vp); +typedef int (*mpo_vnode_walk_finish_t)(struct ucred *cred, + struct vnode *dvp, struct vnode *vp); +typedef int (*mpo_vnode_walk_failed_t)(struct ucred *cred, int error); +typedef bool (*mpo_vnode_walk_dirent_visible_t)(struct ucred *cred, + struct vnode *vp, struct dirent *dp); + +typedef void (*mpo_generic_filter_setmode_t)(struct ucred *cred, + struct file *file, mode_t *mode); +typedef int (*mpo_generic_check_ioctl_t)(struct ucred *cred, + struct file *file, + unsigned long cmd, void *data); +typedef int (*mpo_generic_check_vm_prot_t)(struct ucred *cred, + struct file *file, vm_prot_t prot); +typedef int (*mpo_generic_check_sendfd_t)(struct ucred *cred, + struct thread *td, struct file *fp); +typedef int (*mpo_generic_check_recvfd_t)(struct ucred *cred, + struct thread *td, struct file *fp); + struct mac_policy_ops { /* * Policy module operations. @@ -715,6 +772,7 @@ mpo_cred_create_swapper_t mpo_cred_create_swapper; mpo_cred_create_init_t mpo_cred_create_init; mpo_cred_destroy_label_t mpo_cred_destroy_label; + mpo_cred_trim_label_t mpo_cred_trim_label; mpo_cred_externalize_label_t mpo_cred_externalize_label; mpo_cred_init_label_t mpo_cred_init_label; mpo_cred_internalize_label_t mpo_cred_internalize_label; @@ -739,6 +797,8 @@ mpo_ifnet_internalize_label_t mpo_ifnet_internalize_label; mpo_ifnet_relabel_t mpo_ifnet_relabel; + mpo_net_check_fibnum_t mpo_net_check_fibnum; + mpo_inpcb_check_deliver_t mpo_inpcb_check_deliver; mpo_inpcb_check_visible_t mpo_inpcb_check_visible; mpo_inpcb_create_t mpo_inpcb_create; @@ -815,6 +875,8 @@ mpo_posixsem_destroy_label_t mpo_posixsem_destroy_label; mpo_posixsem_init_label_t mpo_posixsem_init_label; + mpo_posixshm_path_prefix_t mpo_posixshm_path_prefix; + mpo_posixshm_path_unprefix_t mpo_posixshm_path_unprefix; mpo_posixshm_check_create_t mpo_posixshm_check_create; mpo_posixshm_check_mmap_t mpo_posixshm_check_mmap; mpo_posixshm_check_open_t mpo_posixshm_check_open; @@ -836,6 +898,7 @@ mpo_proc_check_sched_t mpo_proc_check_sched; mpo_proc_check_signal_t mpo_proc_check_signal; mpo_proc_check_wait_t mpo_proc_check_wait; + mpo_proc_check_procctl_t mpo_proc_check_procctl; mpo_proc_destroy_label_t mpo_proc_destroy_label; mpo_proc_init_label_t mpo_proc_init_label; @@ -843,6 +906,7 @@ mpo_socket_check_bind_t mpo_socket_check_bind; mpo_socket_check_connect_t mpo_socket_check_connect; mpo_socket_check_create_t mpo_socket_check_create; + mpo_socket_check_create_t mpo_socket_check_create_pair; mpo_socket_check_deliver_t mpo_socket_check_deliver; mpo_socket_check_listen_t mpo_socket_check_listen; mpo_socket_check_poll_t mpo_socket_check_poll; @@ -851,6 +915,8 @@ mpo_socket_check_send_t mpo_socket_check_send; mpo_socket_check_stat_t mpo_socket_check_stat; mpo_socket_check_visible_t mpo_socket_check_visible; + mpo_socket_check_sockopt_t mpo_socket_check_setsockopt; + mpo_socket_check_sockopt_t mpo_socket_check_getsockopt; mpo_socket_copy_label_t mpo_socket_copy_label; mpo_socket_create_t mpo_socket_create; mpo_socket_create_mbuf_t mpo_socket_create_mbuf; @@ -880,6 +946,9 @@ mpo_system_check_swapon_t mpo_system_check_swapon; mpo_system_check_swapoff_t mpo_system_check_swapoff; mpo_system_check_sysctl_t mpo_system_check_sysctl; + mpo_system_check_syscat_t mpo_system_check_syscat; + mpo_system_check_sysent_t mpo_system_check_sysent; + mpo_system_execve_t mpo_system_execve; mpo_sysvmsg_cleanup_t mpo_sysvmsg_cleanup; mpo_sysvmsg_create_t mpo_sysvmsg_create; @@ -962,6 +1031,23 @@ mpo_vnode_internalize_label_t mpo_vnode_internalize_label; mpo_vnode_relabel_t mpo_vnode_relabel; mpo_vnode_setlabel_extattr_t mpo_vnode_setlabel_extattr; + + mpo_vnode_walk_amend_fp_t mpo_vnode_walk_amend_fp; + mpo_vnode_walk_start_fp_t mpo_vnode_walk_start_fp; + mpo_vnode_walk_start_vp_t mpo_vnode_walk_start_vp; + mpo_vnode_walk_lookup_t mpo_vnode_walk_lookup; + mpo_vnode_walk_return_t mpo_vnode_walk_return; + mpo_vnode_walk_transfer_t mpo_vnode_walk_transfer; + mpo_vnode_walk_created_t mpo_vnode_walk_created; + mpo_vnode_walk_finish_t mpo_vnode_walk_finish; + mpo_vnode_walk_failed_t mpo_vnode_walk_failed; + mpo_vnode_walk_dirent_visible_t mpo_vnode_walk_dirent_visible; + + mpo_generic_filter_setmode_t mpo_generic_filter_setmode; + mpo_generic_check_ioctl_t mpo_generic_check_ioctl; + mpo_generic_check_vm_prot_t mpo_generic_check_vm_prot; + mpo_generic_check_sendfd_t mpo_generic_check_sendfd; + mpo_generic_check_recvfd_t mpo_generic_check_recvfd; }; /* Index: sys/security/mac/mac_posix_shm.c =================================================================== --- sys/security/mac/mac_posix_shm.c +++ sys/security/mac/mac_posix_shm.c @@ -92,6 +92,32 @@ } } +MAC_CHECK_PROBE_DEFINE4(posixshm_path_prefix, "struct ucred *", + "char *", "size_t *", "size_t"); + +int +mac_posixshm_path_prefix(struct ucred *active_cred, char *path, + size_t *prefix_len, size_t path_size) +{ + int error; + + MAC_POLICY_CHECK_NOSLEEP(posixshm_path_prefix, active_cred, path, + prefix_len, path_size); + MAC_CHECK_PROBE4(posixshm_path_prefix, error, active_cred, path, + prefix_len, path_size); + + return (error); +} + +void +mac_posixshm_path_unprefix(struct ucred *cred, const char *path, + size_t *prefix_len) +{ + + MAC_POLICY_PERFORM_NOSLEEP(posixshm_path_unprefix, cred, path, + prefix_len); +} + void mac_posixshm_create(struct ucred *cred, struct shmfd *shmfd) { Index: sys/security/mac/mac_process.c =================================================================== --- sys/security/mac/mac_process.c +++ sys/security/mac/mac_process.c @@ -431,3 +431,17 @@ return (error); } + +MAC_CHECK_PROBE_DEFINE4(proc_check_procctl, "struct ucred *", "struct proc *", + "int", "void *"); + +int +mac_proc_check_procctl(struct ucred *cred, struct proc *p, int com, void *data) +{ + int error; + + MAC_POLICY_CHECK_NOSLEEP(proc_check_procctl, cred, p, com, data); + MAC_CHECK_PROBE4(proc_check_procctl, error, cred, p, com, data); + + return (error); +} Index: sys/security/mac/mac_socket.c =================================================================== --- sys/security/mac/mac_socket.c +++ sys/security/mac/mac_socket.c @@ -360,6 +360,22 @@ return (error); } +MAC_CHECK_PROBE_DEFINE4(socket_check_create_pair, "struct ucred *", "int", "int", + "int"); + +int +mac_socket_check_create_pair(struct ucred *cred, int domain, int type, int proto) +{ + int error; + + MAC_POLICY_CHECK_NOSLEEP(socket_check_create_pair, cred, domain, type, + proto); + MAC_CHECK_PROBE4(socket_check_create_pair, error, cred, domain, type, + proto); + + return (error); +} + MAC_CHECK_PROBE_DEFINE2(socket_check_deliver, "struct socket *", "struct mbuf *"); @@ -486,6 +502,38 @@ return (error); } +MAC_CHECK_PROBE_DEFINE3(socket_check_setsockopt, "struct ucred *", + "struct socket *", "struct sockopt *"); + +int +mac_socket_check_setsockopt(struct ucred *cred, struct socket *so, + struct sockopt *sopt) +{ + int error; + + MAC_POLICY_CHECK_NOSLEEP(socket_check_setsockopt, cred, + so, so->so_label, sopt); + MAC_CHECK_PROBE3(socket_check_setsockopt, error, cred, so, sopt); + + return (error); +} + +MAC_CHECK_PROBE_DEFINE3(socket_check_getsockopt, "struct ucred *", + "struct socket *", "struct sockopt *"); + +int +mac_socket_check_getsockopt(struct ucred *cred, struct socket *so, + struct sockopt *sopt) +{ + int error; + + MAC_POLICY_CHECK_NOSLEEP(socket_check_getsockopt, cred, + so, so->so_label, sopt); + MAC_CHECK_PROBE3(socket_check_getsockopt, error, cred, so, sopt); + + return (error); +} + int mac_socket_label_set(struct ucred *cred, struct socket *so, struct label *label) Index: sys/security/mac/mac_system.c =================================================================== --- sys/security/mac/mac_system.c +++ sys/security/mac/mac_system.c @@ -234,3 +234,30 @@ return (error); } + +void +mac_system_execve(struct ucred *cred, struct image_params *imgp) +{ + + MAC_POLICY_PERFORM(system_execve, cred, imgp); +} + +int +mac_system_check_syscat_impl(struct ucred *cred, int syscat) +{ + int error; + + MAC_POLICY_CHECK_NOSLEEP(system_check_syscat, cred, syscat); + + return (error); +} + +int +mac_system_check_sysent_impl(struct ucred *cred, const struct sysent *se) +{ + int error; + + MAC_POLICY_CHECK_NOSLEEP(system_check_sysent, cred, se); + + return (error); +} Index: sys/security/mac/mac_vfs.c =================================================================== --- sys/security/mac/mac_vfs.c +++ sys/security/mac/mac_vfs.c @@ -60,6 +60,7 @@ #include #include #include +#include #include #include #include @@ -1080,6 +1081,202 @@ return (0); } + +bool +mac_vnode_walk_dirent_visible(struct ucred *cred, struct vnode *vp, + struct dirent *dp) +{ + bool result; + + ASSERT_VOP_LOCKED(vp, "mac_vnode_walk_dirent_visible"); + + result = true; + MAC_POLICY_BOOLEAN(vnode_walk_dirent_visible, &&, cred, vp, dp); + + return (result); +} + +int +mac_vnode_readdir_filtered(struct ucred *active_cred, struct ucred *file_cred, + struct vnode *dvp, struct uio *ruio) +{ + struct mount *mp; + struct vattr va; + void *buf; + size_t buf_size; + bool last_read; + int error, eofflag; + + ASSERT_VOP_LOCKED(dvp, "mac_vnode_readdir_filtered"); + MPASS(ruio->uio_rw == UIO_READ); + + if (!mac_vnode_walk_needed(active_cred) || + mac_vnode_walk_dirent_visible(active_cred, dvp, NULL)) + return (VOP_READDIR(dvp, ruio, file_cred, &eofflag, NULL, NULL)); + + error = VOP_GETATTR(dvp, &va, file_cred); + if (error != 0) + return (error); + buf_size = MIN(ruio->uio_resid, MAX(DEV_BSIZE, va.va_blocksize)); + buf = malloc(buf_size, M_TEMP, M_WAITOK); + + /* The vnode_walk_dirent_visible handlers may use VOP_LOOKUP(). */ + if ((mp = dvp->v_mount) != NULL && + (mp->mnt_kern_flag & MNTK_LOOKUP_SHARED) == 0 && + VOP_ISLOCKED(dvp) == LK_SHARED) + vn_lock(dvp, LK_UPGRADE | LK_RETRY); + + last_read = false; + do { + struct iovec iov; + struct uio uio; + char *pos, *end; + iov.iov_base = buf; + iov.iov_len = buf_size; + uio.uio_iov = &iov; + uio.uio_iovcnt = 1; + uio.uio_offset = ruio->uio_offset; + uio.uio_resid = buf_size; + uio.uio_segflg = UIO_SYSSPACE; + uio.uio_rw = UIO_READ; + uio.uio_td = ruio->uio_td; + error = VOP_READDIR(dvp, &uio, file_cred, &eofflag, NULL, NULL); + if (error != 0) + goto out; + end = (pos = buf) + (buf_size - uio.uio_resid); + if (pos == end) /* EOF */ + goto out; + while (pos < end) { + struct dirent *dp = (void *)pos; + if (__offsetof(struct dirent, d_name) > end - pos || + dp->d_reclen > end - pos) { /* partial entry */ + if (pos == buf) { + error = EINVAL; + goto out; /* it'll never fit... */ + } + break; /* try again with empty buffer */ + } + if (dp->d_fileno != 0 && + mac_vnode_walk_dirent_visible(active_cred, dvp, dp)) { + /* Visible entry, append to return buffer. */ + if (ruio->uio_resid < dp->d_reclen) + goto out; /* returned all we can */ + error = uiomove(dp, dp->d_reclen, ruio); + if (error != 0) + goto out; + } + pos += dp->d_reclen; + /* + * The NFS client (and maybe others?) sets d_off to 0. + */ + if (dp->d_off != 0) { + ruio->uio_offset = dp->d_off; + } else { + /* + * Don't do another VOP_READDIR() unless the + * return buffer has enough room for everything + * we could potentially get or we'd have no way + * to resume from where we left off. + * + * The caller may get a (very) short read, but + * not a zero read (since our buffer cannot be + * larger than the return buffer, the return + * buffer necessarily must have been filled). + * + * Hopefully VOP_READDIR() never returns an + * incomplete entry at the end of the buffer... + */ + last_read = ruio->uio_resid < buf_size; + ruio->uio_offset = uio.uio_offset; + } + } + } while (!last_read); +out: + free(buf, M_TEMP); + return (error); +} + + +void +mac_vnode_walk_amend_fp(struct ucred *cred, struct file *fp, struct vnode *vp) +{ + + MAC_POLICY_PERFORM(vnode_walk_amend_fp, cred, fp, vp); +} + +int +mac_vnode_walk_start_fp(struct ucred *cred, struct file *fp, bool advance) +{ + int error; + + MAC_POLICY_CHECK(vnode_walk_start_fp, cred, fp, advance); + + return (error); +} + +int +mac_vnode_walk_start_vp(struct ucred *cred, struct vnode *vp, bool advance) +{ + int error; + + MAC_POLICY_CHECK(vnode_walk_start_vp, cred, vp, advance); + + return (error); +} + +void +mac_vnode_walk_lookup(struct ucred *cred, + struct vnode *dvp, struct componentname *cnp, struct vnode *vp) +{ + + MAC_POLICY_PERFORM(vnode_walk_lookup, cred, dvp, cnp, vp); +} + +void +mac_vnode_walk_return(struct ucred *cred, + struct vnode *from_vp, struct vnode *to_vp) +{ + + MAC_POLICY_PERFORM(vnode_walk_return, cred, from_vp, to_vp); +} + +void +mac_vnode_walk_transfer(struct ucred *cred, + struct vnode *from_vp, struct vnode *to_vp) +{ + + MAC_POLICY_PERFORM(vnode_walk_transfer, cred, from_vp, to_vp); +} + +void +mac_vnode_walk_created(struct ucred *cred, + struct vnode *dvp, struct vnode *vp) +{ + + MAC_POLICY_PERFORM(vnode_walk_created, cred, dvp, vp); +} + +int +mac_vnode_walk_finish(struct ucred *cred, struct vnode *dvp, struct vnode *vp) +{ + int error; + + MAC_POLICY_CHECK(vnode_walk_finish, cred, dvp, vp); + + return (error); +} + +int +mac_vnode_walk_failed(struct ucred *cred, int error1) +{ + int error; + + MAC_POLICY_CHECK(vnode_walk_failed, cred, error1); + + return (error); +} + + #ifdef DEBUG_VFS_LOCKS void mac_vnode_assert_locked(struct vnode *vp, const char *func) Index: sys/sys/errno.h =================================================================== --- sys/sys/errno.h +++ sys/sys/errno.h @@ -181,10 +181,12 @@ #define ENOTRECOVERABLE 95 /* State not recoverable */ #define EOWNERDEAD 96 /* Previous owner died */ #define EINTEGRITY 97 /* Integrity check failed */ +#define EMACTRAP 98 +#define EMACKILL 99 #endif /* _POSIX_SOURCE */ #ifndef _POSIX_SOURCE -#define ELAST 97 /* Must be equal largest errno */ +#define ELAST 99 /* Must be equal largest errno */ #endif /* _POSIX_SOURCE */ #if defined(_KERNEL) || defined(_WANT_KERNEL_ERRNO) || defined(_STANDALONE) Index: sys/sys/eventhandler.h =================================================================== --- sys/sys/eventhandler.h +++ sys/sys/eventhandler.h @@ -100,7 +100,7 @@ * it is suggested that you directly define a list for them. */ #define EVENTHANDLER_LIST_DEFINE(name) \ -struct eventhandler_list *_eventhandler_list_ ## name ; \ +struct eventhandler_list *_eventhandler_list_ ## name = NULL; \ static void _ehl_init_ ## name (void * ctx __unused) \ { \ _eventhandler_list_ ## name = eventhandler_create_list(#name); \ @@ -109,6 +109,8 @@ _ehl_init_ ## name, NULL); \ struct __hack +#define EVENTHANDLER_LIST_IS_READY(name) (_eventhandler_list_ ## name != NULL) + #define EVENTHANDLER_DIRECT_INVOKE(name, ...) do { \ struct eventhandler_list *_el; \ \ Index: sys/sys/file.h =================================================================== --- sys/sys/file.h +++ sys/sys/file.h @@ -181,6 +181,11 @@ off_t fa_end; /* (f) Region end. */ }; +struct funveil_info { + uint32_t uperms; + uint8_t action; +}; + struct file { volatile u_int f_flag; /* see fcntl.h */ volatile u_int f_count; /* reference count */ @@ -203,6 +208,7 @@ /* (d) Private data for the cdev. */ struct fadvise_info *fvn_advice; } f_vnun; + struct funveil_info f_unveil; /* for mac_curtain's unveil support */ /* * DFLAG_SEEKABLE specific fields */ Index: sys/sys/imgact.h =================================================================== --- sys/sys/imgact.h +++ sys/sys/imgact.h @@ -91,6 +91,9 @@ bool vmspace_destroyed; /* we've blown away original vm space */ bool opened; /* we have opened executable vnode */ bool textset; +#define IMGACT_MAC_IGNORE_SETID 0x1 /* ignore file's s[ug]id bits */ +#define IMGACT_MAC_NO_BINARIES 0x2 /* only allow interpreted files */ + unsigned char mac_restrictions; u_int map_flags; }; Index: sys/sys/namei.h =================================================================== --- sys/sys/namei.h +++ sys/sys/namei.h @@ -140,7 +140,7 @@ #define NAMEI_DBG_HADSTARTDIR 0x0004 /* - * namei operational modifier flags, stored in ni_cnd.flags + * namei operational modifier flags, stored in ni_cnd.cn_flags */ #define NC_NOMAKEENTRY 0x0001 /* name must not be added to cache */ #define NC_KEEPPOSENTRY 0x0002 /* don't evict a positive entry */ @@ -154,6 +154,7 @@ #define LOCKSHARED 0x0100 /* Shared lock leaf */ #define NOFOLLOW 0x0000 /* do not follow symbolic links (pseudo) */ #define RBENEATH 0x100000000ULL /* No escape, even tmp, from start dir */ +#define MACWALKCONTINUE 0x200000000ULL /* continue from current tracker entry */ #define MODMASK 0xf000001ffULL /* mask of operational modifiers */ /* @@ -213,6 +214,9 @@ */ #define NI_LCF_STRICTRELATIVE 0x0001 /* relative lookup only */ #define NI_LCF_CAP_DOTDOT 0x0002 /* ".." in strictrelative case */ +#define NI_LCF_MACWALK_ACTIVE 0x0010 /* calling vnode MAC walk functions */ +#define NI_LCF_MACWALK_ADVANCE 0x0020 /* must roll tracker forward */ +#define NI_LCF_MACWALK_RESUME 0x0040 /* don't need to find cover directory */ /* * Initialization of a nameidata structure. Index: sys/sys/proc.h =================================================================== --- sys/sys/proc.h +++ sys/sys/proc.h @@ -321,6 +321,7 @@ int td_errno; /* (k) Error from last syscall. */ size_t td_vslock_sz; /* (k) amount of vslock-ed space */ struct kcov_info *td_kcov_info; /* (*) Kernel code coverage data */ + struct unveil_track *td_unveil_track; /* (k) mac_curtain unveil tracker */ u_int td_ucredref; /* (k) references on td_realucred */ #define td_endzero td_sigmask @@ -690,6 +691,7 @@ u_int p_treeflag; /* (e) P_TREE flags */ int p_pendingexits; /* (c) Count of pending thread exits. */ struct filemon *p_filemon; /* (c) filemon-specific data. */ + struct unveil_cache *p_unveil_cache; /* (c) mac_curtain cover cache */ int p_pdeathsig; /* (c) Signal from parent on exit. */ /* End area that is zeroed on creation. */ #define p_endzero p_magic Index: sys/sys/signal.h =================================================================== --- sys/sys/signal.h +++ sys/sys/signal.h @@ -418,6 +418,7 @@ /* message on an empty message queue. */ #define SI_KERNEL 0x10006 #define SI_LWP 0x10007 /* Signal sent by thr_kill */ +#define SI_MAC 0x10008 /* Signal sent due to MAC errnos */ #endif #if __BSD_VISIBLE #define SI_UNDEFINED 0 Index: sys/sys/syscat.h =================================================================== --- /dev/null +++ sys/sys/syscat.h @@ -0,0 +1,135 @@ +#ifndef _SYS_SYSCAT_H_ +#define _SYS_SYSCAT_H_ + +/* + * Access to kernel functionality may be restricted by MAC modules based on + * those "syscall categories". Each syscall is assigned one category (which + * will default to SY_CAT_CATCHALL). There are also a few explicit category + * checks spread out in the kernel. + * + * Note that these categories never grant any privileges by themselves, they + * are merely a prerequisite. + */ + +#define SY_CAT_CATCHALL 0 /* misc. operations assumed unsafe */ +#define SY_CAT_EXIT 1 /* terminate current process */ +#define SY_CAT_CORE 2 /* misc. essential operations */ +#define SY_CAT_MMAN 3 /* memory management */ +#define SY_CAT_FDESC 4 /* file descriptor management */ +#define SY_CAT_GENIO 5 /* generic I/O on opened FDs */ +#define SY_CAT_POLL 6 /* select(2)/poll(2)/kqueue(2)/etc */ +#define SY_CAT_IOCTL 7 /* ioctl(2) */ +#define SY_CAT_CLOCK 8 /* read system clocks */ +#define SY_CAT_TIMER 9 /* per-process timers usage */ +#define SY_CAT_SIGHAND 10 /* change signal handlers */ +#define SY_CAT_SIGMASK 11 /* signal masking */ +#define SY_CAT_SIGWAIT 12 /* waiting on signals */ +#define SY_CAT_STATUS 13 /* misc. info on current process */ +#define SY_CAT_SYSINFO 14 /* sysctl, misc. system info syscalls */ +#define SY_CAT_THREAD 15 /* threads management */ +#define SY_CAT_GETSCHED 16 /* inspect scheduling parameters */ +#define SY_CAT_SETSCHED 17 /* change scheduling parameters */ +#define SY_CAT_PIPE 18 /* pipe(2)/socketpair(2) */ +#define SY_CAT_FLOCK 19 /* advisory file locking */ +#define SY_CAT_PATH 20 /* misc. operations using paths */ +#define SY_CAT_STAT_PATH 21 /* get file status using paths */ +#define SY_CAT_READ_PATH 22 /* read operations using paths */ +#define SY_CAT_WRITE_PATH 23 /* write operations using paths */ +#define SY_CAT_CREATE_PATH 24 /* creating paths */ +#define SY_CAT_DELETE_PATH 25 /* deleting paths */ +#define SY_CAT_RENAME_PATH 26 /* renaming paths */ +#define SY_CAT_FATTR 27 /* change file attributes of FD */ +#define SY_CAT_FATTR_PATH 28 /* change file attributes using path */ +#define SY_CAT_STATFS 29 /* fstatfs(2) */ +#define SY_CAT_STATFS_PATH 30 /* statfs(2) */ +#define SY_CAT_GETFSSTAT 31 /* getfsstat(2) */ +#define SY_CAT_SOCKIO 32 /* sendmsg/recvmsg/etc, sockopts */ +#define SY_CAT_SOCK 33 /* misc. socket management operations */ +#define SY_CAT_TTYMGMT 34 /* revoke(2)/posix_openpt(2) */ +#define SY_CAT_WAIT 35 /* child process wait/status */ +#define SY_CAT_FORK 36 /* forking, pgrps, sessions */ +#define SY_CAT_EXEC 37 /* fexecve(2) */ +#define SY_CAT_EXEC_PATH 38 /* execve(2) */ +#define SY_CAT_GETRLIMIT 39 /* inspect resource limits */ +#define SY_CAT_SETRLIMIT 40 /* change resource limits */ +#define SY_CAT_GETCRED 41 /* inspect uid/gids/login/etc */ +#define SY_CAT_SETCRED 42 /* change uid/gids/login/etc */ +#define SY_CAT_PROCCTL 43 /* procctl(2) */ +#define SY_CAT_QUOTA 44 /* inspect/change quotas */ +#define SY_CAT_GETEXTATTR 45 /* inspect extattrs on FD */ +#define SY_CAT_SETEXTATTR 46 /* modify extattrs on FD */ +#define SY_CAT_GETEXTATTR_PATH 47 /* inspect extattrs using path */ +#define SY_CAT_SETEXTATTR_PATH 48 /* modify extattrs using path */ +#define SY_CAT_GETACL 49 /* inspect ACLs on FD */ +#define SY_CAT_SETACL 50 /* modify ACLs on FD */ +#define SY_CAT_GETACL_PATH 51 /* inspect ACLs using path */ +#define SY_CAT_SETACL_PATH 52 /* modify ACLs using path */ +#define SY_CAT_MAC_SYSCALL 53 /* mac_syscall(2) */ +#define SY_CAT_GETMAC 54 /* inspect MAC labels on FD */ +#define SY_CAT_SETMAC 55 /* modify MAC labels on FD */ +#define SY_CAT_GETMAC_PATH 56 /* inspect MAC labels using path */ +#define SY_CAT_SETMAC_PATH 57 /* modify MAC labels using path */ +#define SY_CAT_GETMAC_PROC 58 /* inspect MAC labels of process */ +#define SY_CAT_SETMAC_PROC 59 /* change MAC labels of process */ +#define SY_CAT_MAC_EXEC 60 /* execute with MAC label */ +#define SY_CAT_MAC_EXEC_PATH 61 /* execute path with MAC label */ +#define SY_CAT_AIO 62 /* aio(4) */ +#define SY_CAT_AIO_MLOCK 63 /* aio(4) memory locking */ +#define SY_CAT_SENDFILE 64 /* sendfile(2) */ +#define SY_CAT_MLOCK 65 /* locking pages in memory */ +#define SY_CAT_SYSVSHM 66 /* SysV shared memory */ +#define SY_CAT_SYSVSEM 67 /* SysV semaphores */ +#define SY_CAT_SYSVMSG 68 /* SysV message queues */ +#define SY_CAT_POSIXSHM 69 /* POSIX shared memory */ +#define SY_CAT_POSIXSEM 70 /* POSIX semaphores */ +#define SY_CAT_POSIXMSG 71 /* POSIX message queues */ +#define SY_CAT_FFCLOCK 72 /* ffclock(2) "feed-forward clock" */ +#define SY_CAT_CPUSET 73 /* cpuset(2) */ +#define SY_CAT_CHROOT 74 /* chroot(2) */ +#define SY_CAT_JAIL 75 /* inspect/manage jails */ +#define SY_CAT_TRACE 76 /* ktrace(2)/ptrace(2) */ +#define SY_CAT_RFORK 77 /* non-RFSPAWN rfork(2) */ +#define SY_CAT_MOUNT 78 /* mount points management */ +#define SY_CAT_AUDIT 79 /* audit(4) */ +#define SY_CAT_FH 80 /* getfh(2) and friends */ +#define SY_CAT_SETTIME 81 /* set system clock */ +#define SY_CAT_KMODSTAT 83 /* inspect kernel modules */ +#define SY_CAT_KENV 84 /* kenv(2) */ +#define SY_CAT_SYSMGMT 85 /* misc. system management operations */ +#define SY_CAT_UMTX 86 /* _umtx_op(2) */ + +#define SY_CAT_LAST 86 /* UPDATE ME!!! */ + +_Static_assert(SY_CAT_LAST == 86, "Did you update SY_CAT_LAST?"); + +_Static_assert(SY_CAT_CATCHALL == 0, + "SY_CAT_CATCHALL must be zero for initializers to work correctly."); + +/* + * Category aliases to help keep track of special cases. Some syscalls are + * assigned categories that may seem less restrictive than they should be. + * These syscalls must do their own checking and only allow safe operations + * (possibly through explicit syscat checks, priv(9) restrictions and/or MAC + * checks, etc). + */ + +/* Allow to enter/check capability mode, manage FD rights/limits, etc. */ +#define SY_CAT_CAPSICUM SY_CAT_CORE +/* Can signal current process (others depending on visibility checks) */ +#define SY_CAT_SIGSEND SY_CAT_CORE +/* Can do certain operations on self. */ +#define SY_CAT_THREAD_ SY_CAT_CORE +#define SY_CAT_GETCPUSET_ SY_CAT_GETSCHED +#define SY_CAT_SETCPUSET_ SY_CAT_SETSCHED +/* Get/set operations distinguished later in the call. */ +#define SY_CAT_SCHED_ SY_CAT_GETSCHED +/* Allow RFSPAWN with just SY_CAT_FORK. */ +#define SY_CAT_RFORK_ SY_CAT_FORK +/* Allow creation of anonymous memory objects. */ +#define SY_CAT_POSIXSHM_ SY_CAT_MMAN +/* Retrieving correction delta with adjtime(2) is allowed. */ +#define SY_CAT_SETTIME_ SY_CAT_CLOCK +/* Categories for syscalls there's probably no point limiting separately. */ +#define SY_CAT_KMODMGMT SY_CAT_SYSMGMT + +#endif Index: sys/sys/sysctl.h =================================================================== --- sys/sys/sysctl.h +++ sys/sys/sysctl.h @@ -40,6 +40,7 @@ #ifdef _KERNEL #include +#include #endif /* @@ -194,6 +195,7 @@ u_int oid_running; const char *oid_descr; const char *oid_label; + struct sysctl_shadow *oid_shadow; /* used by mac_curtain */ }; #define SYSCTL_IN(r, p, l) (r->newfunc)(r, p, l) @@ -1164,6 +1166,7 @@ size_t *retval, int flags); int sysctl_find_oid(int *name, u_int namelen, struct sysctl_oid **noid, int *nindx, struct sysctl_req *req); +void sysctl_call_with_rlock(void (*cb)(void *ctx), void *ctx); void sysctl_wlock(void); void sysctl_wunlock(void); int sysctl_wire_old_buffer(struct sysctl_req *req, size_t len); @@ -1174,6 +1177,11 @@ struct sbuf; struct sbuf *sbuf_new_for_sysctl(struct sbuf *, char *, int, struct sysctl_req *); + +typedef void (*sysctl_registration_hook)(void *tag, struct sysctl_oid *); +EVENTHANDLER_DECLARE(sysctl_register_oid, sysctl_registration_hook); +EVENTHANDLER_DECLARE(sysctl_unregister_oid, sysctl_registration_hook); + #else /* !_KERNEL */ #include #include Index: sys/sys/sysent.h =================================================================== --- sys/sys/sysent.h +++ sys/sys/sysent.h @@ -80,6 +80,14 @@ * A system call is permitted in capability mode. */ #define SYF_CAPENABLED 0x00000001 +/* + * System call's category for filtering purpose (see ). + */ +#define SYF_CAT_SHIFT 1 +#define SYF_CAT_WIDTH 7 +#define SYF_CAT_MASK (((1U << SYF_CAT_WIDTH) - 1) << SYF_CAT_SHIFT) +#define SYF_CAT(i) (((i) << SYF_CAT_SHIFT) & SYF_CAT_MASK) +#define SYF_CAT_GET(f) (((f) & SYF_CAT_MASK) >> SYF_CAT_SHIFT) #define SY_THR_FLAGMASK 0x7 #define SY_THR_STATIC 0x1 @@ -300,6 +308,13 @@ .syscall_no = NO_SYSCALL \ } +/* + * Flags for syscall_helper_register()/kern_syscall_register(). + * + * SY_THR_STATIC/SY_THR_STATIC_KLD can also be used. + */ +#define SY_HLP_PRESERVE_SYFLAGS 0x100 + int syscall_module_handler(struct module *mod, int what, void *arg); int syscall_helper_register(struct syscall_helper_data *sd, int flags); int syscall_helper_unregister(struct syscall_helper_data *sd); Index: sys/sys/ucred.h =================================================================== --- sys/sys/ucred.h +++ sys/sys/ucred.h @@ -91,6 +91,8 @@ * Flags for cr_flags. */ #define CRED_FLAG_CAPMODE 0x00000001 /* In capability mode. */ +#define CRED_FLAG_SYSFILT 0x00000002 /* MAC syscalls filtering. */ +#define CRED_FLAG_NEEDTRIM 0x00000004 /* Must call mac_cred_trim() */ /* * This is the external representation of struct ucred. Index: sys/sys/user.h =================================================================== --- sys/sys/user.h +++ sys/sys/user.h @@ -112,6 +112,7 @@ /* Flags for the process credential. */ #define KI_CRF_CAPABILITY_MODE 0x00000001 +#define KI_CRF_SYSCALLS_FILTER 0x00000002 /* * Steal a bit from ki_cr_flags to indicate that the cred had more than * KI_NGROUPS groups. Index: sys/sys/vnode.h =================================================================== --- sys/sys/vnode.h +++ sys/sys/vnode.h @@ -617,6 +617,7 @@ #define VN_OPEN_NAMECACHE 0x00000004 #define VN_OPEN_INVFS 0x00000008 #define VN_OPEN_WANTIOCTLCAPS 0x00000010 +#define VN_OPEN_MACWALKCONTINUE 0x00000020 /* copy_file_range kernel flags */ #define COPY_FILE_RANGE_KFLAGS 0xff000000 Index: sys/tools/makesyscalls.lua =================================================================== --- sys/tools/makesyscalls.lua +++ sys/tools/makesyscalls.lua @@ -1000,11 +1000,11 @@ if flags & known_flags['NOSTD'] ~= 0 then write_line("sysent", string.format( "\t{ .sy_narg = %s, .sy_call = (sy_call_t *)%s, " .. - ".sy_auevent = %s, .sy_flags = 0, " .. + ".sy_auevent = %s, .sy_flags = %s, " .. ".sy_thrcnt = SY_THR_ABSENT },", - "0", "lkmressys", "AUE_NULL")) + "0", "lkmressys", "AUE_NULL", sysflags)) align_sysent_comment(8 + 2 + #"0" + 15 + #"lkmressys" + - #"AUE_NULL" + 3) + #"AUE_NULL" + #sysflags + 2) else write_line("sysent", string.format( "\t{ %s(%s,%s), .sy_auevent = %s, .sy_flags = %s, .sy_thrcnt = %s },", @@ -1060,6 +1060,7 @@ local sysstart, sysend, flags, funcname, sysflags local thr_flag, syscallret local orig = line + local syscat flags = 0 thr_flag = "SY_THR_STATIC" @@ -1094,10 +1095,17 @@ -- Split flags for flag in allflags:gmatch("([^|]+)") do - if known_flags[flag] == nil then - abort(1, "Unknown flag " .. flag .. " for " .. sysnum) + if flag:match("^CAT_") then + if syscat ~= nil then + abort(1, "multiple syscats for " .. sysnum) + end + syscat = "SY_" .. flag + else + if known_flags[flag] == nil then + abort(1, "Unknown flag " .. flag .. " for " .. sysnum) + end + flags = flags | known_flags[flag] end - flags = flags | known_flags[flag] end if (flags & get_mask({"RESERVED", "UNIMPL"})) == 0 and sysnum == nil then @@ -1213,8 +1221,6 @@ funcomment = funcname end - sysflags = "0" - -- NODEF events do not get audited if flags & known_flags['NODEF'] ~= 0 then auditev = 'AUE_NULL' @@ -1223,11 +1229,19 @@ -- If applicable; strip the ABI prefix from the name local stripped_name = strip_abi_prefix(funcname) + local sysflags_list = { } if flags & known_flags['CAPENABLED'] ~= 0 or config["capenabled"][funcname] ~= nil or config["capenabled"][stripped_name] ~= nil then - sysflags = "SYF_CAPENABLED" + sysflags_list[#sysflags_list + 1] = "SYF_CAPENABLED" end + if syscat ~= nil then + sysflags_list[#sysflags_list + 1] = "SYF_CAT(" .. syscat .. ")" + end + if #sysflags_list == 0 then + sysflags_list[#sysflags_list + 1] = "0" + end + sysflags = table.concat(sysflags_list, " | ") local funcargs = {} local changes_abi = false Index: sys/vm/vm_mmap.c =================================================================== --- sys/vm/vm_mmap.c +++ sys/vm/vm_mmap.c @@ -363,6 +363,7 @@ addr = round_page((vm_offset_t)vms->vm_daddr + lim_max(td, RLIMIT_DATA)); } + if (len == 0) { /* * Return success without mapping anything for old @@ -380,6 +381,11 @@ * * This relies on VM_PROT_* matching PROT_*. */ +#ifdef MAC + error = mac_generic_check_vm_prot(td->td_ucred, NULL, prot); + if (error) + return (error); +#endif error = vm_mmap_object(&vms->vm_map, &addr, size, prot, max_prot, flags, NULL, pos, FALSE, td); } else { @@ -406,6 +412,11 @@ error = EINVAL; goto done; } +#ifdef MAC + error = mac_generic_check_vm_prot(td->td_ucred, fp, prot); + if (error) + goto done; +#endif if (check_fp_fn != NULL) { error = check_fp_fn(fp, prot, max_prot & cap_maxprot, flags); @@ -666,6 +677,9 @@ vm_size_t pageoff; int vm_error, max_prot; int flags; +#ifdef MAC + int error; +#endif addr = addr0; if ((prot & ~(_PROT_ALL | PROT_MAX(_PROT_ALL))) != 0) @@ -685,6 +699,12 @@ if (addr + size < addr) return (EINVAL); +#ifdef MAC + error = mac_generic_check_vm_prot(td->td_ucred, NULL, prot); + if (error) + return (error); +#endif + flags = VM_MAP_PROTECT_SET_PROT; if (max_prot != 0) flags |= VM_MAP_PROTECT_SET_MAXPROT; Index: usr.bin/diff/diffreg.c =================================================================== --- usr.bin/diff/diffreg.c +++ usr.bin/diff/diffreg.c @@ -462,6 +462,7 @@ opentemp(const char *f) { char buf[BUFSIZ], tempfile[PATH_MAX]; + const char *tmpdir; ssize_t nread; int ifd, ofd; @@ -470,7 +471,12 @@ else if ((ifd = open(f, O_RDONLY, 0644)) == -1) return (NULL); - (void)strlcpy(tempfile, _PATH_TMP "/diff.XXXXXXXX", sizeof(tempfile)); + if (issetugid() != 0 || (tmpdir = getenv("TMPDIR")) == NULL) + tmpdir = _PATH_TMP; + if (snprintf(tempfile, sizeof(tempfile), "%s/diff.XXXXXXXX", tmpdir) < 0) { + close(ifd); + return (NULL); + } if ((ofd = mkstemp(tempfile)) == -1) { close(ifd); Index: usr.bin/m4/eval.c =================================================================== --- usr.bin/m4/eval.c +++ usr.bin/m4/eval.c @@ -56,6 +56,7 @@ #include #include #include +#include #include "mdef.h" #include "stdd.h" #include "extern.h" @@ -831,8 +832,6 @@ static void dodiv(int n) { - int fd; - oindex = n; if (n >= maxout) { if (mimic_gnu) @@ -844,12 +843,14 @@ if (n < 0) n = 0; /* bitbucket */ if (outfile[n] == NULL) { - char fname[] = _PATH_DIVNAME; - - if ((fd = mkstemp(fname)) == -1 || - unlink(fname) == -1 || - (outfile[n] = fdopen(fd, "w+")) == NULL) - err(1, "%s: cannot divert", fname); + if (n == 0) { + /* outfile[0] is never read back */ + if ((outfile[n] = fopen(_PATH_DEVNULL, "w")) == NULL) + err(1, "cannot divert to %s", _PATH_DEVNULL); + } else { + if ((outfile[n] = tmpfile()) == NULL) + err(1, "cannot divert to temporary file"); + } } active = outfile[n]; } Index: usr.bin/procstat/procstat_cred.c =================================================================== --- usr.bin/procstat/procstat_cred.c +++ usr.bin/procstat/procstat_cred.c @@ -65,9 +65,10 @@ xo_emit("{:rgid/%5d} ", kipp->ki_rgid); xo_emit("{:svgid/%5d} ", kipp->ki_svgid); xo_emit("{:umask/%5s} ", get_umask(procstat, kipp)); - xo_emit("{:cr_flags/%s}", kipp->ki_cr_flags & CRED_FLAG_CAPMODE ? - "C" : "-"); - xo_emit("{P: }"); + xo_emit("{:cr_flags/%c%c}", + kipp->ki_cr_flags & KI_CRF_CAPABILITY_MODE ? 'C' : '-', + kipp->ki_cr_flags & KI_CRF_SYSCALLS_FILTER ? 'F' : '-'); + xo_emit("{P: }"); groups = NULL; /*