D34761.diff
No OneTemporary
Actions

Size

109 KB

Referenced Files

None

Subscribers

None

D34761.diff
View Options

	Index: bin/ps/print.c
	===================================================================
	--- bin/ps/print.c
	+++ bin/ps/print.c
	@@ -277,8 +277,10 @@
	*cp++ = 'V';
	if ((flag & P_SYSTEM) \|\| k->ki_p->ki_lock > 0)
	*cp++ = 'L';
	- if ((k->ki_p->ki_cr_flags & CRED_FLAG_CAPMODE) != 0)
	+ if ((k->ki_p->ki_cr_flags & KI_CRF_CAPABILITY_MODE) != 0)
	*cp++ = 'C';
	+ else if ((k->ki_p->ki_cr_flags & KI_CRF_RESTRICTED_MODE) != 0)
	+ *cp++ = '#';
	if (k->ki_p->ki_kiflag & KI_SLEADER)
	*cp++ = 's';
	if ((flag & P_CONTROLT) && k->ki_p->ki_pgid == k->ki_p->ki_tpgid)
	Index: lib/libkvm/kvm_proc.c
	===================================================================
	--- lib/libkvm/kvm_proc.c
	+++ lib/libkvm/kvm_proc.c
	@@ -149,7 +149,11 @@
	kp->ki_svuid = ucred.cr_svuid;
	kp->ki_rgid = ucred.cr_rgid;
	kp->ki_svgid = ucred.cr_svgid;
	- kp->ki_cr_flags = ucred.cr_flags;
	+ kp->ki_cr_flags = 0;
	+ if (SYSFILSET_IN_RESTRICTED_MODE(ucred.cr_sysfilset))
	+ kp->ki_cr_flags \|= KI_CRF_RESTRICTED_MODE;
	+ if (SYSFILSET_IN_CAPABILITY_MODE(ucred.cr_sysfilset))
	+ kp->ki_cr_flags \|= KI_CRF_CAPABILITY_MODE;
	if (ucred.cr_ngroups > KI_NGROUPS) {
	kp->ki_ngroups = KI_NGROUPS;
	kp->ki_cr_flags \|= KI_CRF_GRP_OVERFLOW;
	Index: sys/compat/linux/linux_errno.inc
	===================================================================
	--- sys/compat/linux/linux_errno.inc
	+++ sys/compat/linux/linux_errno.inc
	@@ -156,9 +156,11 @@
	[ENOTRECOVERABLE] = -LINUX_ENOTRECOVERABLE,
	[EOWNERDEAD] = -LINUX_EOWNERDEAD,
	[EINTEGRITY] = -LINUX_EINVAL, /* XXX */
	+ [ESYSFILTRAP] = -LINUX_EPERM,
	+ [ESYSFILKILL] = -LINUX_EPERM,
	};

	-_Static_assert(ELAST == 97,
	+_Static_assert(ELAST == 99,
	"missing errno entries in linux_errtbl");

	static const int linux_to_bsd_errtbl[LINUX_ELAST + 1] = {
	Index: sys/conf/options
	===================================================================
	--- sys/conf/options
	+++ sys/conf/options
	@@ -183,6 +183,7 @@
	MPROF_BUFFERS opt_mprof.h
	MPROF_HASH_SIZE opt_mprof.h
	NEW_PCIB opt_global.h
	+NOSYSFIL opt_global.h
	NO_ADAPTIVE_MUTEXES opt_adaptive_mutexes.h
	NO_ADAPTIVE_RWLOCKS
	NO_ADAPTIVE_SX
	Index: sys/kern/kern_exec.c
	===================================================================
	--- sys/kern/kern_exec.c
	+++ sys/kern/kern_exec.c
	@@ -584,9 +584,7 @@
	imgp->proc->p_pdeathsig = 0;

	if (credential_changing &&
	-#ifdef CAPABILITY_MODE
	- ((oldcred->cr_flags & CRED_FLAG_CAPMODE) == 0) &&
	-#endif
	+ !CRED_IN_RESTRICTED_MODE(oldcred) &&
	(imgp->vp->v_mount->mnt_flag & MNT_NOSUID) == 0 &&
	(p->p_flag & P_TRACED) == 0) {
	imgp->credential_setid = true;
	Index: sys/kern/kern_mib.c
	===================================================================
	--- sys/kern/kern_mib.c
	+++ sys/kern/kern_mib.c
	@@ -693,6 +693,9 @@
	SYSCTL_INT(_debug_sizeof, OID_AUTO, proc, CTLFLAG_RD,
	SYSCTL_NULL_INT_PTR, sizeof(struct proc), "sizeof(struct proc)");

	+SYSCTL_INT(_debug_sizeof, OID_AUTO, ucred, CTLFLAG_RD,
	+ SYSCTL_NULL_INT_PTR, sizeof(struct ucred), "sizeof(struct ucred)");
	+
	static int
	sysctl_kern_pid_max(SYSCTL_HANDLER_ARGS)
	{
	Index: sys/kern/kern_proc.c
	===================================================================
	--- sys/kern/kern_proc.c
	+++ sys/kern/kern_proc.c
	@@ -1076,8 +1076,10 @@
	kp->ki_ruid = cred->cr_ruid;
	kp->ki_svuid = cred->cr_svuid;
	kp->ki_cr_flags = 0;
	- if (cred->cr_flags & CRED_FLAG_CAPMODE)
	+ if (CRED_IN_CAPABILITY_MODE(cred))
	kp->ki_cr_flags \|= KI_CRF_CAPABILITY_MODE;
	+ if (CRED_IN_RESTRICTED_MODE(cred))
	+ kp->ki_cr_flags \|= KI_CRF_RESTRICTED_MODE;
	/* XXX bde doesn't like KI_NGROUPS */
	if (cred->cr_ngroups > KI_NGROUPS) {
	kp->ki_ngroups = KI_NGROUPS;
	Index: sys/kern/kern_prot.c
	===================================================================
	--- sys/kern/kern_prot.c
	+++ sys/kern/kern_prot.c
	@@ -2000,6 +2000,9 @@
	#endif
	#ifdef MAC
	mac_cred_init(cr);
	+#endif
	+#ifndef NOSYSFIL
	+ cr->cr_sysfilset = SYSFIL_FULL;
	#endif
	cr->cr_groups = cr->cr_smallgroups;
	cr->cr_agroups =
	Index: sys/kern/kern_sig.c
	===================================================================
	--- sys/kern/kern_sig.c
	+++ sys/kern/kern_sig.c
	@@ -3693,7 +3693,8 @@

	if (oldvp != NULL) {
	if (nextvp == NULL) {
	- if ((td->td_proc->p_flag & P_SUGID) != 0) {
	+ if ((td->td_proc->p_flag & P_SUGID) != 0 \|\|
	+ CRED_IN_VFS_VEILED_MODE(td->td_ucred)) {
	error = EFAULT;
	vn_close(oldvp, FWRITE, td->td_ucred, td);
	} else {
	@@ -3830,7 +3831,8 @@
	oflags = VN_OPEN_NOAUDIT \| VN_OPEN_NAMECACHE \|
	(capmode_coredump ? VN_OPEN_NOCAPCHECK : 0);
	flags = O_CREAT \| FWRITE \| O_NOFOLLOW;
	- if ((td->td_proc->p_flag & P_SUGID) != 0)
	+ if ((td->td_proc->p_flag & P_SUGID) != 0 \|\|
	+ CRED_IN_VFS_VEILED_MODE(td->td_ucred))
	flags \|= O_EXCL;

	NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name);
	Index: sys/kern/kern_syscalls.c
	===================================================================
	--- sys/kern/kern_syscalls.c
	+++ sys/kern/kern_syscalls.c
	@@ -116,7 +116,7 @@
	{
	int i;

	- if ((flags & ~SY_THR_STATIC) != 0)
	+ if ((flags & ~(SY_HLP_STATIC \| SY_HLP_PRESERVE_SYFLAGS)) != 0)
	return (EINVAL);

	if (*offset == NO_SYSCALL) {
	@@ -139,8 +139,11 @@
	("dynamic syscall is not protected"));
	old_sysent = sysents[offset];
	new_sysent->sy_thrcnt = SY_THR_ABSENT;
	+ if ((flags & SY_HLP_PRESERVE_SYFLAGS) != 0)
	+ new_sysent->sy_flags = old_sysent->sy_flags;
	sysents[offset] = new_sysent;
	- atomic_store_rel_32(&sysents[*offset].sy_thrcnt, flags);
	+ atomic_store_rel_32(&sysents[*offset].sy_thrcnt,
	+ (flags & SY_HLP_STATIC) != 0 ? SY_THR_STATIC : 0);
	return (0);
	}

	Index: sys/kern/subr_syscall.c
	===================================================================
	--- sys/kern/subr_syscall.c
	+++ sys/kern/subr_syscall.c
	@@ -46,6 +46,7 @@
	__FBSDID("$FreeBSD$");

	#include <sys/capsicum.h>
	+#include <sys/sysfil.h>
	#include <sys/ktr.h>
	#include <sys/vmmeter.h>
	#ifdef KTRACE
	@@ -117,14 +118,20 @@
	}
	}

	+#ifndef NOSYSFIL
	+ if (__predict_false(!CRED_HAS_SYSFIL(td->td_ucred, ~se->sy_flags))) {
	#ifdef CAPABILITY_MODE
	- /*
	- * In capability mode, we only allow access to system calls
	- * flagged with SYF_CAPENABLED.
	- */
	- if (__predict_false(IN_CAPABILITY_MODE(td) &&
	- (se->sy_flags & SYF_CAPENABLED) == 0)) {
	- td->td_errno = error = ECAPMODE;
	+ /*
	+ * In capability mode, we only allow access to system calls
	+ * flagged with SYF_CAPENABLED.
	+ */
	+ if (__predict_false(IN_CAPABILITY_MODE(td) &&
	+ (se->sy_flags & SYF_CAPENABLED) == 0)) {
	+ td->td_errno = error = ECAPMODE;
	+ goto retval;
	+ }
	+#endif
	+ td->td_errno = error = EPERM;
	goto retval;
	}
	#endif
	@@ -212,7 +219,6 @@
	{
	struct proc *p;
	struct syscall_args *sa;
	- ksiginfo_t ksi;
	int traced;

	KASSERT(td->td_errno != ERELOOKUP,
	@@ -220,18 +226,38 @@

	p = td->td_proc;
	sa = &td->td_sa;
	- if (__predict_false(td->td_errno == ENOTCAPABLE \|\|
	- td->td_errno == ECAPMODE)) {
	- if ((trap_enotcap \|\|
	- (p->p_flag2 & P2_TRAPCAP) != 0) && IN_CAPABILITY_MODE(td)) {
	+
	+#ifndef NOSYSFIL
	+ /* Handle special errnos that should trigger signals. */
	+ if (__predict_false(td->td_errno != 0)) {
	+ ksiginfo_t ksi;
	+ switch (td->td_errno) {
	+ case ENOTCAPABLE:
	+ case ECAPMODE:
	+ if (!IN_CAPABILITY_MODE(td) \|\|
	+ !(trap_enotcap \|\| (p->p_flag2 & P2_TRAPCAP) != 0))
	+ break;
	ksiginfo_init_trap(&ksi);
	ksi.ksi_signo = SIGTRAP;
	ksi.ksi_errno = td->td_errno;
	ksi.ksi_code = TRAP_CAP;
	ksi.ksi_info.si_syscall = sa->original_code;
	trapsignal(td, &ksi);
	+ break;
	+ case ESYSFILTRAP:
	+ case ESYSFILKILL:
	+ ksiginfo_init_trap(&ksi);
	+ ksi.ksi_signo = td->td_errno == ESYSFILTRAP ?
	+ SIGTRAP : SIGKILL;
	+ ksi.ksi_code = SI_SYSFIL;
	+ ksi.ksi_info.si_syscall = sa->original_code;
	+ td->td_errno = EPERM;
	+ ksi.ksi_errno = td->td_errno;
	+ trapsignal(td, &ksi);
	+ break;
	}
	}
	+#endif

	/*
	* Handle reschedule and other end-of-syscall issues
	Index: sys/kern/sys_capability.c
	===================================================================
	--- sys/kern/sys_capability.c
	+++ sys/kern/sys_capability.c
	@@ -79,6 +79,7 @@
	#include <sys/ucred.h>
	#include <sys/uio.h>
	#include <sys/ktrace.h>
	+#include <sys/sysfil.h>

	#include <security/audit/audit.h>

	@@ -87,7 +88,7 @@

	bool __read_frequently trap_enotcap;
	SYSCTL_BOOL(_kern, OID_AUTO, trap_enotcap, CTLFLAG_RWTUN, &trap_enotcap, 0,
	- "Deliver SIGTRAP on ENOTCAPABLE");
	+ "Deliver SIGTRAP on ENOTCAPABLE/ECAPMODE");

	#ifdef CAPABILITY_MODE

	@@ -111,8 +112,14 @@
	p = td->td_proc;
	PROC_LOCK(p);
	oldcred = crcopysafe(p, newcred);
	- newcred->cr_flags \|= CRED_FLAG_CAPMODE;
	+ newcred->cr_sysfilset &= ~SYSFIL_NOTCAPMODE;
	+ MPASS(CRED_IN_CAPABILITY_MODE(newcred));
	+ MPASS(CRED_IN_RESTRICTED_MODE(newcred));
	proc_set_cred(p, newcred);
	+ if (!PROC_IN_RESTRICTED_MODE(p))
	+ panic("PROC_IN_RESTRICTED_MODE() bogus");
	+ if (!PROC_IN_CAPABILITY_MODE(p))
	+ panic("PROC_IN_CAPABILITY_MODE() bogus");
	PROC_UNLOCK(p);
	crfree(oldcred);
	return (0);
	Index: sys/kern/syscalls.master
	===================================================================
	--- sys/kern/syscalls.master
	+++ sys/kern/syscalls.master
	@@ -113,6 +113,7 @@
	#include <sys/param.h>
	#include <sys/sysent.h>
	#include <sys/sysproto.h>
	+#include <sys/sysfil.h>
	%%ABI_HEADERS%%

	0 AUE_NULL SYSMUX {
	@@ -121,29 +122,29 @@
	...
	);
	}
	-1 AUE_EXIT STD\|CAPENABLED {
	+1 AUE_EXIT STD\|SYSFIL_ALWAYS\|CAPENABLED {
	void exit(
	int rval
	);
	}
	-2 AUE_FORK STD\|CAPENABLED {
	+2 AUE_FORK STD\|SYSFIL_FORK\|CAPENABLED {
	int fork(void);
	}
	-3 AUE_READ STD\|CAPENABLED {
	+3 AUE_READ STD\|SYSFIL_CORE\|CAPENABLED {
	ssize_t read(
	int fd,
	_Out_writes_bytes_(nbyte) void *buf,
	size_t nbyte
	);
	}
	-4 AUE_WRITE STD\|CAPENABLED {
	+4 AUE_WRITE STD\|SYSFIL_CORE\|CAPENABLED {
	ssize_t write(
	int fd,
	_In_reads_bytes_(nbyte) const void *buf,
	size_t nbyte
	);
	}
	-5 AUE_OPEN_RWTC STD {
	+5 AUE_OPEN_RWTC STD\|SYSFIL_FDESC\|SYSFIL_PATH {
	int open(
	_In_z_ const char *path,
	int flags,
	@@ -152,12 +153,12 @@
	}
	; XXX should be { int open(const char *path, int flags, ...); }
	; but we're not ready for varargs.
	-6 AUE_CLOSE STD\|CAPENABLED {
	+6 AUE_CLOSE STD\|SYSFIL_CORE\|CAPENABLED {
	int close(
	int fd
	);
	}
	-7 AUE_WAIT4 STD {
	+7 AUE_WAIT4 STD\|SYSFIL_WAIT {
	int wait4(
	int pid,
	_Out_opt_ int *status,
	@@ -165,77 +166,77 @@
	_Out_opt_ _Contains_long_timet_ struct rusage *rusage
	);
	}
	-8 AUE_CREAT COMPAT {
	+8 AUE_CREAT COMPAT\|SYSFIL_FDESC\|SYSFIL_WPATH {
	int creat(
	_In_z_ const char *path,
	int mode
	);
	}
	-9 AUE_LINK STD {
	+9 AUE_LINK STD\|SYSFIL_CPATH {
	int link(
	_In_z_ const char *path,
	_In_z_ const char *link
	);
	}
	-10 AUE_UNLINK STD {
	+10 AUE_UNLINK STD\|SYSFIL_DPATH {
	int unlink(
	_In_z_ const char *path
	);
	}
	11 AUE_NULL OBSOL execv
	-12 AUE_CHDIR STD {
	+12 AUE_CHDIR STD\|SYSFIL_FDESC\|SYSFIL_PATH {
	int chdir(
	_In_z_ const char *path
	);
	}
	-13 AUE_FCHDIR STD {
	+13 AUE_FCHDIR STD\|SYSFIL_FDESC\|SYSFIL_PATH {
	int fchdir(
	int fd
	);
	}
	-14 AUE_MKNOD COMPAT11 {
	+14 AUE_MKNOD COMPAT11\|SYSFIL_CPATH {
	int mknod(
	_In_z_ const char *path,
	int mode,
	uint32_t dev
	);
	}
	-15 AUE_CHMOD STD {
	+15 AUE_CHMOD STD\|SYSFIL_PATH\|SYSFIL_FATTR {
	int chmod(
	_In_z_ const char *path,
	mode_t mode
	);
	}
	-16 AUE_CHOWN STD {
	+16 AUE_CHOWN STD\|SYSFIL_PATH\|SYSFIL_FATTR {
	int chown(
	_In_z_ const char *path,
	int uid,
	int gid
	);
	}
	-17 AUE_NULL STD\|CAPENABLED {
	+17 AUE_NULL STD\|SYSFIL_MMAN\|CAPENABLED {
	void *break(
	_In_ char *nsize
	);
	}
	-18 AUE_GETFSSTAT COMPAT4 {
	+18 AUE_GETFSSTAT COMPAT4\|SYSFIL_RPATH {
	int getfsstat(
	_Out_writes_bytes_opt_(bufsize) _Contains_long_ struct ostatfs *buf,
	long bufsize,
	int mode
	);
	}
	-19 AUE_LSEEK COMPAT\|CAPENABLED {
	+19 AUE_LSEEK COMPAT\|SYSFIL_CORE\|CAPENABLED {
	long lseek(
	int fd,
	long offset,
	int whence
	);
	}
	-20 AUE_GETPID STD\|CAPENABLED {
	+20 AUE_GETPID STD\|SYSFIL_STATUS\|CAPENABLED {
	pid_t getpid(void);
	}
	-21 AUE_MOUNT STD {
	+21 AUE_MOUNT STD\|SYSFIL_MOUNT {
	int mount(
	_In_z_ const char *type,
	_In_z_ const char *path,
	@@ -243,24 +244,24 @@
	_In_opt_ void *data
	);
	}
	-22 AUE_UMOUNT STD {
	+22 AUE_UMOUNT STD\|SYSFIL_MOUNT {
	int unmount(
	_In_z_ const char *path,
	int flags
	);
	}
	-23 AUE_SETUID STD\|CAPENABLED {
	+23 AUE_SETUID STD\|SYSFIL_SETCRED\|CAPENABLED {
	int setuid(
	uid_t uid
	);
	}
	-24 AUE_GETUID STD\|CAPENABLED {
	+24 AUE_GETUID STD\|SYSFIL_GETCRED\|CAPENABLED {
	uid_t getuid(void);
	}
	-25 AUE_GETEUID STD\|CAPENABLED {
	+25 AUE_GETEUID STD\|SYSFIL_GETCRED\|CAPENABLED {
	uid_t geteuid(void);
	}
	-26 AUE_PTRACE STD {
	+26 AUE_PTRACE STD\|SYSFIL_TRACE {
	int ptrace(
	int req,
	pid_t pid,
	@@ -268,21 +269,21 @@
	int data
	);
	}
	-27 AUE_RECVMSG STD\|CAPENABLED {
	+27 AUE_RECVMSG STD\|SYSFIL_SOCKIO\|CAPENABLED {
	ssize_t recvmsg(
	int s,
	_Inout_ _Contains_ptr_ struct msghdr *msg,
	int flags
	);
	}
	-28 AUE_SENDMSG STD\|CAPENABLED {
	+28 AUE_SENDMSG STD\|SYSFIL_SOCKIO\|CAPENABLED {
	ssize_t sendmsg(
	int s,
	_In_ _Contains_ptr_ const struct msghdr *msg,
	int flags
	);
	}
	-29 AUE_RECVFROM STD\|CAPENABLED {
	+29 AUE_RECVFROM STD\|SYSFIL_SOCKIO\|CAPENABLED {
	ssize_t recvfrom(
	int s,
	_Out_writes_bytes_(len) void *buf,
	@@ -292,81 +293,81 @@
	_Inout_opt_ __socklen_t *fromlenaddr
	);
	}
	-30 AUE_ACCEPT STD\|CAPENABLED {
	+30 AUE_ACCEPT STD\|SYSFIL_FDESC\|SYSFIL_SOCK\|CAPENABLED {
	int accept(
	int s,
	_Out_writes_bytes_opt_(anamelen) struct sockaddr name,
	_Inout_opt_ __socklen_t *anamelen
	);
	}
	-31 AUE_GETPEERNAME STD\|CAPENABLED {
	+31 AUE_GETPEERNAME STD\|SYSFIL_SOCK\|CAPENABLED {
	int getpeername(
	int fdes,
	_Out_writes_bytes_(alen) struct sockaddr asa,
	_Inout_opt_ __socklen_t *alen
	);
	}
	-32 AUE_GETSOCKNAME STD\|CAPENABLED {
	+32 AUE_GETSOCKNAME STD\|SYSFIL_SOCK\|CAPENABLED {
	int getsockname(
	int fdes,
	_Out_writes_bytes_(alen) struct sockaddr asa,
	_Inout_ __socklen_t *alen
	);
	}
	-33 AUE_ACCESS STD {
	+33 AUE_ACCESS STD\|SYSFIL_PATH {
	int access(
	_In_z_ const char *path,
	int amode
	);
	}
	-34 AUE_CHFLAGS STD {
	+34 AUE_CHFLAGS STD\|SYSFIL_PATH\|SYSFIL_FATTR {
	int chflags(
	_In_z_ const char *path,
	u_long flags
	);
	}
	-35 AUE_FCHFLAGS STD\|CAPENABLED {
	+35 AUE_FCHFLAGS STD\|SYSFIL_FATTR\|CAPENABLED {
	int fchflags(
	int fd,
	u_long flags
	);
	}
	-36 AUE_SYNC STD\|CAPENABLED {
	+36 AUE_SYNC STD\|SYSFIL_WPATH\|CAPENABLED {
	int sync(void);
	}
	-37 AUE_KILL STD\|CAPENABLED {
	+37 AUE_KILL STD\|SYSFIL_SIGSEND\|CAPENABLED {
	int kill(
	int pid,
	int signum
	);
	}
	-38 AUE_STAT COMPAT {
	+38 AUE_STAT COMPAT\|SYSFIL_RPATH {
	int stat(
	_In_z_ const char *path,
	_Out_ _Contains_timet_ struct ostat *ub
	);
	}
	-39 AUE_GETPPID STD\|CAPENABLED {
	+39 AUE_GETPPID STD\|SYSFIL_STATUS\|CAPENABLED {
	pid_t getppid(void);
	}
	-40 AUE_LSTAT COMPAT {
	+40 AUE_LSTAT COMPAT\|SYSFIL_RPATH {
	int lstat(
	_In_z_ const char *path,
	_Out_ _Contains_timet_ struct ostat *ub
	);
	}
	-41 AUE_DUP STD\|CAPENABLED {
	+41 AUE_DUP STD\|SYSFIL_FDESC\|CAPENABLED {
	int dup(
	u_int fd
	);
	}
	-42 AUE_PIPE COMPAT10\|CAPENABLED {
	+42 AUE_PIPE COMPAT10\|SYSFIL_FDESC\|CAPENABLED {
	int pipe(void);
	}
	-43 AUE_GETEGID STD\|CAPENABLED {
	+43 AUE_GETEGID STD\|SYSFIL_GETCRED\|CAPENABLED {
	gid_t getegid(void);
	}
	-44 AUE_PROFILE STD\|CAPENABLED {
	+44 AUE_PROFILE STD\|SYSFIL_PROCCTL\|CAPENABLED {
	int profil(
	_Out_writes_bytes_(size) char *samples,
	size_t size,
	@@ -374,7 +375,7 @@
	u_int scale
	);
	}
	-45 AUE_KTRACE STD {
	+45 AUE_KTRACE STD\|SYSFIL_PATH\|SYSFIL_TRACE {
	int ktrace(
	_In_z_ const char *fname,
	int ops,
	@@ -382,17 +383,17 @@
	int pid
	);
	}
	-46 AUE_SIGACTION COMPAT\|CAPENABLED {
	+46 AUE_SIGACTION COMPAT\|SYSFIL_SIGHAND\|CAPENABLED {
	int sigaction(
	int signum,
	_In_opt_ _Contains_ptr_ struct osigaction *nsa,
	_Out_opt_ _Contains_ptr_ struct osigaction *osa
	);
	}
	-47 AUE_GETGID STD\|CAPENABLED {
	+47 AUE_GETGID STD\|SYSFIL_GETCRED\|CAPENABLED {
	gid_t getgid(void);
	}
	-48 AUE_SIGPROCMASK COMPAT\|CAPENABLED {
	+48 AUE_SIGPROCMASK COMPAT\|SYSFIL_SIGMASK\|CAPENABLED {
	int sigprocmask(
	int how,
	osigset_t mask
	@@ -401,13 +402,13 @@
	; XXX note nonstandard (bogus) calling convention - the libc stub passes
	; us the mask, not a pointer to it, and we return the old mask as the
	; (int) return value.
	-49 AUE_GETLOGIN STD\|CAPENABLED {
	+49 AUE_GETLOGIN STD\|SYSFIL_GETCRED\|CAPENABLED {
	int getlogin(
	_Out_writes_z_(namelen) char *namebuf,
	u_int namelen
	);
	}
	-50 AUE_SETLOGIN STD {
	+50 AUE_SETLOGIN STD\|SYSFIL_SETCRED {
	int setlogin(
	_In_z_ const char *namebuf
	);
	@@ -417,16 +418,16 @@
	_In_z_ const char *path
	);
	}
	-52 AUE_SIGPENDING COMPAT\|CAPENABLED {
	+52 AUE_SIGPENDING COMPAT\|SYSFIL_SIGWAIT\|CAPENABLED {
	int sigpending(void);
	}
	-53 AUE_SIGALTSTACK STD\|CAPENABLED {
	+53 AUE_SIGALTSTACK STD\|SYSFIL_SIGHAND\|CAPENABLED {
	int sigaltstack(
	_In_opt_ _Contains_long_ptr_ const struct sigaltstack *ss,
	_Out_opt_ _Contains_long_ptr_ struct sigaltstack *oss
	);
	}
	-54 AUE_IOCTL STD\|CAPENABLED {
	+54 AUE_IOCTL STD\|SYSFIL_CORE\|CAPENABLED {
	int ioctl(
	int fd,
	u_long com,
	@@ -438,48 +439,48 @@
	int opt
	);
	}
	-56 AUE_REVOKE STD {
	+56 AUE_REVOKE STD\|SYSFIL_TTY {
	int revoke(
	_In_z_ const char *path
	);
	}
	-57 AUE_SYMLINK STD {
	+57 AUE_SYMLINK STD\|SYSFIL_CPATH {
	int symlink(
	_In_z_ const char *path,
	_In_z_ const char *link
	);
	}
	-58 AUE_READLINK STD {
	+58 AUE_READLINK STD\|SYSFIL_RPATH {
	ssize_t readlink(
	_In_z_ const char *path,
	_Out_writes_z_(count) char *buf,
	size_t count
	);
	}
	-59 AUE_EXECVE STD {
	+59 AUE_EXECVE STD\|SYSFIL_PATH\|SYSFIL_EXEC {
	int execve(
	_In_z_ const char *fname,
	_In_z_ char **argv,
	_In_z_ char **envv
	);
	}
	-60 AUE_UMASK STD\|CAPENABLED {
	+60 AUE_UMASK STD\|SYSFIL_FDESC\|CAPENABLED {
	mode_t umask(
	mode_t newmask
	);
	}
	-61 AUE_CHROOT STD {
	+61 AUE_CHROOT STD\|SYSFIL_PATH\|SYSFIL_CHROOT {
	int chroot(
	_In_z_ const char *path
	);
	}
	-62 AUE_FSTAT COMPAT\|CAPENABLED {
	+62 AUE_FSTAT COMPAT\|SYSFIL_CORE\|CAPENABLED {
	int fstat(
	int fd,
	_Out_ _Contains_timet_ struct ostat *sb
	);
	}
	-63 AUE_NULL COMPAT {
	+63 AUE_NULL COMPAT\|SYSFIL_SYSINFO {
	int getkerninfo(
	int op,
	_Out_writes_bytes_opt(size) char where,
	@@ -487,32 +488,32 @@
	int arg
	);
	}
	-64 AUE_NULL COMPAT\|CAPENABLED {
	+64 AUE_NULL COMPAT\|SYSFIL_SYSINFO\|CAPENABLED {
	int getpagesize(void);
	}
	-65 AUE_MSYNC STD\|CAPENABLED {
	+65 AUE_MSYNC STD\|SYSFIL_MMAN\|CAPENABLED {
	int msync(
	_In_ void *addr,
	size_t len,
	int flags
	);
	}
	-66 AUE_VFORK STD {
	+66 AUE_VFORK STD\|SYSFIL_FORK {
	int vfork(void);
	}
	67 AUE_NULL OBSOL vread
	68 AUE_NULL OBSOL vwrite
	-69 AUE_SBRK STD\|CAPENABLED {
	+69 AUE_SBRK STD\|SYSFIL_MMAN\|CAPENABLED {
	int sbrk(
	int incr
	);
	}
	-70 AUE_SSTK STD\|CAPENABLED {
	+70 AUE_SSTK STD\|SYSFIL_MMAN\|CAPENABLED {
	int sstk(
	int incr
	);
	}
	-71 AUE_MMAP COMPAT\|CAPENABLED {
	+71 AUE_MMAP COMPAT\|SYSFIL_MMAN\|CAPENABLED {
	void *mmap(
	_In_ void *addr,
	int len,
	@@ -522,25 +523,25 @@
	long pos
	);
	}
	-72 AUE_O_VADVISE COMPAT11 {
	+72 AUE_O_VADVISE COMPAT11\|SYSFIL_MMAN {
	int vadvise(
	int anom
	);
	}
	-73 AUE_MUNMAP STD\|CAPENABLED {
	+73 AUE_MUNMAP STD\|SYSFIL_MMAN\|CAPENABLED {
	int munmap(
	_In_ void *addr,
	size_t len
	);
	}
	-74 AUE_MPROTECT STD\|CAPENABLED {
	+74 AUE_MPROTECT STD\|SYSFIL_MMAN\|CAPENABLED {
	int mprotect(
	_In_ void *addr,
	size_t len,
	int prot
	);
	}
	-75 AUE_MADVISE STD\|CAPENABLED {
	+75 AUE_MADVISE STD\|SYSFIL_MMAN\|CAPENABLED {
	int madvise(
	_In_ void *addr,
	size_t len,
	@@ -549,42 +550,42 @@
	}
	76 AUE_NULL OBSOL vhangup
	77 AUE_NULL OBSOL vlimit
	-78 AUE_MINCORE STD\|CAPENABLED {
	+78 AUE_MINCORE STD\|SYSFIL_MMAN\|CAPENABLED {
	int mincore(
	_In_ const void *addr,
	size_t len,
	_Out_writes_bytes_(len/PAGE_SIZE) char *vec
	);
	}
	-79 AUE_GETGROUPS STD\|CAPENABLED {
	+79 AUE_GETGROUPS STD\|SYSFIL_GETCRED\|CAPENABLED {
	int getgroups(
	int gidsetsize,
	_Out_writes_opt_(gidsetsize) gid_t *gidset
	);
	}
	-80 AUE_SETGROUPS STD {
	+80 AUE_SETGROUPS STD\|SYSFIL_SETCRED {
	int setgroups(
	int gidsetsize,
	_In_reads_(gidsetsize) const gid_t *gidset
	);
	}
	-81 AUE_GETPGRP STD\|CAPENABLED {
	+81 AUE_GETPGRP STD\|SYSFIL_STATUS\|CAPENABLED {
	int getpgrp(void);
	}
	-82 AUE_SETPGRP STD {
	+82 AUE_SETPGRP STD\|SYSFIL_FORK {
	int setpgid(
	int pid,
	int pgid
	);
	}
	-83 AUE_SETITIMER STD\|CAPENABLED {
	+83 AUE_SETITIMER STD\|SYSFIL_TIMER\|CAPENABLED {
	int setitimer(
	int which,
	_In_ _Contains_timet_ const struct itimerval *itv,
	_Out_opt_ _Contains_timet_ struct itimerval *oitv
	);
	}
	-84 AUE_WAIT4 COMPAT {
	+84 AUE_WAIT4 COMPAT\|SYSFIL_WAIT {
	int wait(void);
	}
	85 AUE_SWAPON STD {
	@@ -592,13 +593,13 @@
	_In_z_ const char *name
	);
	}
	-86 AUE_GETITIMER STD\|CAPENABLED {
	+86 AUE_GETITIMER STD\|SYSFIL_TIMER\|CAPENABLED {
	int getitimer(
	int which,
	_Out_ _Contains_timet_ struct itimerval *itv
	);
	}
	-87 AUE_SYSCTL COMPAT\|CAPENABLED {
	+87 AUE_SYSCTL COMPAT\|SYSFIL_SYSINFO\|CAPENABLED {
	int gethostname(
	_Out_writes_z_(len) char *hostname,
	u_int len
	@@ -610,17 +611,17 @@
	u_int len
	);
	}
	-89 AUE_GETDTABLESIZE STD\|CAPENABLED {
	+89 AUE_GETDTABLESIZE STD\|SYSFIL_FDESC\|CAPENABLED {
	int getdtablesize(void);
	}
	-90 AUE_DUP2 STD\|CAPENABLED {
	+90 AUE_DUP2 STD\|SYSFIL_FDESC\|CAPENABLED {
	int dup2(
	u_int from,
	u_int to
	);
	}
	91 AUE_NULL RESERVED
	-92 AUE_FCNTL STD\|CAPENABLED {
	+92 AUE_FCNTL STD\|SYSFIL_CORE\|CAPENABLED {
	int fcntl(
	int fd,
	int cmd,
	@@ -629,7 +630,7 @@
	}
	; XXX should be { int fcntl(int fd, int cmd, ...); }
	; but we're not ready for varargs.
	-93 AUE_SELECT STD\|CAPENABLED {
	+93 AUE_SELECT STD\|SYSFIL_CORE\|CAPENABLED {
	int select(
	int nd,
	_Inout_opt_ fd_set *in,
	@@ -639,46 +640,46 @@
	);
	}
	94 AUE_NULL RESERVED
	-95 AUE_FSYNC STD\|CAPENABLED {
	+95 AUE_FSYNC STD\|SYSFIL_CORE\|CAPENABLED {
	int fsync(
	int fd
	);
	}
	-96 AUE_SETPRIORITY STD\|CAPENABLED {
	+96 AUE_SETPRIORITY STD\|SYSFIL_SCHED\|CAPENABLED {
	int setpriority(
	int which,
	int who,
	int prio
	);
	}
	-97 AUE_SOCKET STD\|CAPENABLED {
	+97 AUE_SOCKET STD\|SYSFIL_FDESC\|SYSFIL_SOCK\|CAPENABLED {
	int socket(
	int domain,
	int type,
	int protocol
	);
	}
	-98 AUE_CONNECT STD {
	+98 AUE_CONNECT STD\|SYSFIL_SOCK {
	int connect(
	int s,
	_In_reads_bytes_(namelen) const struct sockaddr *name,
	__socklen_t namelen
	);
	}
	-99 AUE_ACCEPT COMPAT\|CAPENABLED {
	+99 AUE_ACCEPT COMPAT\|SYSFIL_FDESC\|SYSFIL_SOCK\|CAPENABLED {
	int accept(
	int s,
	_Out_writes_bytes_opt_(anamelen) struct sockaddr name,
	__socklen_t *anamelen
	);
	}
	-100 AUE_GETPRIORITY STD\|CAPENABLED {
	+100 AUE_GETPRIORITY STD\|SYSFIL_SCHED\|CAPENABLED {
	int getpriority(
	int which,
	int who
	);
	}
	-101 AUE_SEND COMPAT\|CAPENABLED {
	+101 AUE_SEND COMPAT\|SYSFIL_SOCKIO\|CAPENABLED {
	int send(
	int s,
	_In_reads_bytes_(len) const void *buf,
	@@ -686,7 +687,7 @@
	int flags
	);
	}
	-102 AUE_RECV COMPAT\|CAPENABLED {
	+102 AUE_RECV COMPAT\|SYSFIL_SOCKIO\|CAPENABLED {
	int recv(
	int s,
	_Out_writes_bytes_(len) void *buf,
	@@ -694,19 +695,19 @@
	int flags
	);
	}
	-103 AUE_SIGRETURN COMPAT\|CAPENABLED {
	+103 AUE_SIGRETURN COMPAT\|SYSFIL_CORE\|CAPENABLED {
	int sigreturn(
	_In_ struct osigcontext *sigcntxp
	);
	}
	-104 AUE_BIND STD {
	+104 AUE_BIND STD\|SYSFIL_SOCK {
	int bind(
	int s,
	_In_reads_bytes_(namelen) const struct sockaddr *name,
	__socklen_t namelen
	);
	}
	-105 AUE_SETSOCKOPT STD\|CAPENABLED {
	+105 AUE_SETSOCKOPT STD\|SYSFIL_SOCKIO\|CAPENABLED {
	int setsockopt(
	int s,
	int level,
	@@ -715,51 +716,51 @@
	__socklen_t valsize
	);
	}
	-106 AUE_LISTEN STD\|CAPENABLED {
	+106 AUE_LISTEN STD\|SYSFIL_SOCK\|CAPENABLED {
	int listen(
	int s,
	int backlog
	);
	}
	107 AUE_NULL OBSOL vtimes
	-108 AUE_NULL COMPAT\|CAPENABLED {
	+108 AUE_NULL COMPAT\|SYSFIL_SIGHAND\|CAPENABLED {
	int sigvec(
	int signum,
	_In_opt_ _Contains_ptr_ struct sigvec *nsv,
	_Out_opt_ _Contains_ptr_ struct sigvec *osv
	);
	}
	-109 AUE_NULL COMPAT\|CAPENABLED {
	+109 AUE_NULL COMPAT\|SYSFIL_SIGMASK\|CAPENABLED {
	int sigblock(
	int mask
	);
	}
	-110 AUE_NULL COMPAT\|CAPENABLED {
	+110 AUE_NULL COMPAT\|SYSFIL_SIGMASK\|CAPENABLED {
	int sigsetmask(
	int mask
	);
	}
	-111 AUE_NULL COMPAT\|CAPENABLED {
	+111 AUE_NULL COMPAT\|SYSFIL_SIGMASK\|SYSFIL_SIGWAIT\|CAPENABLED {
	int sigsuspend(
	osigset_t mask
	);
	}
	; XXX note nonstandard (bogus) calling convention - the libc stub passes
	; us the mask, not a pointer to it.
	-112 AUE_NULL COMPAT\|CAPENABLED {
	+112 AUE_NULL COMPAT\|SYSFIL_SIGHAND\|CAPENABLED {
	int sigstack(
	_In_opt_ _Contains_ptr_ struct sigstack *nss,
	_Out_opt_ _Contains_ptr_ struct sigstack *oss
	);
	}
	-113 AUE_RECVMSG COMPAT\|CAPENABLED {
	+113 AUE_RECVMSG COMPAT\|SYSFIL_SOCKIO\|CAPENABLED {
	int recvmsg(
	int s,
	_Inout_ _Contains_ptr_ struct omsghdr *msg,
	int flags
	);
	}
	-114 AUE_SENDMSG COMPAT\|CAPENABLED {
	+114 AUE_SENDMSG COMPAT\|SYSFIL_SOCKIO\|CAPENABLED {
	int sendmsg(
	int s,
	_In_ _Contains_ptr_ const struct omsghdr *msg,
	@@ -767,19 +768,19 @@
	);
	}
	115 AUE_NULL OBSOL vtrace
	-116 AUE_GETTIMEOFDAY STD\|CAPENABLED {
	+116 AUE_GETTIMEOFDAY STD\|SYSFIL_CLOCK\|CAPENABLED {
	int gettimeofday(
	_Out_ _Contains_long_timet_ struct timeval *tp,
	_Out_opt_ struct timezone *tzp
	);
	}
	-117 AUE_GETRUSAGE STD\|CAPENABLED {
	+117 AUE_GETRUSAGE STD\|SYSFIL_STATUS\|CAPENABLED {
	int getrusage(
	int who,
	_Out_ _Contains_long_ struct rusage *rusage
	);
	}
	-118 AUE_GETSOCKOPT STD\|CAPENABLED {
	+118 AUE_GETSOCKOPT STD\|SYSFIL_SOCKIO\|CAPENABLED {
	int getsockopt(
	int s,
	int level,
	@@ -789,40 +790,40 @@
	);
	}
	119 AUE_NULL RESERVED
	-120 AUE_READV STD\|CAPENABLED {
	+120 AUE_READV STD\|SYSFIL_CORE\|CAPENABLED {
	int readv(
	int fd,
	_Inout_updates_(iovcnt) _Contains_long_ptr_ struct iovec *iovp,
	u_int iovcnt
	);
	}
	-121 AUE_WRITEV STD\|CAPENABLED {
	+121 AUE_WRITEV STD\|SYSFIL_CORE\|CAPENABLED {
	int writev(
	int fd,
	_In_reads_opt_(iovcnt) _Contains_long_ptr_ struct iovec *iovp,
	u_int iovcnt
	);
	}
	-122 AUE_SETTIMEOFDAY STD {
	+122 AUE_SETTIMEOFDAY STD\|SYSFIL_SETTIME {
	int settimeofday(
	_In_ _Contains_long_timet_ const struct timeval *tv,
	_In_opt_ const struct timezone *tzp
	);
	}
	-123 AUE_FCHOWN STD\|CAPENABLED {
	+123 AUE_FCHOWN STD\|SYSFIL_FATTR\|CAPENABLED {
	int fchown(
	int fd,
	int uid,
	int gid
	);
	}
	-124 AUE_FCHMOD STD\|CAPENABLED {
	+124 AUE_FCHMOD STD\|SYSFIL_FATTR\|CAPENABLED {
	int fchmod(
	int fd,
	mode_t mode
	);
	}
	-125 AUE_RECVFROM COMPAT\|CAPENABLED {
	+125 AUE_RECVFROM COMPAT\|SYSFIL_SOCKIO\|CAPENABLED {
	int recvfrom(
	int s,
	_Out_writes_(len) void *buf,
	@@ -832,49 +833,49 @@
	_Inout_ __socklen_t *fromlenaddr
	);
	}
	-126 AUE_SETREUID STD\|CAPENABLED {
	+126 AUE_SETREUID STD\|SYSFIL_SETCRED\|CAPENABLED {
	int setreuid(
	int ruid,
	int euid
	);
	}
	-127 AUE_SETREGID STD\|CAPENABLED {
	+127 AUE_SETREGID STD\|SYSFIL_SETCRED\|CAPENABLED {
	int setregid(
	int rgid,
	int egid
	);
	}
	-128 AUE_RENAME STD {
	+128 AUE_RENAME STD\|SYSFIL_CPATH\|SYSFIL_DPATH {
	int rename(
	_In_z_ const char *from,
	_In_z_ const char *to
	);
	}
	-129 AUE_TRUNCATE COMPAT {
	+129 AUE_TRUNCATE COMPAT\|SYSFIL_WPATH {
	int truncate(
	_In_z_ const char *path,
	long length
	);
	}
	-130 AUE_FTRUNCATE COMPAT\|CAPENABLED {
	+130 AUE_FTRUNCATE COMPAT\|SYSFIL_CORE\|CAPENABLED {
	int ftruncate(
	int fd,
	long length
	);
	}
	-131 AUE_FLOCK STD\|CAPENABLED {
	+131 AUE_FLOCK STD\|SYSFIL_FLOCK\|CAPENABLED {
	int flock(
	int fd,
	int how
	);
	}
	-132 AUE_MKFIFO STD {
	+132 AUE_MKFIFO STD\|SYSFIL_CPATH {
	int mkfifo(
	_In_z_ const char *path,
	mode_t mode
	);
	}
	-133 AUE_SENDTO STD\|CAPENABLED {
	+133 AUE_SENDTO STD\|SYSFIL_SOCKIO\|CAPENABLED {
	ssize_t sendto(
	int s,
	_In_reads_bytes_(len) const void *buf,
	@@ -884,13 +885,13 @@
	__socklen_t tolen
	);
	}
	-134 AUE_SHUTDOWN STD\|CAPENABLED {
	+134 AUE_SHUTDOWN STD\|SYSFIL_SOCKIO\|CAPENABLED {
	int shutdown(
	int s,
	int how
	);
	}
	-135 AUE_SOCKETPAIR STD\|CAPENABLED {
	+135 AUE_SOCKETPAIR STD\|SYSFIL_FDESC\|CAPENABLED {
	int socketpair(
	int domain,
	int type,
	@@ -898,38 +899,38 @@
	_Out_writes_(2) int *rsv
	);
	}
	-136 AUE_MKDIR STD {
	+136 AUE_MKDIR STD\|SYSFIL_CPATH {
	int mkdir(
	_In_z_ const char *path,
	mode_t mode
	);
	}
	-137 AUE_RMDIR STD {
	+137 AUE_RMDIR STD\|SYSFIL_DPATH {
	int rmdir(
	_In_z_ const char *path
	);
	}
	-138 AUE_UTIMES STD {
	+138 AUE_UTIMES STD\|SYSFIL_PATH\|SYSFIL_FATTR {
	int utimes(
	_In_z_ const char *path,
	_In_ _Contains_long_timet_ const struct timeval *tptr
	);
	}
	139 AUE_NULL OBSOL 4.2 sigreturn
	-140 AUE_ADJTIME STD {
	+140 AUE_ADJTIME STD\|SYSFIL_SETTIME_ {
	int adjtime(
	_In_ _Contains_long_timet_ const struct timeval *delta,
	_Out_opt_ _Contains_long_timet_ struct timeval *olddelta
	);
	}
	-141 AUE_GETPEERNAME COMPAT\|CAPENABLED {
	+141 AUE_GETPEERNAME COMPAT\|SYSFIL_SOCK\|CAPENABLED {
	int getpeername(
	int fdes,
	_Out_writes_bytes_(alen) struct sockaddr asa,
	_Inout_opt_ __socklen_t *alen
	);
	}
	-142 AUE_SYSCTL COMPAT\|CAPENABLED {
	+142 AUE_SYSCTL COMPAT\|SYSFIL_SYSINFO\|CAPENABLED {
	long gethostid(void);
	}
	143 AUE_SYSCTL COMPAT {
	@@ -937,28 +938,28 @@
	long hostid
	);
	}
	-144 AUE_GETRLIMIT COMPAT\|CAPENABLED {
	+144 AUE_GETRLIMIT COMPAT\|SYSFIL_STATUS\|CAPENABLED {
	int getrlimit(
	u_int which,
	_Out_ struct orlimit *rlp
	);
	}
	-145 AUE_SETRLIMIT COMPAT\|CAPENABLED {
	+145 AUE_SETRLIMIT COMPAT\|SYSFIL_RLIMIT\|CAPENABLED {
	int setrlimit(
	u_int which,
	_Out_ struct orlimit *rlp
	);
	}
	-146 AUE_KILLPG COMPAT {
	+146 AUE_KILLPG COMPAT\|SYSFIL_SIGSEND {
	int killpg(
	int pgid,
	int signum
	);
	}
	-147 AUE_SETSID STD\|CAPENABLED {
	+147 AUE_SETSID STD\|SYSFIL_FORK\|CAPENABLED {
	int setsid(void);
	}
	-148 AUE_QUOTACTL STD {
	+148 AUE_QUOTACTL STD\|SYSFIL_PATH\|SYSFIL_QUOTA {
	int quotactl(
	_In_z_ const char *path,
	int cmd,
	@@ -966,10 +967,10 @@
	_In_ void *arg
	);
	}
	-149 AUE_O_QUOTA COMPAT {
	+149 AUE_O_QUOTA COMPAT\|SYSFIL_QUOTA {
	int quota(void);
	}
	-150 AUE_GETSOCKNAME COMPAT\|CAPENABLED {
	+150 AUE_GETSOCKNAME COMPAT\|SYSFIL_SOCK\|CAPENABLED {
	int getsockname(
	int fdes,
	_Out_writes_bytes_(alen) struct sockaddr asa,
	@@ -993,7 +994,7 @@
	_In_ void *argp
	);
	}
	-156 AUE_GETDIRENTRIES COMPAT\|CAPENABLED {
	+156 AUE_GETDIRENTRIES COMPAT\|SYSFIL_RPATH\|CAPENABLED {
	int getdirentries(
	int fd,
	_Out_writes_bytes_(count) char *buf,
	@@ -1001,32 +1002,32 @@
	_Out_ long *basep
	);
	}
	-157 AUE_STATFS COMPAT4 {
	+157 AUE_STATFS COMPAT4\|SYSFIL_RPATH {
	int statfs(
	_In_z_ const char *path,
	_Out_ _Contains_long_ struct ostatfs *buf
	);
	}
	-158 AUE_FSTATFS COMPAT4\|CAPENABLED {
	+158 AUE_FSTATFS COMPAT4\|SYSFIL_RPATH\|CAPENABLED {
	int fstatfs(
	int fd,
	_Out_ _Contains_long_ struct ostatfs *buf
	);
	}
	159 AUE_NULL RESERVED
	-160 AUE_LGETFH STD {
	+160 AUE_LGETFH STD\|SYSFIL_PATH\|SYSFIL_FH {
	int lgetfh(
	_In_z_ const char *fname,
	_Out_ struct fhandle *fhp
	);
	}
	-161 AUE_NFS_GETFH STD {
	+161 AUE_NFS_GETFH STD\|SYSFIL_PATH\|SYSFIL_FH {
	int getfh(
	_In_z_ const char *fname,
	_Out_ struct fhandle *fhp
	);
	}
	-162 AUE_SYSCTL COMPAT4\|CAPENABLED {
	+162 AUE_SYSCTL COMPAT4\|SYSFIL_SYSINFO\|CAPENABLED {
	int getdomainname(
	_Out_writes_z_(len) char *domainname,
	int len
	@@ -1038,18 +1039,18 @@
	int len
	);
	}
	-164 AUE_NULL COMPAT4 {
	+164 AUE_NULL COMPAT4\|SYSFIL_SYSINFO {
	int uname(
	_Out_ struct utsname *name
	);
	}
	-165 AUE_SYSARCH STD\|CAPENABLED {
	+165 AUE_SYSARCH STD\|SYSFIL_CORE\|CAPENABLED {
	int sysarch(
	int op,
	_In_z_ char *parms
	);
	}
	-166 AUE_RTPRIO STD\|CAPENABLED {
	+166 AUE_RTPRIO STD\|SYSFIL_SCHED\|CAPENABLED {
	int rtprio(
	int function,
	pid_t pid,
	@@ -1057,7 +1058,7 @@
	);
	}
	167-168 AUE_NULL RESERVED
	-169 AUE_SEMSYS NOSTD {
	+169 AUE_SEMSYS NOSTD\|SYSFIL_SYSVSEM {
	int semsys(
	int which,
	int a2,
	@@ -1067,7 +1068,7 @@
	);
	}
	; XXX should be { int semsys(int which, ...); }
	-170 AUE_MSGSYS NOSTD {
	+170 AUE_MSGSYS NOSTD\|SYSFIL_SYSVMSG {
	int msgsys(
	int which,
	int a2,
	@@ -1078,7 +1079,7 @@
	);
	}
	; XXX should be { int msgsys(int which, ...); }
	-171 AUE_SHMSYS NOSTD {
	+171 AUE_SHMSYS NOSTD\|SYSFIL_SYSVSHM {
	int shmsys(
	int which,
	int a2,
	@@ -1088,7 +1089,7 @@
	}
	; XXX should be { int shmsys(int which, ...); }
	172 AUE_NULL RESERVED
	-173 AUE_PREAD COMPAT6\|CAPENABLED {
	+173 AUE_PREAD COMPAT6\|SYSFIL_CORE\|CAPENABLED {
	ssize_t pread(
	int fd,
	_Out_writes_bytes_(nbyte) void *buf,
	@@ -1097,7 +1098,7 @@
	off_t offset
	);
	}
	-174 AUE_PWRITE COMPAT6\|CAPENABLED {
	+174 AUE_PWRITE COMPAT6\|SYSFIL_CORE\|CAPENABLED {
	ssize_t pwrite(
	int fd,
	_In_reads_bytes_(nbyte) const void *buf,
	@@ -1106,28 +1107,28 @@
	off_t offset
	);
	}
	-175 AUE_SETFIB STD {
	+175 AUE_SETFIB STD\|SYSFIL_SOCK {
	int setfib(
	int fibnum
	);
	}
	-176 AUE_NTP_ADJTIME STD {
	+176 AUE_NTP_ADJTIME STD\|SYSFIL_SETTIME {
	int ntp_adjtime(
	_Inout_ _Contains_long_ struct timex *tp
	);
	}
	177-180 AUE_NULL RESERVED
	-181 AUE_SETGID STD\|CAPENABLED {
	+181 AUE_SETGID STD\|SYSFIL_SETCRED\|CAPENABLED {
	int setgid(
	gid_t gid
	);
	}
	-182 AUE_SETEGID STD\|CAPENABLED {
	+182 AUE_SETEGID STD\|SYSFIL_SETCRED\|CAPENABLED {
	int setegid(
	gid_t egid
	);
	}
	-183 AUE_SETEUID STD\|CAPENABLED {
	+183 AUE_SETEUID STD\|SYSFIL_SETCRED\|CAPENABLED {
	int seteuid(
	uid_t euid
	);
	@@ -1136,50 +1137,50 @@
	185 AUE_NULL OBSOL lfs_markv
	186 AUE_NULL OBSOL lfs_segclean
	187 AUE_NULL OBSOL lfs_segwait
	-188 AUE_STAT COMPAT11 {
	+188 AUE_STAT COMPAT11\|SYSFIL_RPATH {
	int stat(
	_In_z_ const char *path,
	_Out_ _Contains_timet_ struct freebsd11_stat *ub
	);
	}
	-189 AUE_FSTAT COMPAT11\|CAPENABLED {
	+189 AUE_FSTAT COMPAT11\|SYSFIL_CORE\|CAPENABLED {
	int fstat(
	int fd,
	_Out_ _Contains_timet_ struct freebsd11_stat *sb
	);
	}
	-190 AUE_LSTAT COMPAT11 {
	+190 AUE_LSTAT COMPAT11\|SYSFIL_RPATH {
	int lstat(
	_In_z_ const char *path,
	_Out_ _Contains_timet_ struct freebsd11_stat *ub
	);
	}
	-191 AUE_PATHCONF STD {
	+191 AUE_PATHCONF STD\|SYSFIL_PATH {
	int pathconf(
	_In_z_ const char *path,
	int name
	);
	}
	-192 AUE_FPATHCONF STD\|CAPENABLED {
	+192 AUE_FPATHCONF STD\|SYSFIL_CORE\|CAPENABLED {
	int fpathconf(
	int fd,
	int name
	);
	}
	193 AUE_NULL RESERVED
	-194 AUE_GETRLIMIT STD\|CAPENABLED {
	+194 AUE_GETRLIMIT STD\|SYSFIL_STATUS\|CAPENABLED {
	int getrlimit(
	u_int which,
	_Out_ struct rlimit *rlp
	);
	}
	-195 AUE_SETRLIMIT STD\|CAPENABLED {
	+195 AUE_SETRLIMIT STD\|SYSFIL_RLIMIT\|CAPENABLED {
	int setrlimit(
	u_int which,
	_In_ struct rlimit *rlp
	);
	}
	-196 AUE_GETDIRENTRIES COMPAT11\|CAPENABLED {
	+196 AUE_GETDIRENTRIES COMPAT11\|SYSFIL_RPATH\|CAPENABLED {
	int getdirentries(
	int fd,
	_Out_writes_bytes_(count) char *buf,
	@@ -1187,7 +1188,7 @@
	_Out_ long *basep
	);
	}
	-197 AUE_MMAP COMPAT6\|CAPENABLED {
	+197 AUE_MMAP COMPAT6\|SYSFIL_MMAN\|CAPENABLED {
	void *mmap(
	_In_ void *addr,
	size_t len,
	@@ -1204,7 +1205,7 @@
	...
	);
	}
	-199 AUE_LSEEK COMPAT6\|CAPENABLED {
	+199 AUE_LSEEK COMPAT6\|SYSFIL_CORE\|CAPENABLED {
	off_t lseek(
	int fd,
	int pad,
	@@ -1212,21 +1213,21 @@
	int whence
	);
	}
	-200 AUE_TRUNCATE COMPAT6 {
	+200 AUE_TRUNCATE COMPAT6\|SYSFIL_WPATH {
	int truncate(
	_In_z_ const char *path,
	int pad,
	off_t length
	);
	}
	-201 AUE_FTRUNCATE COMPAT6\|CAPENABLED {
	+201 AUE_FTRUNCATE COMPAT6\|SYSFIL_CORE\|CAPENABLED {
	int ftruncate(
	int fd,
	int pad,
	off_t length
	);
	}
	-202 AUE_SYSCTL STD\|CAPENABLED {
	+202 AUE_SYSCTL STD\|SYSFIL_SYSINFO\|CAPENABLED {
	int __sysctl(
	_In_reads_(namelen) int *name,
	u_int namelen,
	@@ -1236,36 +1237,36 @@
	size_t newlen
	);
	}
	-203 AUE_MLOCK STD\|CAPENABLED {
	+203 AUE_MLOCK STD\|SYSFIL_MLOCK\|CAPENABLED {
	int mlock(
	_In_ const void *addr,
	size_t len
	);
	}
	-204 AUE_MUNLOCK STD\|CAPENABLED {
	+204 AUE_MUNLOCK STD\|SYSFIL_MLOCK\|CAPENABLED {
	int munlock(
	_In_ const void *addr,
	size_t len
	);
	}
	-205 AUE_UNDELETE STD {
	+205 AUE_UNDELETE STD\|SYSFIL_CPATH {
	int undelete(
	_In_z_ const char *path
	);
	}
	-206 AUE_FUTIMES STD\|CAPENABLED {
	+206 AUE_FUTIMES STD\|SYSFIL_FATTR\|CAPENABLED {
	int futimes(
	int fd,
	_In_reads_(2) _Contains_long_timet_ const struct timeval *tptr
	);
	}
	-207 AUE_GETPGID STD\|CAPENABLED {
	+207 AUE_GETPGID STD\|SYSFIL_STATUS\|CAPENABLED {
	int getpgid(
	pid_t pid
	);
	}
	208 AUE_NULL RESERVED
	-209 AUE_POLL STD\|CAPENABLED {
	+209 AUE_POLL STD\|SYSFIL_CORE\|CAPENABLED {
	int poll(
	_Inout_updates_(nfds) struct pollfd *fds,
	u_int nfds,
	@@ -1286,7 +1287,7 @@
	218 AUE_NULL NODEF\|NOTSTATIC lkmnosys lkmnosys nosys_args int
	219 AUE_NULL NODEF\|NOTSTATIC lkmnosys lkmnosys nosys_args int

	-220 AUE_SEMCTL COMPAT7\|NOSTD {
	+220 AUE_SEMCTL COMPAT7\|NOSTD\|SYSFIL_SYSVSEM {
	int __semctl(
	int semid,
	int semnum,
	@@ -1294,14 +1295,14 @@
	_Contains_ptr_ union semun_old *arg
	);
	}
	-221 AUE_SEMGET NOSTD {
	+221 AUE_SEMGET NOSTD\|SYSFIL_SYSVSEM {
	int semget(
	key_t key,
	int nsems,
	int semflg
	);
	}
	-222 AUE_SEMOP NOSTD {
	+222 AUE_SEMOP NOSTD\|SYSFIL_SYSVSEM {
	int semop(
	int semid,
	_In_reads_(nsops) struct sembuf *sops,
	@@ -1309,20 +1310,20 @@
	);
	}
	223 AUE_NULL OBSOL semconfig
	-224 AUE_MSGCTL COMPAT7\|NOSTD {
	+224 AUE_MSGCTL COMPAT7\|NOSTD\|SYSFIL_SYSVMSG {
	int msgctl(
	int msqid,
	int cmd,
	_Contains_long_ptr_timet_ struct msqid_ds_old *buf
	);
	}
	-225 AUE_MSGGET NOSTD {
	+225 AUE_MSGGET NOSTD\|SYSFIL_SYSVMSG {
	int msgget(
	key_t key,
	int msgflg
	);
	}
	-226 AUE_MSGSND NOSTD {
	+226 AUE_MSGSND NOSTD\|SYSFIL_SYSVMSG {
	int msgsnd(
	int msqid,
	_In_reads_bytes_(msgsz) _Contains_long_ const void *msgp,
	@@ -1330,7 +1331,7 @@
	int msgflg
	);
	}
	-227 AUE_MSGRCV NOSTD {
	+227 AUE_MSGRCV NOSTD\|SYSFIL_SYSVMSG {
	ssize_t msgrcv(
	int msqid,
	_Out_writes_bytes_(msgsz) _Contains_long_ void *msgp,
	@@ -1339,63 +1340,63 @@
	int msgflg
	);
	}
	-228 AUE_SHMAT NOSTD {
	+228 AUE_SHMAT NOSTD\|SYSFIL_SYSVSHM {
	void *shmat(
	int shmid,
	_In_ const void *shmaddr,
	int shmflg
	);
	}
	-229 AUE_SHMCTL COMPAT7\|NOSTD {
	+229 AUE_SHMCTL COMPAT7\|NOSTD\|SYSFIL_SYSVSHM {
	int shmctl(
	int shmid,
	int cmd,
	_Inout_opt_ _Contains_long_ struct shmid_ds_old *buf
	);
	}
	-230 AUE_SHMDT NOSTD {
	+230 AUE_SHMDT NOSTD\|SYSFIL_SYSVSHM {
	int shmdt(
	_In_ const void *shmaddr
	);
	}
	-231 AUE_SHMGET NOSTD {
	+231 AUE_SHMGET NOSTD\|SYSFIL_SYSVSHM {
	int shmget(
	key_t key,
	size_t size,
	int shmflg
	);
	}
	-232 AUE_NULL STD\|CAPENABLED {
	+232 AUE_NULL STD\|SYSFIL_CLOCK\|CAPENABLED {
	int clock_gettime(
	clockid_t clock_id,
	_Out_ _Contains_long_timet_ struct timespec *tp
	);
	}
	-233 AUE_CLOCK_SETTIME STD {
	+233 AUE_CLOCK_SETTIME STD\|SYSFIL_SETTIME {
	int clock_settime(
	clockid_t clock_id,
	_In_ _Contains_long_timet_ const struct timespec *tp
	);
	}
	-234 AUE_NULL STD\|CAPENABLED {
	+234 AUE_NULL STD\|SYSFIL_CLOCK\|CAPENABLED {
	int clock_getres(
	clockid_t clock_id,
	_Out_ _Contains_long_timet_ struct timespec *tp
	);
	}
	-235 AUE_NULL STD\|CAPENABLED {
	+235 AUE_NULL STD\|SYSFIL_TIMER\|SYSFIL_POSIXRT\|CAPENABLED {
	int ktimer_create(
	clockid_t clock_id,
	_In_ _Contains_long_ptr_ struct sigevent *evp,
	_Out_ int *timerid
	);
	}
	-236 AUE_NULL STD\|CAPENABLED {
	+236 AUE_NULL STD\|SYSFIL_TIMER\|SYSFIL_POSIXRT\|CAPENABLED {
	int ktimer_delete(
	int timerid
	);
	}
	-237 AUE_NULL STD\|CAPENABLED {
	+237 AUE_NULL STD\|SYSFIL_TIMER\|SYSFIL_POSIXRT\|CAPENABLED {
	int ktimer_settime(
	int timerid,
	int flags,
	@@ -1403,39 +1404,39 @@
	_Out_opt_ _Contains_long_timet_ struct itimerspec *ovalue
	);
	}
	-238 AUE_NULL STD\|CAPENABLED {
	+238 AUE_NULL STD\|SYSFIL_TIMER\|SYSFIL_POSIXRT\|CAPENABLED {
	int ktimer_gettime(
	int timerid,
	_Out_ _Contains_long_timet_ struct itimerspec *value
	);
	}
	-239 AUE_NULL STD\|CAPENABLED {
	+239 AUE_NULL STD\|SYSFIL_TIMER\|SYSFIL_POSIXRT\|CAPENABLED {
	int ktimer_getoverrun(
	int timerid
	);
	}
	-240 AUE_NULL STD\|CAPENABLED {
	+240 AUE_NULL STD\|SYSFIL_CORE\|CAPENABLED {
	int nanosleep(
	_In_ _Contains_long_timet_ const struct timespec *rqtp,
	_Out_opt_ _Contains_long_timet_ struct timespec *rmtp
	);
	}
	-241 AUE_NULL STD {
	+241 AUE_NULL STD\|SYSFIL_FFCLOCK {
	int ffclock_getcounter(
	_Out_ ffcounter *ffcount
	);
	}
	-242 AUE_NULL STD {
	+242 AUE_NULL STD\|SYSFIL_FFCLOCK {
	int ffclock_setestimate(
	_In_ _Contains_timet_ struct ffclock_estimate *cest
	);
	}
	-243 AUE_NULL STD {
	+243 AUE_NULL STD\|SYSFIL_FFCLOCK {
	int ffclock_getestimate(
	_Out_ _Contains_timet_ struct ffclock_estimate *cest
	);
	}
	-244 AUE_NULL STD {
	+244 AUE_NULL STD\|SYSFIL_CLOCK {
	int clock_nanosleep(
	clockid_t clock_id,
	int flags,
	@@ -1444,53 +1445,53 @@
	);
	}
	245-246 AUE_NULL RESERVED
	-247 AUE_NULL STD {
	+247 AUE_NULL STD\|SYSFIL_CLOCK {
	int clock_getcpuclockid2(
	id_t id,
	int which,
	_Out_ clockid_t *clock_id
	);
	}
	-248 AUE_NULL STD\|CAPENABLED {
	+248 AUE_NULL STD\|SYSFIL_SETTIME\|CAPENABLED {
	int ntp_gettime(
	_Out_ _Contains_long_timet_ struct ntptimeval *ntvp
	);
	}
	249 AUE_NULL RESERVED
	-250 AUE_MINHERIT STD\|CAPENABLED {
	+250 AUE_MINHERIT STD\|SYSFIL_MMAN\|CAPENABLED {
	int minherit(
	_In_ void *addr,
	size_t len,
	int inherit
	);
	}
	-251 AUE_RFORK STD {
	+251 AUE_RFORK STD\|SYSFIL_RFORK_ {
	int rfork(
	int flags
	);
	}
	252 AUE_POLL OBSOL openbsd_poll
	-253 AUE_ISSETUGID STD\|CAPENABLED {
	+253 AUE_ISSETUGID STD\|SYSFIL_CORE\|CAPENABLED {
	int issetugid(void);
	}
	-254 AUE_LCHOWN STD {
	+254 AUE_LCHOWN STD\|SYSFIL_PATH\|SYSFIL_FATTR {
	int lchown(
	_In_z_ const char *path,
	int uid,
	int gid
	);
	}
	-255 AUE_AIO_READ STD\|CAPENABLED {
	+255 AUE_AIO_READ STD\|SYSFIL_AIO\|CAPENABLED {
	int aio_read(
	_Inout_ _Contains_long_ptr_ struct aiocb *aiocbp
	);
	}
	-256 AUE_AIO_WRITE STD\|CAPENABLED {
	+256 AUE_AIO_WRITE STD\|SYSFIL_AIO\|CAPENABLED {
	int aio_write(
	_Inout_ _Contains_long_ptr_ struct aiocb *aiocbp
	);
	}
	-257 AUE_LIO_LISTIO STD\|CAPENABLED {
	+257 AUE_LIO_LISTIO STD\|SYSFIL_AIO\|CAPENABLED {
	int lio_listio(
	int mode,
	_Inout_updates_(nent) _Contains_long_ptr_ struct aiocb * const *acb_list,
	@@ -1499,7 +1500,7 @@
	);
	}
	258-271 AUE_NULL RESERVED
	-272 AUE_O_GETDENTS COMPAT11\|CAPENABLED {
	+272 AUE_O_GETDENTS COMPAT11\|SYSFIL_RPATH\|CAPENABLED {
	int getdents(
	int fd,
	_Out_writes_bytes_(count) char *buf,
	@@ -1507,40 +1508,40 @@
	);
	}
	273 AUE_NULL RESERVED
	-274 AUE_LCHMOD STD {
	+274 AUE_LCHMOD STD\|SYSFIL_PATH\|SYSFIL_FATTR {
	int lchmod(
	_In_z_ const char *path,
	mode_t mode
	);
	}
	275 AUE_NULL OBSOL netbsd_lchown
	-276 AUE_LUTIMES STD {
	+276 AUE_LUTIMES STD\|SYSFIL_PATH\|SYSFIL_FATTR {
	int lutimes(
	_In_z_ const char *path,
	_In_ _Contains_long_timet_ const struct timeval *tptr
	);
	}
	277 AUE_NULL OBSOL netbsd_msync
	-278 AUE_STAT COMPAT11 {
	+278 AUE_STAT COMPAT11\|SYSFIL_RPATH {
	int nstat(
	_In_z_ const char *path,
	_Out_ _Contains_long_timet_ struct nstat *ub
	);
	}
	-279 AUE_FSTAT COMPAT11 {
	+279 AUE_FSTAT COMPAT11\|SYSFIL_CORE {
	int nfstat(
	int fd,
	_Out_ _Contains_long_timet_ struct nstat *sb
	);
	}
	-280 AUE_LSTAT COMPAT11 {
	+280 AUE_LSTAT COMPAT11\|SYSFIL_RPATH {
	int nlstat(
	_In_z_ const char *path,
	_Out_ _Contains_long_timet_ struct nstat *ub
	);
	}
	281-288 AUE_NULL RESERVED
	-289 AUE_PREADV STD\|CAPENABLED {
	+289 AUE_PREADV STD\|SYSFIL_CORE\|CAPENABLED {
	ssize_t preadv(
	int fd,
	_In_reads_(iovcnt) _Contains_long_ptr_ struct iovec *iovp,
	@@ -1548,7 +1549,7 @@
	off_t offset
	);
	}
	-290 AUE_PWRITEV STD\|CAPENABLED {
	+290 AUE_PWRITEV STD\|SYSFIL_CORE\|CAPENABLED {
	ssize_t pwritev(
	int fd,
	_In_reads_(iovcnt) _Contains_long_ptr_ struct iovec *iovp,
	@@ -1557,89 +1558,89 @@
	);
	}
	291-296 AUE_NULL RESERVED
	-297 AUE_FHSTATFS COMPAT4 {
	+297 AUE_FHSTATFS COMPAT4\|SYSFIL_RPATH\|SYSFIL_FH {
	int fhstatfs(
	_In_ const struct fhandle *u_fhp,
	_Out_ _Contains_long_ struct ostatfs *buf
	);
	}
	-298 AUE_FHOPEN STD {
	+298 AUE_FHOPEN STD\|SYSFIL_PATH\|SYSFIL_FDESC\|SYSFIL_FH {
	int fhopen(
	_In_ const struct fhandle *u_fhp,
	int flags
	);
	}
	-299 AUE_FHSTAT COMPAT11 {
	+299 AUE_FHSTAT COMPAT11\|SYSFIL_RPATH\|SYSFIL_FH {
	int fhstat(
	_In_ const struct fhandle *u_fhp,
	_Out_ _Contains_long_timet_ struct freebsd11_stat *sb
	);
	}
	-300 AUE_NULL STD {
	+300 AUE_NULL STD\|SYSFIL_KMOD {
	int modnext(
	int modid
	);
	}
	-301 AUE_NULL STD {
	+301 AUE_NULL STD\|SYSFIL_KMOD {
	int modstat(
	int modid,
	_Out_ _Contains_long_ struct module_stat *stat
	);
	}
	-302 AUE_NULL STD {
	+302 AUE_NULL STD\|SYSFIL_KMOD {
	int modfnext(
	int modid
	);
	}
	-303 AUE_NULL STD {
	+303 AUE_NULL STD\|SYSFIL_KMOD {
	int modfind(
	_In_z_ const char *name
	);
	}
	-304 AUE_MODLOAD STD {
	+304 AUE_MODLOAD STD\|SYSFIL_KMOD {
	int kldload(
	_In_z_ const char *file
	);
	}
	-305 AUE_MODUNLOAD STD {
	+305 AUE_MODUNLOAD STD\|SYSFIL_KMOD {
	int kldunload(
	int fileid
	);
	}
	-306 AUE_NULL STD {
	+306 AUE_NULL STD\|SYSFIL_KMOD {
	int kldfind(
	_In_z_ const char *file
	);
	}
	-307 AUE_NULL STD {
	+307 AUE_NULL STD\|SYSFIL_KMOD {
	int kldnext(
	int fileid
	);
	}
	-308 AUE_NULL STD {
	+308 AUE_NULL STD\|SYSFIL_KMOD {
	int kldstat(
	int fileid,
	_Out_ _Contains_long_ptr_ struct kld_file_stat *stat
	);
	}
	-309 AUE_NULL STD {
	+309 AUE_NULL STD\|SYSFIL_KMOD {
	int kldfirstmod(
	int fileid
	);
	}
	-310 AUE_GETSID STD\|CAPENABLED {
	+310 AUE_GETSID STD\|SYSFIL_STATUS\|CAPENABLED {
	int getsid(
	pid_t pid
	);
	}
	-311 AUE_SETRESUID STD\|CAPENABLED {
	+311 AUE_SETRESUID STD\|SYSFIL_SETCRED\|CAPENABLED {
	int setresuid(
	uid_t ruid,
	uid_t euid,
	uid_t suid
	);
	}
	-312 AUE_SETRESGID STD\|CAPENABLED {
	+312 AUE_SETRESGID STD\|SYSFIL_SETCRED\|CAPENABLED {
	int setresgid(
	gid_t rgid,
	gid_t egid,
	@@ -1647,40 +1648,40 @@
	);
	}
	313 AUE_NULL OBSOL signanosleep
	-314 AUE_AIO_RETURN STD\|CAPENABLED {
	+314 AUE_AIO_RETURN STD\|SYSFIL_AIO\|CAPENABLED {
	ssize_t aio_return(
	_Inout_ _Contains_long_ptr_ struct aiocb *aiocbp
	);
	}
	-315 AUE_AIO_SUSPEND STD\|CAPENABLED {
	+315 AUE_AIO_SUSPEND STD\|SYSFIL_AIO\|CAPENABLED {
	int aio_suspend(
	_Inout_updates_(nent) _Contains_long_ptr_ struct aiocb * const * aiocbp,
	int nent,
	_In_opt_ _Contains_long_timet_ const struct timespec *timeout
	);
	}
	-316 AUE_AIO_CANCEL STD\|CAPENABLED {
	+316 AUE_AIO_CANCEL STD\|SYSFIL_AIO\|CAPENABLED {
	int aio_cancel(
	int fd,
	_In_opt_ _Contains_long_ptr_ struct aiocb *aiocbp
	);
	}
	-317 AUE_AIO_ERROR STD\|CAPENABLED {
	+317 AUE_AIO_ERROR STD\|SYSFIL_AIO\|CAPENABLED {
	int aio_error(
	_In_ _Contains_long_ptr_ struct aiocb *aiocbp
	);
	}
	-318 AUE_AIO_READ COMPAT6\|CAPENABLED {
	+318 AUE_AIO_READ COMPAT6\|SYSFIL_AIO\|CAPENABLED {
	int aio_read(
	_Inout_ _Contains_long_ptr_ struct oaiocb *aiocbp
	);
	}
	-319 AUE_AIO_WRITE COMPAT6\|CAPENABLED {
	+319 AUE_AIO_WRITE COMPAT6\|SYSFIL_AIO\|CAPENABLED {
	int aio_write(
	_Inout_ _Contains_long_ptr_ struct oaiocb *aiocbp
	);
	}
	-320 AUE_LIO_LISTIO COMPAT6\|CAPENABLED {
	+320 AUE_LIO_LISTIO COMPAT6\|SYSFIL_AIO\|CAPENABLED {
	int lio_listio(
	int mode,
	_Inout_updates_(nent) _Contains_long_ptr_ struct oaiocb * const *acb_list,
	@@ -1688,75 +1689,75 @@
	_In_opt_ _Contains_ptr_ struct osigevent *sig
	);
	}
	-321 AUE_NULL STD\|CAPENABLED {
	+321 AUE_NULL STD\|SYSFIL_CORE\|CAPENABLED {
	int yield(void);
	}
	322 AUE_NULL OBSOL thr_sleep
	323 AUE_NULL OBSOL thr_wakeup
	-324 AUE_MLOCKALL STD\|CAPENABLED {
	+324 AUE_MLOCKALL STD\|SYSFIL_MLOCK\|CAPENABLED {
	int mlockall(
	int how
	);
	}
	-325 AUE_MUNLOCKALL STD\|CAPENABLED {
	+325 AUE_MUNLOCKALL STD\|SYSFIL_MLOCK\|CAPENABLED {
	int munlockall(void);
	}
	-326 AUE_GETCWD STD {
	+326 AUE_GETCWD STD\|SYSFIL_PATH {
	int __getcwd(
	_Out_writes_z_(buflen) char *buf,
	size_t buflen
	);
	}
	-327 AUE_NULL STD\|CAPENABLED {
	+327 AUE_NULL STD\|SYSFIL_SCHED\|SYSFIL_POSIXRT\|CAPENABLED {
	int sched_setparam(
	pid_t pid,
	_In_ const struct sched_param *param
	);
	}
	-328 AUE_NULL STD\|CAPENABLED {
	+328 AUE_NULL STD\|SYSFIL_SCHED\|SYSFIL_POSIXRT\|CAPENABLED {
	int sched_getparam(
	pid_t pid,
	_Out_ struct sched_param *param
	);
	}
	-329 AUE_NULL STD\|CAPENABLED {
	+329 AUE_NULL STD\|SYSFIL_SCHED\|SYSFIL_POSIXRT\|CAPENABLED {
	int sched_setscheduler(
	pid_t pid,
	int policy,
	_In_ const struct sched_param *param
	);
	}
	-330 AUE_NULL STD\|CAPENABLED {
	+330 AUE_NULL STD\|SYSFIL_SCHED\|SYSFIL_POSIXRT\|CAPENABLED {
	int sched_getscheduler(
	pid_t pid
	);
	}
	-331 AUE_NULL STD\|CAPENABLED {
	+331 AUE_NULL STD\|SYSFIL_CORE\|CAPENABLED {
	int sched_yield(void);
	}
	-332 AUE_NULL STD\|CAPENABLED {
	+332 AUE_NULL STD\|SYSFIL_SCHED\|SYSFIL_POSIXRT\|CAPENABLED {
	int sched_get_priority_max(
	int policy
	);
	}
	-333 AUE_NULL STD\|CAPENABLED {
	+333 AUE_NULL STD\|SYSFIL_SCHED\|SYSFIL_POSIXRT\|CAPENABLED {
	int sched_get_priority_min(
	int policy
	);
	}
	-334 AUE_NULL STD\|CAPENABLED {
	+334 AUE_NULL STD\|SYSFIL_SCHED\|SYSFIL_POSIXRT\|CAPENABLED {
	int sched_rr_get_interval(
	pid_t pid,
	_Out_ _Contains_long_timet_ struct timespec *interval
	);
	}
	-335 AUE_NULL STD\|CAPENABLED {
	+335 AUE_NULL STD\|SYSFIL_ALWAYS\|CAPENABLED {
	int utrace(
	_In_reads_bytes_(len) const void *addr,
	size_t len
	);
	}
	-336 AUE_SENDFILE COMPAT4\|CAPENABLED {
	+336 AUE_SENDFILE COMPAT4\|SYSFIL_SENDFILE\|CAPENABLED {
	int sendfile(
	int fd,
	int s,
	@@ -1767,14 +1768,14 @@
	int flags
	);
	}
	-337 AUE_NULL STD {
	+337 AUE_NULL STD\|SYSFIL_KMOD {
	int kldsym(
	int fileid,
	int cmd,
	_In_ _Contains_long_ptr_ void *data
	);
	}
	-338 AUE_JAIL STD {
	+338 AUE_JAIL STD\|SYSFIL_JAIL {
	int jail(
	_In_ _Contains_ptr_ struct jail *jail
	);
	@@ -1788,96 +1789,96 @@
	int a_followSymlinks
	);
	}
	-340 AUE_SIGPROCMASK STD\|CAPENABLED {
	+340 AUE_SIGPROCMASK STD\|SYSFIL_SIGMASK\|CAPENABLED {
	int sigprocmask(
	int how,
	_In_opt_ const sigset_t *set,
	_Out_opt_ sigset_t *oset
	);
	}
	-341 AUE_SIGSUSPEND STD\|CAPENABLED {
	+341 AUE_SIGSUSPEND STD\|SYSFIL_SIGMASK\|SYSFIL_SIGWAIT\|CAPENABLED {
	int sigsuspend(
	_In_ const sigset_t *sigmask
	);
	}
	-342 AUE_SIGACTION COMPAT4\|CAPENABLED {
	+342 AUE_SIGACTION COMPAT4\|SYSFIL_SIGHAND\|CAPENABLED {
	int sigaction(
	int sig,
	_In_opt_ _Contains_ptr_ const struct sigaction *act,
	_Out_opt_ _Contains_ptr_ struct sigaction *oact
	);
	}
	-343 AUE_SIGPENDING STD\|CAPENABLED {
	+343 AUE_SIGPENDING STD\|SYSFIL_SIGWAIT\|CAPENABLED {
	int sigpending(
	_In_ sigset_t *set
	);
	}
	-344 AUE_SIGRETURN COMPAT4\|CAPENABLED {
	+344 AUE_SIGRETURN COMPAT4\|SYSFIL_CORE\|CAPENABLED {
	int sigreturn(
	_In_ _Contains_long_ptr_ const struct freebsd4_ucontext *sigcntxp
	);
	}
	-345 AUE_SIGWAIT STD\|CAPENABLED {
	+345 AUE_SIGWAIT STD\|SYSFIL_SIGWAIT\|CAPENABLED {
	int sigtimedwait(
	_In_ const sigset_t *set,
	_Out_opt_ _Contains_long_ptr_ struct siginfo *info,
	_In_opt_ _Contains_long_timet_ const struct timespec *timeout
	);
	}
	-346 AUE_NULL STD\|CAPENABLED {
	+346 AUE_NULL STD\|SYSFIL_SIGWAIT\|CAPENABLED {
	int sigwaitinfo(
	_In_ const sigset_t *set,
	_Out_opt_ _Contains_long_ptr_ struct siginfo *info
	);
	}
	-347 AUE_ACL_GET_FILE STD {
	+347 AUE_ACL_GET_FILE STD\|SYSFIL_PATH\|SYSFIL_ACL {
	int __acl_get_file(
	_In_z_ const char *path,
	acl_type_t type,
	_Out_ struct acl *aclp
	);
	}
	-348 AUE_ACL_SET_FILE STD {
	+348 AUE_ACL_SET_FILE STD\|SYSFIL_PATH\|SYSFIL_FATTR\|SYSFIL_ACL {
	int __acl_set_file(
	_In_z_ const char *path,
	acl_type_t type,
	_In_ struct acl *aclp
	);
	}
	-349 AUE_ACL_GET_FD STD\|CAPENABLED {
	+349 AUE_ACL_GET_FD STD\|SYSFIL_ACL\|CAPENABLED {
	int __acl_get_fd(
	int filedes,
	acl_type_t type,
	_Out_ struct acl *aclp
	);
	}
	-350 AUE_ACL_SET_FD STD\|CAPENABLED {
	+350 AUE_ACL_SET_FD STD\|SYSFIL_ACL\|SYSFIL_FATTR\|CAPENABLED {
	int __acl_set_fd(
	int filedes,
	acl_type_t type,
	_In_ struct acl *aclp
	);
	}
	-351 AUE_ACL_DELETE_FILE STD {
	+351 AUE_ACL_DELETE_FILE STD\|SYSFIL_PATH\|SYSFIL_FATTR\|SYSFIL_ACL {
	int __acl_delete_file(
	_In_z_ const char *path,
	acl_type_t type
	);
	}
	-352 AUE_ACL_DELETE_FD STD\|CAPENABLED {
	+352 AUE_ACL_DELETE_FD STD\|SYSFIL_ACL\|SYSFIL_FATTR\|CAPENABLED {
	int __acl_delete_fd(
	int filedes,
	acl_type_t type
	);
	}
	-353 AUE_ACL_CHECK_FILE STD {
	+353 AUE_ACL_CHECK_FILE STD\|SYSFIL_PATH\|SYSFIL_ACL {
	int __acl_aclcheck_file(
	_In_z_ const char *path,
	acl_type_t type,
	_In_ struct acl *aclp
	);
	}
	-354 AUE_ACL_CHECK_FD STD\|CAPENABLED {
	+354 AUE_ACL_CHECK_FD STD\|SYSFIL_ACL\|CAPENABLED {
	int __acl_aclcheck_fd(
	int filedes,
	acl_type_t type,
	@@ -1893,7 +1894,7 @@
	_In_z_ const char *attrname
	);
	}
	-356 AUE_EXTATTR_SET_FILE STD {
	+356 AUE_EXTATTR_SET_FILE STD\|SYSFIL_PATH\|SYSFIL_FATTR\|SYSFIL_EXTATTR {
	ssize_t extattr_set_file(
	_In_z_ const char *path,
	int attrnamespace,
	@@ -1902,7 +1903,7 @@
	size_t nbytes
	);
	}
	-357 AUE_EXTATTR_GET_FILE STD {
	+357 AUE_EXTATTR_GET_FILE STD\|SYSFIL_PATH\|SYSFIL_EXTATTR {
	ssize_t extattr_get_file(
	_In_z_ const char *path,
	int attrnamespace,
	@@ -1911,37 +1912,37 @@
	size_t nbytes
	);
	}
	-358 AUE_EXTATTR_DELETE_FILE STD {
	+358 AUE_EXTATTR_DELETE_FILE STD\|SYSFIL_PATH\|SYSFIL_FATTR\|SYSFIL_EXTATTR {
	int extattr_delete_file(
	_In_z_ const char *path,
	int attrnamespace,
	_In_z_ const char *attrname
	);
	}
	-359 AUE_AIO_WAITCOMPLETE STD\|CAPENABLED {
	+359 AUE_AIO_WAITCOMPLETE STD\|SYSFIL_AIO\|CAPENABLED {
	ssize_t aio_waitcomplete(
	_Outptr_result_maybenull_ struct aiocb **aiocbp,
	_In_opt_ _Contains_long_timet_ struct timespec *timeout
	);
	}
	-360 AUE_GETRESUID STD\|CAPENABLED {
	+360 AUE_GETRESUID STD\|SYSFIL_GETCRED\|CAPENABLED {
	int getresuid(
	_Out_opt_ uid_t *ruid,
	_Out_opt_ uid_t *euid,
	_Out_opt_ uid_t *suid
	);
	}
	-361 AUE_GETRESGID STD\|CAPENABLED {
	+361 AUE_GETRESGID STD\|SYSFIL_GETCRED\|CAPENABLED {
	int getresgid(
	_Out_opt_ gid_t *rgid,
	_Out_opt_ gid_t *egid,
	_Out_opt_ gid_t *sgid
	);
	}
	-362 AUE_KQUEUE STD\|CAPENABLED {
	+362 AUE_KQUEUE STD\|SYSFIL_FDESC\|CAPENABLED {
	int kqueue(void);
	}
	-363 AUE_KEVENT COMPAT11\|CAPENABLED {
	+363 AUE_KEVENT COMPAT11\|SYSFIL_CORE\|CAPENABLED {
	int kevent(
	int fd,
	_In_reads_opt_(nchanges) _Contains_ptr_ const struct freebsd11_kevent *changelist,
	@@ -1958,7 +1959,7 @@
	368 AUE_NULL OBSOL __cap_set_fd
	369 AUE_NULL OBSOL __cap_set_file
	370 AUE_NULL RESERVED
	-371 AUE_EXTATTR_SET_FD STD\|CAPENABLED {
	+371 AUE_EXTATTR_SET_FD STD\|SYSFIL_EXTATTR\|SYSFIL_FATTR\|CAPENABLED {
	ssize_t extattr_set_fd(
	int fd,
	int attrnamespace,
	@@ -1967,7 +1968,7 @@
	size_t nbytes
	);
	}
	-372 AUE_EXTATTR_GET_FD STD\|CAPENABLED {
	+372 AUE_EXTATTR_GET_FD STD\|SYSFIL_EXTATTR\|CAPENABLED {
	ssize_t extattr_get_fd(
	int fd,
	int attrnamespace,
	@@ -1976,20 +1977,20 @@
	size_t nbytes
	);
	}
	-373 AUE_EXTATTR_DELETE_FD STD\|CAPENABLED {
	+373 AUE_EXTATTR_DELETE_FD STD\|SYSFIL_EXTATTR\|SYSFIL_FATTR\|CAPENABLED {
	int extattr_delete_fd(
	int fd,
	int attrnamespace,
	_In_z_ const char *attrname
	);
	}
	-374 AUE_SETUGID STD {
	+374 AUE_SETUGID STD\|SYSFIL_SETCRED {
	int __setugid(
	int flag
	);
	}
	375 AUE_NULL OBSOL nfsclnt
	-376 AUE_EACCESS STD {
	+376 AUE_EACCESS STD\|SYSFIL_PATH {
	int eaccess(
	_In_z_ const char *path,
	int amode
	@@ -2006,7 +2007,7 @@
	long parm6
	);
	}
	-378 AUE_NMOUNT STD {
	+378 AUE_NMOUNT STD\|SYSFIL_MOUNT {
	int nmount(
	_In_reads_(iovcnt) _Contains_long_ptr_ struct iovec *iovp,
	unsigned int iovcnt,
	@@ -2018,35 +2019,35 @@
	381 AUE_NULL OBSOL kse_create
	382 AUE_NULL OBSOL kse_thr_interrupt
	383 AUE_NULL OBSOL kse_release
	-384 AUE_NULL STD\|CAPENABLED {
	+384 AUE_NULL STD\|SYSFIL_MAC\|SYSFIL_GETCRED\|CAPENABLED {
	int __mac_get_proc(
	_In_ _Contains_long_ptr_ struct mac *mac_p
	);
	}
	-385 AUE_NULL STD\|CAPENABLED {
	+385 AUE_NULL STD\|SYSFIL_MAC\|SYSFIL_SETCRED\|CAPENABLED {
	int __mac_set_proc(
	_In_ _Contains_long_ptr_ struct mac *mac_p
	);
	}
	-386 AUE_NULL STD\|CAPENABLED {
	+386 AUE_NULL STD\|SYSFIL_MAC\|CAPENABLED {
	int __mac_get_fd(
	int fd,
	_In_ _Contains_long_ptr_ struct mac *mac_p
	);
	}
	-387 AUE_NULL STD {
	+387 AUE_NULL STD\|SYSFIL_MAC\|SYSFIL_PATH {
	int __mac_get_file(
	_In_z_ const char *path_p,
	_In_ _Contains_long_ptr_ struct mac *mac_p
	);
	}
	-388 AUE_NULL STD\|CAPENABLED {
	+388 AUE_NULL STD\|SYSFIL_MAC\|SYSFIL_FATTR\|CAPENABLED {
	int __mac_set_fd(
	int fd,
	_In_ _Contains_long_ptr_ struct mac *mac_p
	);
	}
	-389 AUE_NULL STD {
	+389 AUE_NULL STD\|SYSFIL_MAC\|SYSFIL_FATTR\|SYSFIL_PATH {
	int __mac_set_file(
	_In_z_ const char *path_p,
	_In_ _Contains_long_ptr_ struct mac *mac_p
	@@ -2060,19 +2061,19 @@
	int len
	);
	}
	-391 AUE_LCHFLAGS STD {
	+391 AUE_LCHFLAGS STD\|SYSFIL_PATH\|SYSFIL_FATTR {
	int lchflags(
	_In_z_ const char *path,
	u_long flags
	);
	}
	-392 AUE_NULL STD\|CAPENABLED {
	+392 AUE_NULL STD\|SYSFIL_CORE\|CAPENABLED {
	int uuidgen(
	_Out_writes_(count) struct uuid *store,
	int count
	);
	}
	-393 AUE_SENDFILE STD\|CAPENABLED {
	+393 AUE_SENDFILE STD\|SYSFIL_SENDFILE\|CAPENABLED {
	int sendfile(
	int fd,
	int s,
	@@ -2083,66 +2084,66 @@
	int flags
	);
	}
	-394 AUE_NULL STD {
	+394 AUE_NULL STD\|SYSFIL_MAC {
	int mac_syscall(
	_In_z_ const char *policy,
	int call,
	_In_opt_ void *arg
	);
	}
	-395 AUE_GETFSSTAT COMPAT11 {
	+395 AUE_GETFSSTAT COMPAT11\|SYSFIL_RPATH {
	int getfsstat(
	_Out_writes_bytes_opt_(bufsize) struct freebsd11_statfs *buf,
	long bufsize,
	int mode
	);
	}
	-396 AUE_STATFS COMPAT11 {
	+396 AUE_STATFS COMPAT11\|SYSFIL_RPATH {
	int statfs(
	_In_z_ const char *path,
	_Out_ struct freebsd11_statfs *buf
	);
	}
	-397 AUE_FSTATFS COMPAT11\|CAPENABLED {
	+397 AUE_FSTATFS COMPAT11\|SYSFIL_RPATH\|CAPENABLED {
	int fstatfs(
	int fd,
	_Out_ struct freebsd11_statfs *buf
	);
	}
	-398 AUE_FHSTATFS COMPAT11 {
	+398 AUE_FHSTATFS COMPAT11\|SYSFIL_RPATH\|SYSFIL_FH {
	int fhstatfs(
	_In_ const struct fhandle *u_fhp,
	_Out_ struct freebsd11_statfs *buf
	);
	}
	399 AUE_NULL RESERVED
	-400 AUE_SEMCLOSE NOSTD {
	+400 AUE_SEMCLOSE NOSTD\|SYSFIL_POSIXSEM {
	int ksem_close(
	semid_t id
	);
	}
	-401 AUE_SEMPOST NOSTD {
	+401 AUE_SEMPOST NOSTD\|SYSFIL_POSIXSEM {
	int ksem_post(
	semid_t id
	);
	}
	-402 AUE_SEMWAIT NOSTD {
	+402 AUE_SEMWAIT NOSTD\|SYSFIL_POSIXSEM {
	int ksem_wait(
	semid_t id
	);
	}
	-403 AUE_SEMTRYWAIT NOSTD {
	+403 AUE_SEMTRYWAIT NOSTD\|SYSFIL_POSIXSEM {
	int ksem_trywait(
	semid_t id
	);
	}
	-404 AUE_SEMINIT NOSTD {
	+404 AUE_SEMINIT NOSTD\|SYSFIL_POSIXSEM {
	int ksem_init(
	_Out_ semid_t *idp,
	unsigned int value
	);
	}
	-405 AUE_SEMOPEN NOSTD {
	+405 AUE_SEMOPEN NOSTD\|SYSFIL_FDESC\|SYSFIL_POSIXSEM {
	int ksem_open(
	_Out_ semid_t *idp,
	_In_z_ const char *name,
	@@ -2151,41 +2152,41 @@
	unsigned int value
	);
	}
	-406 AUE_SEMUNLINK NOSTD {
	+406 AUE_SEMUNLINK NOSTD\|SYSFIL_POSIXSEM {
	int ksem_unlink(
	_In_z_ const char *name
	);
	}
	-407 AUE_SEMGETVALUE NOSTD {
	+407 AUE_SEMGETVALUE NOSTD\|SYSFIL_POSIXSEM {
	int ksem_getvalue(
	semid_t id,
	_Out_ int *val
	);
	}
	-408 AUE_SEMDESTROY NOSTD {
	+408 AUE_SEMDESTROY NOSTD\|SYSFIL_POSIXSEM {
	int ksem_destroy(
	semid_t id
	);
	}
	-409 AUE_NULL STD {
	+409 AUE_NULL STD\|SYSFIL_MAC\|SYSFIL_GETCRED {
	int __mac_get_pid(
	pid_t pid,
	_In_ _Contains_long_ptr_ struct mac *mac_p
	);
	}
	-410 AUE_NULL STD {
	+410 AUE_NULL STD\|SYSFIL_MAC\|SYSFIL_PATH {
	int __mac_get_link(
	_In_z_ const char *path_p,
	_In_ _Contains_long_ptr_ struct mac *mac_p
	);
	}
	-411 AUE_NULL STD {
	+411 AUE_NULL STD\|SYSFIL_MAC\|SYSFIL_FATTR\|SYSFIL_PATH {
	int __mac_set_link(
	_In_z_ const char *path_p,
	_In_ _Contains_long_ptr_ struct mac *mac_p
	);
	}
	-412 AUE_EXTATTR_SET_LINK STD {
	+412 AUE_EXTATTR_SET_LINK STD\|SYSFIL_PATH\|SYSFIL_FATTR\|SYSFIL_EXTATTR {
	ssize_t extattr_set_link(
	_In_z_ const char *path,
	int attrnamespace,
	@@ -2194,7 +2195,7 @@
	size_t nbytes
	);
	}
	-413 AUE_EXTATTR_GET_LINK STD {
	+413 AUE_EXTATTR_GET_LINK STD\|SYSFIL_PATH\|SYSFIL_EXTATTR {
	ssize_t extattr_get_link(
	_In_z_ const char *path,
	int attrnamespace,
	@@ -2203,14 +2204,14 @@
	size_t nbytes
	);
	}
	-414 AUE_EXTATTR_DELETE_LINK STD {
	+414 AUE_EXTATTR_DELETE_LINK STD\|SYSFIL_PATH\|SYSFIL_FATTR\|SYSFIL_EXTATTR {
	int extattr_delete_link(
	_In_z_ const char *path,
	int attrnamespace,
	_In_z_ const char *attrname
	);
	}
	-415 AUE_NULL STD {
	+415 AUE_NULL STD\|SYSFIL_MAC\|SYSFIL_PATH\|SYSFIL_EXEC {
	int __mac_execve(
	_In_z_ const char *fname,
	_In_ char **argv,
	@@ -2218,30 +2219,30 @@
	_In_ _Contains_long_ptr_ struct mac *mac_p
	);
	}
	-416 AUE_SIGACTION STD\|CAPENABLED {
	+416 AUE_SIGACTION STD\|SYSFIL_SIGHAND\|CAPENABLED {
	int sigaction(
	int sig,
	_In_opt_ _Contains_ptr_ const struct sigaction *act,
	_Out_opt_ _Contains_ptr_ struct sigaction *oact
	);
	}
	-417 AUE_SIGRETURN STD\|CAPENABLED {
	+417 AUE_SIGRETURN STD\|SYSFIL_CORE\|CAPENABLED {
	int sigreturn(
	_In_ _Contains_long_ptr_ const struct __ucontext *sigcntxp
	);
	}
	418-420 AUE_NULL RESERVED
	-421 AUE_NULL STD\|CAPENABLED {
	+421 AUE_NULL STD\|SYSFIL_THREAD\|CAPENABLED {
	int getcontext(
	_Out_ _Contains_long_ptr_ struct __ucontext *ucp
	);
	}
	-422 AUE_NULL STD\|CAPENABLED {
	+422 AUE_NULL STD\|SYSFIL_THREAD\|CAPENABLED {
	int setcontext(
	_In_ _Contains_long_ptr_ const struct __ucontext *ucp
	);
	}
	-423 AUE_NULL STD {
	+423 AUE_NULL STD\|SYSFIL_THREAD {
	int swapcontext(
	_Out_ _Contains_long_ptr_ struct __ucontext *oucp,
	_In_ _Contains_long_ptr_ const struct __ucontext *ucp
	@@ -2252,81 +2253,81 @@
	_In_z_ const char *name
	);
	}
	-425 AUE_ACL_GET_LINK STD {
	+425 AUE_ACL_GET_LINK STD\|SYSFIL_PATH\|SYSFIL_ACL {
	int __acl_get_link(
	_In_z_ const char *path,
	acl_type_t type,
	_Out_ struct acl *aclp
	);
	}
	-426 AUE_ACL_SET_LINK STD {
	+426 AUE_ACL_SET_LINK STD\|SYSFIL_PATH\|SYSFIL_FATTR\|SYSFIL_ACL {
	int __acl_set_link(
	_In_z_ const char *path,
	acl_type_t type,
	_In_ struct acl *aclp
	);
	}
	-427 AUE_ACL_DELETE_LINK STD {
	+427 AUE_ACL_DELETE_LINK STD\|SYSFIL_PATH\|SYSFIL_FATTR\|SYSFIL_ACL {
	int __acl_delete_link(
	_In_z_ const char *path,
	acl_type_t type
	);
	}
	-428 AUE_ACL_CHECK_LINK STD {
	+428 AUE_ACL_CHECK_LINK STD\|SYSFIL_PATH\|SYSFIL_ACL {
	int __acl_aclcheck_link(
	_In_z_ const char *path,
	acl_type_t type,
	_In_ struct acl *aclp
	);
	}
	-429 AUE_SIGWAIT STD\|CAPENABLED {
	+429 AUE_SIGWAIT STD\|SYSFIL_SIGWAIT\|CAPENABLED {
	int sigwait(
	_In_ const sigset_t *set,
	_Out_ int *sig
	);
	}
	-430 AUE_THR_CREATE STD\|CAPENABLED {
	+430 AUE_THR_CREATE STD\|SYSFIL_THREAD\|CAPENABLED {
	int thr_create(
	_In_ _Contains_long_ptr_ ucontext_t *ctx,
	_Out_ long *id,
	int flags
	);
	}
	-431 AUE_THR_EXIT STD\|CAPENABLED {
	+431 AUE_THR_EXIT STD\|SYSFIL_THREAD\|CAPENABLED {
	void thr_exit(
	_Out_opt_ long *state
	);
	}
	-432 AUE_NULL STD\|CAPENABLED {
	+432 AUE_NULL STD\|SYSFIL_THREAD_\|CAPENABLED {
	int thr_self(
	_Out_ long *id
	);
	}
	-433 AUE_THR_KILL STD\|CAPENABLED {
	+433 AUE_THR_KILL STD\|SYSFIL_THREAD_\|CAPENABLED {
	int thr_kill(
	long id,
	int sig
	);
	}

	-434 AUE_NULL COMPAT10 {
	+434 AUE_NULL COMPAT10\|SYSFIL_THREAD {
	int _umtx_lock(
	_Inout_ struct umtx *umtx
	);
	}

	-435 AUE_NULL COMPAT10 {
	+435 AUE_NULL COMPAT10\|SYSFIL_THREAD {
	int _umtx_unlock(
	_Inout_ struct umtx *umtx
	);
	}

	-436 AUE_JAIL_ATTACH STD {
	+436 AUE_JAIL_ATTACH STD\|SYSFIL_JAIL {
	int jail_attach(
	int jid
	);
	}
	-437 AUE_EXTATTR_LIST_FD STD\|CAPENABLED {
	+437 AUE_EXTATTR_LIST_FD STD\|SYSFIL_EXTATTR\|CAPENABLED {
	ssize_t extattr_list_fd(
	int fd,
	int attrnamespace,
	@@ -2334,7 +2335,7 @@
	size_t nbytes
	);
	}
	-438 AUE_EXTATTR_LIST_FILE STD {
	+438 AUE_EXTATTR_LIST_FILE STD\|SYSFIL_PATH\|SYSFIL_EXTATTR {
	ssize_t extattr_list_file(
	_In_z_ const char *path,
	int attrnamespace,
	@@ -2342,7 +2343,7 @@
	size_t nbytes
	);
	}
	-439 AUE_EXTATTR_LIST_LINK STD {
	+439 AUE_EXTATTR_LIST_LINK STD\|SYSFIL_PATH\|SYSFIL_EXTATTR {
	ssize_t extattr_list_link(
	_In_z_ const char *path,
	int attrnamespace,
	@@ -2351,79 +2352,79 @@
	);
	}
	440 AUE_NULL OBSOL kse_switchin
	-441 AUE_SEMWAIT NOSTD {
	+441 AUE_SEMWAIT NOSTD\|SYSFIL_POSIXSEM {
	int ksem_timedwait(
	semid_t id,
	_In_opt_ _Contains_long_timet_ const struct timespec *abstime
	);
	}
	-442 AUE_NULL STD\|CAPENABLED {
	+442 AUE_NULL STD\|SYSFIL_THREAD\|CAPENABLED {
	int thr_suspend(
	_In_opt_ _Contains_long_timet_ const struct timespec *timeout
	);
	}
	-443 AUE_NULL STD\|CAPENABLED {
	+443 AUE_NULL STD\|SYSFIL_THREAD\|CAPENABLED {
	int thr_wake(
	long id
	);
	}
	-444 AUE_MODUNLOAD STD {
	+444 AUE_MODUNLOAD STD\|SYSFIL_KMOD {
	int kldunloadf(
	int fileid,
	int flags
	);
	}
	-445 AUE_AUDIT STD {
	+445 AUE_AUDIT STD\|SYSFIL_AUDIT {
	int audit(
	_In_reads_bytes_(length) const void *record,
	u_int length
	);
	}
	-446 AUE_AUDITON STD {
	+446 AUE_AUDITON STD\|SYSFIL_AUDIT {
	int auditon(
	int cmd,
	_In_opt_ void *data,
	u_int length
	);
	}
	-447 AUE_GETAUID STD\|CAPENABLED {
	+447 AUE_GETAUID STD\|SYSFIL_AUDIT\|CAPENABLED {
	int getauid(
	_Out_ uid_t *auid
	);
	}
	-448 AUE_SETAUID STD\|CAPENABLED {
	+448 AUE_SETAUID STD\|SYSFIL_AUDIT\|CAPENABLED {
	int setauid(
	_In_ uid_t *auid
	);
	}
	-449 AUE_GETAUDIT STD\|CAPENABLED {
	+449 AUE_GETAUDIT STD\|SYSFIL_AUDIT\|CAPENABLED {
	int getaudit(
	_Out_ struct auditinfo *auditinfo
	);
	}
	-450 AUE_SETAUDIT STD\|CAPENABLED {
	+450 AUE_SETAUDIT STD\|SYSFIL_AUDIT\|CAPENABLED {
	int setaudit(
	_In_ struct auditinfo *auditinfo
	);
	}
	-451 AUE_GETAUDIT_ADDR STD\|CAPENABLED {
	+451 AUE_GETAUDIT_ADDR STD\|SYSFIL_AUDIT\|CAPENABLED {
	int getaudit_addr(
	_Out_writes_bytes_(length) struct auditinfo_addr *auditinfo_addr,
	u_int length
	);
	}
	-452 AUE_SETAUDIT_ADDR STD\|CAPENABLED {
	+452 AUE_SETAUDIT_ADDR STD\|SYSFIL_AUDIT\|CAPENABLED {
	int setaudit_addr(
	_In_reads_bytes_(length) struct auditinfo_addr *auditinfo_addr,
	u_int length
	);
	}
	-453 AUE_AUDITCTL STD {
	+453 AUE_AUDITCTL STD\|SYSFIL_AUDIT {
	int auditctl(
	_In_z_ const char *path
	);
	}
	-454 AUE_NULL STD\|CAPENABLED {
	+454 AUE_NULL STD\|SYSFIL_THREAD\|CAPENABLED {
	int _umtx_op(
	_Inout_ void *obj,
	int op,
	@@ -2432,13 +2433,13 @@
	_In_ void *uaddr2
	);
	}
	-455 AUE_THR_NEW STD\|CAPENABLED {
	+455 AUE_THR_NEW STD\|SYSFIL_THREAD\|CAPENABLED {
	int thr_new(
	_In_ _Contains_long_ptr_ struct thr_param *param,
	int param_size
	);
	}
	-456 AUE_NULL STD\|CAPENABLED {
	+456 AUE_NULL STD\|SYSFIL_SIGSEND\|CAPENABLED {
	int sigqueue(
	pid_t pid,
	int signum,
	@@ -2446,7 +2447,7 @@
	);
	}

	-457 AUE_MQ_OPEN NOSTD {
	+457 AUE_MQ_OPEN NOSTD\|SYSFIL_FDESC\|SYSFIL_POSIXMSG {
	int kmq_open(
	_In_z_ const char *path,
	int flags,
	@@ -2454,14 +2455,14 @@
	_In_opt_ _Contains_long_ const struct mq_attr *attr
	);
	}
	-458 AUE_MQ_SETATTR NOSTD\|CAPENABLED {
	+458 AUE_MQ_SETATTR NOSTD\|SYSFIL_POSIXMSG\|CAPENABLED {
	int kmq_setattr(
	int mqd,
	_In_opt_ _Contains_long_ const struct mq_attr *attr,
	_Out_opt_ _Contains_long_ struct mq_attr *oattr
	);
	}
	-459 AUE_MQ_TIMEDRECEIVE NOSTD\|CAPENABLED {
	+459 AUE_MQ_TIMEDRECEIVE NOSTD\|SYSFIL_POSIXMSG\|CAPENABLED {
	int kmq_timedreceive(
	int mqd,
	_Out_writes_bytes_(msg_len) char *msg_ptr,
	@@ -2470,7 +2471,7 @@
	_In_opt_ _Contains_long_timet_ const struct timespec *abs_timeout
	);
	}
	-460 AUE_MQ_TIMEDSEND NOSTD\|CAPENABLED {
	+460 AUE_MQ_TIMEDSEND NOSTD\|SYSFIL_POSIXMSG\|CAPENABLED {
	int kmq_timedsend(
	int mqd,
	_In_reads_bytes_(msg_len) const char *msg_ptr,
	@@ -2479,37 +2480,37 @@
	_In_opt_ _Contains_long_timet_ const struct timespec *abs_timeout
	);
	}
	-461 AUE_MQ_NOTIFY NOSTD\|CAPENABLED {
	+461 AUE_MQ_NOTIFY NOSTD\|SYSFIL_POSIXMSG\|CAPENABLED {
	int kmq_notify(
	int mqd,
	_In_opt_ _Contains_long_ptr_ const struct sigevent *sigev
	);
	}
	-462 AUE_MQ_UNLINK NOSTD {
	+462 AUE_MQ_UNLINK NOSTD\|SYSFIL_POSIXMSG {
	int kmq_unlink(
	_In_z_ const char *path
	);
	}
	-463 AUE_NULL STD\|CAPENABLED {
	+463 AUE_NULL STD\|SYSFIL_ALWAYS\|CAPENABLED {
	void abort2(
	_In_z_ const char *why,
	int nargs,
	_In_reads_(nargs) void **args
	);
	}
	-464 AUE_NULL STD\|CAPENABLED {
	+464 AUE_NULL STD\|SYSFIL_THREAD\|CAPENABLED {
	int thr_set_name(
	long id,
	_In_z_ const char *name
	);
	}
	-465 AUE_AIO_FSYNC STD\|CAPENABLED {
	+465 AUE_AIO_FSYNC STD\|SYSFIL_AIO\|CAPENABLED {
	int aio_fsync(
	int op,
	_In_ _Contains_long_ptr_ struct aiocb *aiocbp
	);
	}
	-466 AUE_RTPRIO STD\|CAPENABLED {
	+466 AUE_RTPRIO STD\|SYSFIL_THREAD\|SYSFIL_SCHED\|CAPENABLED {
	int rtprio_thread(
	int function,
	lwpid_t lwpid,
	@@ -2517,13 +2518,13 @@
	);
	}
	467-470 AUE_NULL RESERVED
	-471 AUE_SCTP_PEELOFF NOSTD\|CAPENABLED {
	+471 AUE_SCTP_PEELOFF NOSTD\|SYSFIL_FDESC\|SYSFIL_SOCK\|CAPENABLED {
	int sctp_peeloff(
	int sd,
	uint32_t name
	);
	}
	-472 AUE_SCTP_GENERIC_SENDMSG NOSTD\|CAPENABLED {
	+472 AUE_SCTP_GENERIC_SENDMSG NOSTD\|SYSFIL_SOCKIO\|CAPENABLED {
	int sctp_generic_sendmsg(
	int sd,
	_In_reads_bytes_(mlen) void *msg,
	@@ -2534,7 +2535,7 @@
	int flags
	);
	}
	-473 AUE_SCTP_GENERIC_SENDMSG_IOV NOSTD\|CAPENABLED {
	+473 AUE_SCTP_GENERIC_SENDMSG_IOV NOSTD\|SYSFIL_SOCKIO\|CAPENABLED {
	int sctp_generic_sendmsg_iov(
	int sd,
	_In_reads_(iovlen) _Contains_long_ptr_ struct iovec *iov,
	@@ -2545,7 +2546,7 @@
	int flags
	);
	}
	-474 AUE_SCTP_GENERIC_RECVMSG NOSTD\|CAPENABLED {
	+474 AUE_SCTP_GENERIC_RECVMSG NOSTD\|SYSFIL_SOCKIO\|CAPENABLED {
	int sctp_generic_recvmsg(
	int sd,
	_In_reads_(iovlen) _Contains_long_ptr_ struct iovec *iov,
	@@ -2556,7 +2557,7 @@
	_Out_opt_ int *msg_flags
	);
	}
	-475 AUE_PREAD STD\|CAPENABLED {
	+475 AUE_PREAD STD\|SYSFIL_CORE\|CAPENABLED {
	ssize_t pread(
	int fd,
	_Out_writes_bytes_(nbyte) void *buf,
	@@ -2564,7 +2565,7 @@
	off_t offset
	);
	}
	-476 AUE_PWRITE STD\|CAPENABLED {
	+476 AUE_PWRITE STD\|SYSFIL_CORE\|CAPENABLED {
	ssize_t pwrite(
	int fd,
	_In_reads_bytes_(nbyte) const void *buf,
	@@ -2572,7 +2573,7 @@
	off_t offset
	);
	}
	-477 AUE_MMAP STD\|CAPENABLED {
	+477 AUE_MMAP STD\|SYSFIL_MMAN\|CAPENABLED {
	void *mmap(
	_In_ void *addr,
	size_t len,
	@@ -2582,57 +2583,57 @@
	off_t pos
	);
	}
	-478 AUE_LSEEK STD\|CAPENABLED {
	+478 AUE_LSEEK STD\|SYSFIL_CORE\|CAPENABLED {
	off_t lseek(
	int fd,
	off_t offset,
	int whence
	);
	}
	-479 AUE_TRUNCATE STD {
	+479 AUE_TRUNCATE STD\|SYSFIL_WPATH {
	int truncate(
	_In_z_ const char *path,
	off_t length
	);
	}
	-480 AUE_FTRUNCATE STD\|CAPENABLED {
	+480 AUE_FTRUNCATE STD\|SYSFIL_CORE\|CAPENABLED {
	int ftruncate(
	int fd,
	off_t length
	);
	}
	-481 AUE_THR_KILL2 STD {
	+481 AUE_THR_KILL2 STD\|SYSFIL_THREAD {
	int thr_kill2(
	pid_t pid,
	long id,
	int sig
	);
	}
	-482 AUE_SHMOPEN COMPAT12\|CAPENABLED {
	+482 AUE_SHMOPEN COMPAT12\|SYSFIL_FDESC\|SYSFIL_POSIXSHM_\|CAPENABLED {
	int shm_open(
	_In_z_ const char *path,
	int flags,
	mode_t mode
	);
	}
	-483 AUE_SHMUNLINK STD {
	+483 AUE_SHMUNLINK STD\|SYSFIL_POSIXSHM {
	int shm_unlink(
	_In_z_ const char *path
	);
	}
	-484 AUE_NULL STD {
	+484 AUE_NULL STD\|SYSFIL_CPUSET {
	int cpuset(
	_Out_ cpusetid_t *setid
	);
	}
	-485 AUE_NULL STD {
	+485 AUE_NULL STD\|SYSFIL_CPUSET {
	int cpuset_setid(
	cpuwhich_t which,
	id_t id,
	cpusetid_t setid
	);
	}
	-486 AUE_NULL STD {
	+486 AUE_NULL STD\|SYSFIL_CPUSET {
	int cpuset_getid(
	cpulevel_t level,
	cpuwhich_t which,
	@@ -2640,7 +2641,7 @@
	_Out_ cpusetid_t *setid
	);
	}
	-487 AUE_NULL STD\|CAPENABLED {
	+487 AUE_NULL STD\|SYSFIL_CPUSET_\|CAPENABLED {
	int cpuset_getaffinity(
	cpulevel_t level,
	cpuwhich_t which,
	@@ -2649,7 +2650,7 @@
	_Out_ cpuset_t *mask
	);
	}
	-488 AUE_NULL STD\|CAPENABLED {
	+488 AUE_NULL STD\|SYSFIL_CPUSET_\|CAPENABLED {
	int cpuset_setaffinity(
	cpulevel_t level,
	cpuwhich_t which,
	@@ -2658,7 +2659,7 @@
	_Out_ const cpuset_t *mask
	);
	}
	-489 AUE_FACCESSAT STD\|CAPENABLED {
	+489 AUE_FACCESSAT STD\|SYSFIL_PATH\|CAPENABLED {
	int faccessat(
	int fd,
	_In_z_ const char *path,
	@@ -2666,7 +2667,7 @@
	int flag
	);
	}
	-490 AUE_FCHMODAT STD\|CAPENABLED {
	+490 AUE_FCHMODAT STD\|SYSFIL_PATH\|SYSFIL_FATTR\|CAPENABLED {
	int fchmodat(
	int fd,
	_In_z_ const char *path,
	@@ -2674,7 +2675,7 @@
	int flag
	);
	}
	-491 AUE_FCHOWNAT STD\|CAPENABLED {
	+491 AUE_FCHOWNAT STD\|SYSFIL_PATH\|SYSFIL_FATTR\|CAPENABLED {
	int fchownat(
	int fd,
	_In_z_ const char *path,
	@@ -2683,14 +2684,14 @@
	int flag
	);
	}
	-492 AUE_FEXECVE STD\|CAPENABLED {
	+492 AUE_FEXECVE STD\|SYSFIL_EXEC\|CAPENABLED {
	int fexecve(
	int fd,
	_In_ char **argv,
	_In_ char **envv
	);
	}
	-493 AUE_FSTATAT COMPAT11\|CAPENABLED {
	+493 AUE_FSTATAT COMPAT11\|SYSFIL_RPATH\|CAPENABLED {
	int fstatat(
	int fd,
	_In_z_ const char *path,
	@@ -2698,14 +2699,14 @@
	int flag
	);
	}
	-494 AUE_FUTIMESAT STD\|CAPENABLED {
	+494 AUE_FUTIMESAT STD\|SYSFIL_PATH\|SYSFIL_FATTR\|CAPENABLED {
	int futimesat(
	int fd,
	_In_z_ const char *path,
	_In_reads_(2) _Contains_long_timet_ const struct timeval *times
	);
	}
	-495 AUE_LINKAT STD\|CAPENABLED {
	+495 AUE_LINKAT STD\|SYSFIL_CPATH\|CAPENABLED {
	int linkat(
	int fd1,
	_In_z_ const char *path1,
	@@ -2714,21 +2715,21 @@
	int flag
	);
	}
	-496 AUE_MKDIRAT STD\|CAPENABLED {
	+496 AUE_MKDIRAT STD\|SYSFIL_CPATH\|CAPENABLED {
	int mkdirat(
	int fd,
	_In_z_ const char *path,
	mode_t mode
	);
	}
	-497 AUE_MKFIFOAT STD\|CAPENABLED {
	+497 AUE_MKFIFOAT STD\|SYSFIL_CPATH\|CAPENABLED {
	int mkfifoat(
	int fd,
	_In_z_ const char *path,
	mode_t mode
	);
	}
	-498 AUE_MKNODAT COMPAT11\|CAPENABLED {
	+498 AUE_MKNODAT COMPAT11\|SYSFIL_CPATH\|CAPENABLED {
	int mknodat(
	int fd,
	_In_z_ const char *path,
	@@ -2737,7 +2738,7 @@
	);
	}
	; XXX: see the comment for open
	-499 AUE_OPENAT_RWTC STD\|CAPENABLED {
	+499 AUE_OPENAT_RWTC STD\|SYSFIL_FDESC\|SYSFIL_PATH\|CAPENABLED {
	int openat(
	int fd,
	_In_z_ const char *path,
	@@ -2745,7 +2746,7 @@
	mode_t mode
	);
	}
	-500 AUE_READLINKAT STD\|CAPENABLED {
	+500 AUE_READLINKAT STD\|SYSFIL_RPATH\|CAPENABLED {
	ssize_t readlinkat(
	int fd,
	_In_z_ const char *path,
	@@ -2753,7 +2754,7 @@
	size_t bufsize
	);
	}
	-501 AUE_RENAMEAT STD\|CAPENABLED {
	+501 AUE_RENAMEAT STD\|SYSFIL_CPATH\|SYSFIL_DPATH\|CAPENABLED {
	int renameat(
	int oldfd,
	_In_z_ const char *old,
	@@ -2761,21 +2762,21 @@
	_In_z_ const char *new
	);
	}
	-502 AUE_SYMLINKAT STD\|CAPENABLED {
	+502 AUE_SYMLINKAT STD\|SYSFIL_CPATH\|CAPENABLED {
	int symlinkat(
	_In_z_ const char *path1,
	int fd,
	_In_z_ const char *path2
	);
	}
	-503 AUE_UNLINKAT STD\|CAPENABLED {
	+503 AUE_UNLINKAT STD\|SYSFIL_DPATH\|CAPENABLED {
	int unlinkat(
	int fd,
	_In_z_ const char *path,
	int flag
	);
	}
	-504 AUE_POSIX_OPENPT STD {
	+504 AUE_POSIX_OPENPT STD\|SYSFIL_FDESC\|SYSFIL_TTY {
	int posix_openpt(
	int flags
	);
	@@ -2786,31 +2787,31 @@
	_In_z_ const char *path
	);
	}
	-506 AUE_JAIL_GET STD {
	+506 AUE_JAIL_GET STD\|SYSFIL_JAIL {
	int jail_get(
	_In_reads_(iovcnt) _Contains_long_ptr_ struct iovec *iovp,
	unsigned int iovcnt,
	int flags
	);
	}
	-507 AUE_JAIL_SET STD {
	+507 AUE_JAIL_SET STD\|SYSFIL_JAIL {
	int jail_set(
	_In_reads_(iovcnt) _Contains_long_ptr_ struct iovec *iovp,
	unsigned int iovcnt,
	int flags
	);
	}
	-508 AUE_JAIL_REMOVE STD {
	+508 AUE_JAIL_REMOVE STD\|SYSFIL_JAIL {
	int jail_remove(
	int jid
	);
	}
	-509 AUE_CLOSEFROM COMPAT12\|CAPENABLED {
	+509 AUE_CLOSEFROM COMPAT12\|SYSFIL_FDESC\|CAPENABLED {
	int closefrom(
	int lowfd
	);
	}
	-510 AUE_SEMCTL NOSTD {
	+510 AUE_SEMCTL NOSTD\|SYSFIL_SYSVSEM {
	int __semctl(
	int semid,
	int semnum,
	@@ -2818,62 +2819,62 @@
	_Inout_ _Contains_ptr_ union semun *arg
	);
	}
	-511 AUE_MSGCTL NOSTD {
	+511 AUE_MSGCTL NOSTD\|SYSFIL_SYSVMSG {
	int msgctl(
	int msqid,
	int cmd,
	_Inout_opt_ _Contains_long_ptr_ struct msqid_ds *buf
	);
	}
	-512 AUE_SHMCTL NOSTD {
	+512 AUE_SHMCTL NOSTD\|SYSFIL_SYSVSHM {
	int shmctl(
	int shmid,
	int cmd,
	_Inout_opt_ _Contains_long_ struct shmid_ds *buf
	);
	}
	-513 AUE_LPATHCONF STD {
	+513 AUE_LPATHCONF STD\|SYSFIL_PATH {
	int lpathconf(
	_In_z_ const char *path,
	int name
	);
	}
	514 AUE_NULL OBSOL cap_new
	-515 AUE_CAP_RIGHTS_GET STD\|CAPENABLED {
	+515 AUE_CAP_RIGHTS_GET STD\|SYSFIL_CAPCOMPAT\|CAPENABLED {
	int __cap_rights_get(
	int version,
	int fd,
	_Out_ cap_rights_t *rightsp
	);
	}
	-516 AUE_CAP_ENTER STD\|CAPENABLED {
	+516 AUE_CAP_ENTER STD\|SYSFIL_CAPCOMPAT\|CAPENABLED {
	int cap_enter(void);
	}
	-517 AUE_CAP_GETMODE STD\|CAPENABLED {
	+517 AUE_CAP_GETMODE STD\|SYSFIL_CAPCOMPAT\|CAPENABLED {
	int cap_getmode(
	_Out_ u_int *modep
	);
	}
	-518 AUE_PDFORK STD\|CAPENABLED {
	+518 AUE_PDFORK STD\|SYSFIL_FDESC\|SYSFIL_FORK\|CAPENABLED {
	int pdfork(
	_Out_ int *fdp,
	int flags
	);
	}
	-519 AUE_PDKILL STD\|CAPENABLED {
	+519 AUE_PDKILL STD\|SYSFIL_SIGSEND\|CAPENABLED {
	int pdkill(
	int fd,
	int signum
	);
	}
	-520 AUE_PDGETPID STD\|CAPENABLED {
	+520 AUE_PDGETPID STD\|SYSFIL_WAIT\|CAPENABLED {
	int pdgetpid(
	int fd,
	_Out_ pid_t *pidp
	);
	}
	521 AUE_NULL RESERVED
	-522 AUE_SELECT STD\|CAPENABLED {
	+522 AUE_SELECT STD\|SYSFIL_CORE\|CAPENABLED {
	int pselect(
	int nd,
	_Inout_opt_ fd_set *in,
	@@ -2883,13 +2884,13 @@
	_In_opt_ const sigset_t *sm
	);
	}
	-523 AUE_GETLOGINCLASS STD\|CAPENABLED {
	+523 AUE_GETLOGINCLASS STD\|SYSFIL_GETCRED\|CAPENABLED {
	int getloginclass(
	_Out_writes_z_(namelen) char *namebuf,
	size_t namelen
	);
	}
	-524 AUE_SETLOGINCLASS STD {
	+524 AUE_SETLOGINCLASS STD\|SYSFIL_SETCRED {
	int setloginclass(
	_In_z_ const char *namebuf
	);
	@@ -2934,14 +2935,14 @@
	size_t outbuflen
	);
	}
	-530 AUE_POSIX_FALLOCATE STD\|CAPENABLED {
	+530 AUE_POSIX_FALLOCATE STD\|SYSFIL_CORE\|CAPENABLED {
	int posix_fallocate(
	int fd,
	off_t offset,
	off_t len
	);
	}
	-531 AUE_POSIX_FADVISE STD {
	+531 AUE_POSIX_FADVISE STD\|SYSFIL_CORE {
	int posix_fadvise(
	int fd,
	off_t offset,
	@@ -2949,7 +2950,7 @@
	int advice
	);
	}
	-532 AUE_WAIT6 STD {
	+532 AUE_WAIT6 STD\|SYSFIL_WAIT {
	int wait6(
	idtype_t idtype,
	id_t id,
	@@ -2959,39 +2960,39 @@
	_Out_opt_ _Contains_long_ptr_ struct siginfo *info
	);
	}
	-533 AUE_CAP_RIGHTS_LIMIT STD\|CAPENABLED {
	+533 AUE_CAP_RIGHTS_LIMIT STD\|SYSFIL_CAPCOMPAT\|CAPENABLED {
	int cap_rights_limit(
	int fd,
	_In_ cap_rights_t *rightsp
	);
	}
	-534 AUE_CAP_IOCTLS_LIMIT STD\|CAPENABLED {
	+534 AUE_CAP_IOCTLS_LIMIT STD\|SYSFIL_CAPCOMPAT\|CAPENABLED {
	int cap_ioctls_limit(
	int fd,
	_In_reads_(ncmds) const u_long *cmds,
	size_t ncmds
	);
	}
	-535 AUE_CAP_IOCTLS_GET STD\|CAPENABLED {
	+535 AUE_CAP_IOCTLS_GET STD\|SYSFIL_CAPCOMPAT\|CAPENABLED {
	ssize_t cap_ioctls_get(
	int fd,
	_Out_writes_(maxcmds) u_long *cmds,
	size_t maxcmds
	);
	}
	-536 AUE_CAP_FCNTLS_LIMIT STD\|CAPENABLED {
	+536 AUE_CAP_FCNTLS_LIMIT STD\|SYSFIL_CAPCOMPAT\|CAPENABLED {
	int cap_fcntls_limit(
	int fd,
	uint32_t fcntlrights
	);
	}
	-537 AUE_CAP_FCNTLS_GET STD\|CAPENABLED {
	+537 AUE_CAP_FCNTLS_GET STD\|SYSFIL_CAPCOMPAT\|CAPENABLED {
	int cap_fcntls_get(
	int fd,
	_Out_ uint32_t *fcntlrightsp
	);
	}
	-538 AUE_BINDAT STD\|CAPENABLED {
	+538 AUE_BINDAT STD\|SYSFIL_SOCK\|CAPENABLED {
	int bindat(
	int fd,
	int s,
	@@ -2999,7 +3000,7 @@
	__socklen_t namelen
	);
	}
	-539 AUE_CONNECTAT STD\|CAPENABLED {
	+539 AUE_CONNECTAT STD\|SYSFIL_SOCK\|CAPENABLED {
	int connectat(
	int fd,
	int s,
	@@ -3007,7 +3008,7 @@
	__socklen_t namelen
	);
	}
	-540 AUE_CHFLAGSAT STD\|CAPENABLED {
	+540 AUE_CHFLAGSAT STD\|SYSFIL_PATH\|SYSFIL_FATTR\|CAPENABLED {
	int chflagsat(
	int fd,
	_In_z_ const char *path,
	@@ -3015,7 +3016,7 @@
	int atflag
	);
	}
	-541 AUE_ACCEPT STD\|CAPENABLED {
	+541 AUE_ACCEPT STD\|SYSFIL_FDESC\|SYSFIL_SOCK\|CAPENABLED {
	int accept4(
	int s,
	_Out_writes_bytes_opt_(anamelen) struct sockaddr name,
	@@ -3023,18 +3024,18 @@
	int flags
	);
	}
	-542 AUE_PIPE STD\|CAPENABLED {
	+542 AUE_PIPE STD\|SYSFIL_FDESC\|CAPENABLED {
	int pipe2(
	_Out_writes_(2) int *fildes,
	int flags
	);
	}
	-543 AUE_AIO_MLOCK STD {
	+543 AUE_AIO_MLOCK STD\|SYSFIL_AIO\|SYSFIL_MLOCK {
	int aio_mlock(
	_In_ _Contains_long_ptr_ struct aiocb *aiocbp
	);
	}
	-544 AUE_PROCCTL STD {
	+544 AUE_PROCCTL STD\|SYSFIL_PROCCTL {
	int procctl(
	idtype_t idtype,
	id_t id,
	@@ -3042,7 +3043,7 @@
	_In_opt_ void *data
	);
	}
	-545 AUE_POLL STD\|CAPENABLED {
	+545 AUE_POLL STD\|SYSFIL_CORE\|CAPENABLED {
	int ppoll(
	_Inout_updates_(nfds) struct pollfd *fds,
	u_int nfds,
	@@ -3050,13 +3051,13 @@
	_In_opt_ const sigset_t *set
	);
	}
	-546 AUE_FUTIMES STD\|CAPENABLED {
	+546 AUE_FUTIMES STD\|SYSFIL_FATTR\|CAPENABLED {
	int futimens(
	int fd,
	_In_reads_(2) _Contains_long_timet_ const struct timespec *times
	);
	}
	-547 AUE_FUTIMESAT STD\|CAPENABLED {
	+547 AUE_FUTIMESAT STD\|SYSFIL_PATH\|SYSFIL_FATTR\|CAPENABLED {
	int utimensat(
	int fd,
	_In_z_ const char *path,
	@@ -3066,18 +3067,18 @@
	}
	548 AUE_NULL OBSOL numa_getaffinity
	549 AUE_NULL OBSOL numa_setaffinity
	-550 AUE_FSYNC STD\|CAPENABLED {
	+550 AUE_FSYNC STD\|SYSFIL_CORE\|CAPENABLED {
	int fdatasync(
	int fd
	);
	}
	-551 AUE_FSTAT STD\|CAPENABLED {
	+551 AUE_FSTAT STD\|SYSFIL_CORE\|CAPENABLED {
	int fstat(
	int fd,
	_Out_ _Contains_long_timet_ struct stat *sb
	);
	}
	-552 AUE_FSTATAT STD\|CAPENABLED {
	+552 AUE_FSTATAT STD\|SYSFIL_RPATH\|CAPENABLED {
	int fstatat(
	int fd,
	_In_z_ const char *path,
	@@ -3085,13 +3086,13 @@
	int flag
	);
	}
	-553 AUE_FHSTAT STD {
	+553 AUE_FHSTAT STD\|SYSFIL_RPATH\|SYSFIL_FH {
	int fhstat(
	_In_ const struct fhandle *u_fhp,
	_Out_ _Contains_long_timet_ struct stat *sb
	);
	}
	-554 AUE_GETDIRENTRIES STD\|CAPENABLED {
	+554 AUE_GETDIRENTRIES STD\|SYSFIL_RPATH\|CAPENABLED {
	ssize_t getdirentries(
	int fd,
	_Out_writes_bytes_(count) char *buf,
	@@ -3099,32 +3100,32 @@
	_Out_ off_t *basep
	);
	}
	-555 AUE_STATFS STD {
	+555 AUE_STATFS STD\|SYSFIL_RPATH {
	int statfs(
	_In_z_ const char *path,
	_Out_ struct statfs *buf
	);
	}
	-556 AUE_FSTATFS STD\|CAPENABLED {
	+556 AUE_FSTATFS STD\|SYSFIL_RPATH\|CAPENABLED {
	int fstatfs(
	int fd,
	_Out_ struct statfs *buf
	);
	}
	-557 AUE_GETFSSTAT STD {
	+557 AUE_GETFSSTAT STD\|SYSFIL_RPATH {
	int getfsstat(
	_Out_writes_bytes_opt_(bufsize) struct statfs *buf,
	long bufsize,
	int mode
	);
	}
	-558 AUE_FHSTATFS STD {
	+558 AUE_FHSTATFS STD\|SYSFIL_RPATH\|SYSFIL_FH {
	int fhstatfs(
	_In_ const struct fhandle *u_fhp,
	_Out_ struct statfs *buf
	);
	}
	-559 AUE_MKNODAT STD\|CAPENABLED {
	+559 AUE_MKNODAT STD\|SYSFIL_CPATH\|CAPENABLED {
	int mknodat(
	int fd,
	_In_z_ const char *path,
	@@ -3132,7 +3133,7 @@
	dev_t dev
	);
	}
	-560 AUE_KEVENT STD\|CAPENABLED {
	+560 AUE_KEVENT STD\|SYSFIL_CORE\|CAPENABLED {
	int kevent(
	int fd,
	_In_reads_opt_(nchanges) _Contains_ptr_ const struct kevent *changelist,
	@@ -3142,7 +3143,7 @@
	_In_opt_ _Contains_long_timet_ const struct timespec *timeout
	);
	}
	-561 AUE_NULL STD\|CAPENABLED {
	+561 AUE_NULL STD\|SYSFIL_CPUSET_\|CAPENABLED {
	int cpuset_getdomain(
	cpulevel_t level,
	cpuwhich_t which,
	@@ -3152,7 +3153,7 @@
	_Out_ int *policy
	);
	}
	-562 AUE_NULL STD\|CAPENABLED {
	+562 AUE_NULL STD\|SYSFIL_CPUSET_\|CAPENABLED {
	int cpuset_setdomain(
	cpulevel_t level,
	cpuwhich_t which,
	@@ -3162,14 +3163,14 @@
	int policy
	);
	}
	-563 AUE_NULL STD\|CAPENABLED {
	+563 AUE_NULL STD\|SYSFIL_CORE\|CAPENABLED {
	int getrandom(
	_Out_writes_bytes_(buflen) void *buf,
	size_t buflen,
	unsigned int flags
	);
	}
	-564 AUE_NULL STD {
	+564 AUE_NULL STD\|SYSFIL_PATH\|SYSFIL_FH {
	int getfhat(
	int fd,
	_In_z_ char *path,
	@@ -3177,27 +3178,27 @@
	int flags
	);
	}
	-565 AUE_NULL STD {
	+565 AUE_NULL STD\|SYSFIL_CPATH\|SYSFIL_FH {
	int fhlink(
	_In_ struct fhandle *fhp,
	_In_z_ const char *to
	);
	}
	-566 AUE_NULL STD {
	+566 AUE_NULL STD\|SYSFIL_CPATH\|SYSFIL_FH {
	int fhlinkat(
	_In_ struct fhandle *fhp,
	int tofd,
	_In_z_ const char *to,
	);
	}
	-567 AUE_NULL STD {
	+567 AUE_NULL STD\|SYSFIL_RPATH\|SYSFIL_FH {
	int fhreadlink(
	_In_ struct fhandle *fhp,
	_Out_writes_(bufsize) char *buf,
	size_t bufsize
	);
	}
	-568 AUE_UNLINKAT STD\|CAPENABLED {
	+568 AUE_UNLINKAT STD\|SYSFIL_DPATH\|CAPENABLED {
	int funlinkat(
	int dfd,
	_In_z_ const char *path,
	@@ -3205,7 +3206,7 @@
	int flag
	);
	}
	-569 AUE_NULL STD\|CAPENABLED {
	+569 AUE_NULL STD\|SYSFIL_CORE\|CAPENABLED {
	ssize_t copy_file_range(
	int infd,
	_Inout_opt_ off_t *inoffp,
	@@ -3215,7 +3216,7 @@
	unsigned int flags
	);
	}
	-570 AUE_SYSCTL STD\|CAPENABLED {
	+570 AUE_SYSCTL STD\|SYSFIL_SYSINFO\|CAPENABLED {
	int __sysctlbyname(
	_In_reads_(namelen) const char *name,
	size_t namelen,
	@@ -3225,7 +3226,7 @@
	size_t newlen
	);
	}
	-571 AUE_SHMOPEN STD\|CAPENABLED {
	+571 AUE_SHMOPEN STD\|SYSFIL_FDESC\|SYSFIL_POSIXSHM_\|CAPENABLED {
	int shm_open2(
	_In_z_ const char *path,
	int flags,
	@@ -3234,20 +3235,20 @@
	_In_z_ const char *name
	);
	}
	-572 AUE_SHMRENAME STD {
	+572 AUE_SHMRENAME STD\|SYSFIL_POSIXSHM {
	int shm_rename(
	_In_z_ const char *path_from,
	_In_z_ const char *path_to,
	int flags
	);
	}
	-573 AUE_NULL STD\|CAPENABLED {
	+573 AUE_NULL STD\|SYSFIL_SIGMASK\|CAPENABLED {
	int sigfastblock(
	int cmd,
	_Inout_opt_ uint32_t *ptr
	);
	}
	-574 AUE_REALPATHAT STD {
	+574 AUE_REALPATHAT STD\|SYSFIL_PATH {
	int __realpathat(
	int fd,
	_In_z_ const char *path,
	@@ -3256,7 +3257,7 @@
	int flags
	);
	}
	-575 AUE_CLOSERANGE STD\|CAPENABLED {
	+575 AUE_CLOSERANGE STD\|SYSFIL_FDESC\|CAPENABLED {
	int close_range(
	u_int lowfd,
	u_int highfd,
	@@ -3270,24 +3271,24 @@
	_In_z_ const char *path
	);
	}
	-577 AUE_SPECIALFD STD\|CAPENABLED {
	+577 AUE_SPECIALFD STD\|SYSFIL_FDESC\|CAPENABLED {
	int __specialfd(
	int type,
	_In_reads_bytes_(len) const void *req,
	size_t len
	);
	}
	-578 AUE_AIO_WRITEV STD\|CAPENABLED {
	+578 AUE_AIO_WRITEV STD\|SYSFIL_AIO\|CAPENABLED {
	int aio_writev(
	_Inout_ _Contains_long_ptr_ struct aiocb *aiocbp
	);
	}
	-579 AUE_AIO_READV STD\|CAPENABLED {
	+579 AUE_AIO_READV STD\|SYSFIL_AIO\|CAPENABLED {
	int aio_readv(
	_Inout_ _Contains_long_ptr_ struct aiocb *aiocbp
	);
	}
	-580 AUE_FSPACECTL STD\|CAPENABLED {
	+580 AUE_FSPACECTL STD\|SYSFIL_CORE\|CAPENABLED {
	int fspacectl(
	int fd,
	int cmd,
	@@ -3296,7 +3297,7 @@
	_Out_opt_ struct spacectl_range *rmsr,
	);
	}
	-581 AUE_NULL STD\|CAPENABLED {
	+581 AUE_NULL STD\|SYSFIL_SCHED\|CAPENABLED {
	int sched_getcpu(void);
	}

	Index: sys/kern/sysv_msg.c
	===================================================================
	--- sys/kern/sysv_msg.c
	+++ sys/kern/sysv_msg.c
	@@ -301,11 +301,13 @@
	osd_free_reserved(rsv);
	sx_sunlock(&allprison_lock);

	- error = syscall_helper_register(msg_syscalls, SY_THR_STATIC_KLD);
	+ error = syscall_helper_register(msg_syscalls,
	+ SY_THR_STATIC_KLD \| SY_HLP_PRESERVE_SYFLAGS);
	if (error != 0)
	return (error);
	#ifdef COMPAT_FREEBSD32
	- error = syscall32_helper_register(msg32_syscalls, SY_THR_STATIC_KLD);
	+ error = syscall32_helper_register(msg32_syscalls,
	+ SY_THR_STATIC_KLD \| SY_HLP_PRESERVE_SYFLAGS);
	if (error != 0)
	return (error);
	#endif
	Index: sys/kern/sysv_sem.c
	===================================================================
	--- sys/kern/sysv_sem.c
	+++ sys/kern/sysv_sem.c
	@@ -332,11 +332,13 @@
	osd_free_reserved(rsv);
	sx_sunlock(&allprison_lock);

	- error = syscall_helper_register(sem_syscalls, SY_THR_STATIC_KLD);
	+ error = syscall_helper_register(sem_syscalls,
	+ SY_THR_STATIC_KLD \| SY_HLP_PRESERVE_SYFLAGS);
	if (error != 0)
	return (error);
	#ifdef COMPAT_FREEBSD32
	- error = syscall32_helper_register(sem32_syscalls, SY_THR_STATIC_KLD);
	+ error = syscall32_helper_register(sem32_syscalls,
	+ SY_THR_STATIC_KLD \| SY_HLP_PRESERVE_SYFLAGS);
	if (error != 0)
	return (error);
	#endif
	Index: sys/kern/sysv_shm.c
	===================================================================
	--- sys/kern/sysv_shm.c
	+++ sys/kern/sysv_shm.c
	@@ -990,11 +990,13 @@
	osd_free_reserved(rsv);
	sx_sunlock(&allprison_lock);

	- error = syscall_helper_register(shm_syscalls, SY_THR_STATIC_KLD);
	+ error = syscall_helper_register(shm_syscalls,
	+ SY_THR_STATIC_KLD \| SY_HLP_PRESERVE_SYFLAGS);
	if (error != 0)
	return (error);
	#ifdef COMPAT_FREEBSD32
	- error = syscall32_helper_register(shm32_syscalls, SY_THR_STATIC_KLD);
	+ error = syscall32_helper_register(shm32_syscalls,
	+ SY_THR_STATIC_KLD \| SY_HLP_PRESERVE_SYFLAGS);
	if (error != 0)
	return (error);
	#endif
	Index: sys/kern/uipc_mqueue.c
	===================================================================
	--- sys/kern/uipc_mqueue.c
	+++ sys/kern/uipc_mqueue.c
	@@ -2889,11 +2889,13 @@
	{
	int error;

	- error = syscall_helper_register(mq_syscalls, SY_THR_STATIC_KLD);
	+ error = syscall_helper_register(mq_syscalls,
	+ SY_THR_STATIC_KLD \| SY_HLP_PRESERVE_SYFLAGS);
	if (error != 0)
	return (error);
	#ifdef COMPAT_FREEBSD32
	- error = syscall32_helper_register(mq32_syscalls, SY_THR_STATIC_KLD);
	+ error = syscall32_helper_register(mq32_syscalls,
	+ SY_THR_STATIC_KLD \| SY_HLP_PRESERVE_SYFLAGS);
	if (error != 0)
	return (error);
	#endif
	Index: sys/kern/uipc_sem.c
	===================================================================
	--- sys/kern/uipc_sem.c
	+++ sys/kern/uipc_sem.c
	@@ -1038,11 +1038,13 @@
	p31b_setcfg(CTL_P1003_1B_SEM_NSEMS_MAX, SEM_MAX);
	p31b_setcfg(CTL_P1003_1B_SEM_VALUE_MAX, SEM_VALUE_MAX);

	- error = syscall_helper_register(ksem_syscalls, SY_THR_STATIC_KLD);
	+ error = syscall_helper_register(ksem_syscalls,
	+ SY_THR_STATIC_KLD \| SY_HLP_PRESERVE_SYFLAGS);
	if (error)
	return (error);
	#ifdef COMPAT_FREEBSD32
	- error = syscall32_helper_register(ksem32_syscalls, SY_THR_STATIC_KLD);
	+ error = syscall32_helper_register(ksem32_syscalls,
	+ SY_THR_STATIC_KLD \| SY_HLP_PRESERVE_SYFLAGS);
	if (error)
	return (error);
	#endif
	Index: sys/kern/vfs_cache.c
	===================================================================
	--- sys/kern/vfs_cache.c
	+++ sys/kern/vfs_cache.c
	@@ -4245,6 +4245,10 @@
	cache_fpl_aborted_early(fpl);
	return (false);
	}
	+ if (CRED_IN_VFS_VEILED_MODE(cnp->cn_cred)) {
	+ cache_fpl_aborted_early(fpl);
	+ return (false);
	+ }
	if (AUDITING_TD(td)) {
	cache_fpl_aborted_early(fpl);
	return (false);
	Index: sys/kern/vfs_syscalls.c
	===================================================================
	--- sys/kern/vfs_syscalls.c
	+++ sys/kern/vfs_syscalls.c
	@@ -76,6 +76,7 @@
	#include <sys/jail.h>
	#include <sys/syscallsubr.h>
	#include <sys/sysctl.h>
	+#include <sys/sysfil.h>
	#ifdef KTRACE
	#include <sys/ktrace.h>
	#endif
	@@ -1164,6 +1165,8 @@
	/* Set the flags early so the finit in devfs can pick them up. */
	fp->f_flag = flags & FMASK;
	cmode = ((mode & ~pdp->pd_cmask) & ALLPERMS) & ~S_ISTXT;
	+ if (!CRED_HAS_SYSFIL(td->td_ucred, SYSFIL_FMODE_SPECIAL))
	+ cmode &= ACCESSPERMS;
	NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW \| AUDITVNODE1 \| WANTIOCTLCAPS,
	pathseg, path, fd, &rights);
	td->td_dupfd = -1; /* XXX check for fdopen */
	@@ -2869,6 +2872,8 @@
	vn_lock(vp, LK_EXCLUSIVE \| LK_RETRY);
	VATTR_NULL(&vattr);
	vattr.va_mode = mode & ALLPERMS;
	+ if (!CRED_HAS_SYSFIL(td->td_ucred, SYSFIL_FMODE_SPECIAL))
	+ vattr.va_mode &= ACCESSPERMS;
	#ifdef MAC
	error = mac_vnode_check_setmode(cred, vp, vattr.va_mode);
	if (error == 0)
	Index: sys/security/mac/mac_framework.c
	===================================================================
	--- sys/security/mac/mac_framework.c
	+++ sys/security/mac/mac_framework.c
	@@ -704,6 +704,13 @@
	if (error1 == EDEADLK \|\| error2 == EDEADLK)
	return (EDEADLK);

	+ /* Precedence for errors that should send signals. */
	+ if (error1 == ESYSFILKILL \|\| error2 == ESYSFILKILL)
	+ return (ESYSFILKILL);
	+
	+ if (error1 == ESYSFILTRAP \|\| error2 == ESYSFILTRAP)
	+ return (ESYSFILTRAP);
	+
	/* Invalid arguments should be reported where possible. */
	if (error1 == EINVAL \|\| error2 == EINVAL)
	return (EINVAL);
	Index: sys/sys/capsicum.h
	===================================================================
	--- sys/sys/capsicum.h
	+++ sys/sys/capsicum.h
	@@ -420,8 +420,6 @@

	#include <sys/systm.h>

	-#define IN_CAPABILITY_MODE(td) (((td)->td_ucred->cr_flags & CRED_FLAG_CAPMODE) != 0)
	-
	struct filedesc;
	struct filedescent;

	Index: sys/sys/errno.h
	===================================================================
	--- sys/sys/errno.h
	+++ sys/sys/errno.h
	@@ -181,10 +181,12 @@
	#define ENOTRECOVERABLE 95 /* State not recoverable */
	#define EOWNERDEAD 96 /* Previous owner died */
	#define EINTEGRITY 97 /* Integrity check failed */
	+#define ESYSFILTRAP 98
	+#define ESYSFILKILL 99
	#endif /* _POSIX_SOURCE */

	#ifndef _POSIX_SOURCE
	-#define ELAST 97 /* Must be equal largest errno */
	+#define ELAST 99 /* Must be equal largest errno */
	#endif /* _POSIX_SOURCE */

	#if defined(_KERNEL) \|\| defined(_WANT_KERNEL_ERRNO) \|\| defined(_STANDALONE)
	Index: sys/sys/proc.h
	===================================================================
	--- sys/sys/proc.h
	+++ sys/sys/proc.h
	@@ -69,6 +69,7 @@
	#endif
	#include <sys/ucontext.h>
	#include <sys/ucred.h>
	+#include <sys/sysfil.h>
	#include <sys/types.h>
	#include <sys/_domainset.h>

	@@ -855,6 +856,16 @@
	#define P_TREE_REAPER 0x00000004 /* Reaper of subtree */
	#define P_TREE_GRPEXITED 0x00000008 /* exit1() done with job ctl */

	+/*
	+ * The general notion of a process being "restricted" is used for checks that
	+ * should be done for both Capsicum and pledge().
	+ */
	+#define PROC_IN_RESTRICTED_MODE(p) CRED_IN_RESTRICTED_MODE((p)->p_ucred)
	+#define PROC_IN_CAPABILITY_MODE(p) CRED_IN_CAPABILITY_MODE((p)->p_ucred)
	+
	+#define IN_RESTRICTED_MODE(td) CRED_IN_RESTRICTED_MODE((td)->td_ucred)
	+#define IN_CAPABILITY_MODE(td) CRED_IN_CAPABILITY_MODE((td)->td_ucred)
	+
	/*
	* These were process status values (p_stat), now they are only used in
	* legacy conversion code.
	Index: sys/sys/signal.h
	===================================================================
	--- sys/sys/signal.h
	+++ sys/sys/signal.h
	@@ -418,6 +418,7 @@
	/* message on an empty message queue. */
	#define SI_KERNEL 0x10006
	#define SI_LWP 0x10007 /* Signal sent by thr_kill */
	+#define SI_SYSFIL 0x10008 /* Signal sent due to sysfil violation */
	#endif
	#if __BSD_VISIBLE
	#define SI_UNDEFINED 0
	Index: sys/sys/sysent.h
	===================================================================
	--- sys/sys/sysent.h
	+++ sys/sys/sysent.h
	@@ -35,6 +35,7 @@
	#define _SYS_SYSENT_H_

	#include <bsm/audit.h>
	+#include <sys/sysfil.h>

	struct rlimit;
	struct sysent;
	@@ -68,8 +69,8 @@
	sy_call_t sy_call; / implementing function */
	systrace_args_func_t sy_systrace_args_func;
	/* optional argument conversion function. */
	+ sysfilset_t sy_flags; /* Syscall filter bitmap. */
	u_int8_t sy_narg; /* number of arguments */
	- u_int8_t sy_flags; /* General flags for system calls. */
	au_event_t sy_auevent; /* audit event associated with syscall */
	u_int32_t sy_entry; /* DTrace entry ID for systrace. */
	u_int32_t sy_return; /* DTrace return ID for systrace. */
	@@ -77,9 +78,23 @@
	};

	/*
	- * A system call is permitted in capability mode.
	+ * NOTE: The sysfils bitmap in sy_flags is bitwise inverted from what one would
	+ * probably expect. The UNSET bits represent the sysfils that are required for
	+ * a process to perform the syscall (while the set bits are sysfils that do not
	+ * influence the decision).
	+ *
	+ * This is to maintain the meaning of literal flags values passed to
	+ * SYSCALL_INIT_HELPER_F() and the meaning of flags values in pre-generated
	+ * syscall tables. For this to work, SYF_CAPENABLED must match the value of
	+ * SYSFIL_NOTCAPMODE.
	*/
	-#define SYF_CAPENABLED 0x00000001
	+
	+#define SYF_CAPENABLED 1 /* permitted in capability mode */
	+#define SYF_SYSFILS(sfs) ~(sfs) /* other required sysfils */
	+
	+#ifdef _KERNEL
	+_Static_assert(SYF_CAPENABLED == SYSFIL_NOTCAPMODE, "");
	+#endif

	#define SY_THR_FLAGMASK 0x7
	#define SY_THR_STATIC 0x1
	@@ -300,6 +315,9 @@
	.syscall_no = NO_SYSCALL \
	}

	+#define SY_HLP_STATIC SY_THR_STATIC
	+#define SY_HLP_PRESERVE_SYFLAGS 0x10000
	+
	int syscall_module_handler(struct module mod, int what, void arg);
	int syscall_helper_register(struct syscall_helper_data *sd, int flags);
	int syscall_helper_unregister(struct syscall_helper_data *sd);
	Index: sys/sys/sysfil.h
	===================================================================
	--- /dev/null
	+++ sys/sys/sysfil.h
	@@ -0,0 +1,124 @@
	+#ifndef _SYS_SYSFIL_H_
	+#define _SYS_SYSFIL_H_
	+
	+#ifdef _KERNEL
	+#include <sys/types.h>
	+#else
	+#include <sys/stdint.h>
	+#endif
	+
	+/*
	+ * Some kernel functionality requires certain sysfil bits to be enabled in the
	+ * process' ucred. Most notably, each syscall has a set of required sysfils.
	+ * Note that sysfils do not ever grant any privileges by themselves. They are
	+ * merely a pre-requirement.
	+ */
	+
	+typedef uint64_t sysfilset_t;
	+
	+#define SYSFIL_NONE ((sysfilset_t)0)
	+#define SYSFIL_IDX(i) ((sysfilset_t)1 << (i))
	+#define SYSFIL_FULL ((sysfilset_t)-1)
	+
	+/*
	+ * The Capsicum sysfil must come first. See comments in sysent.h about
	+ * SYF_CAPENABLED. For a process, this sysfil bit represents the state of NOT
	+ * being in capability mode. This is because sysfils generally increase a
	+ * process' permissions, while capability mode decreases it.
	+ */
	+#define SYSFIL_NOTCAPMODE SYSFIL_IDX(0) /* NOT in capability mode */
	+
	+#define SYSFIL_CORE SYSFIL_IDX(1) /* essentials and generic I/O */
	+#define SYSFIL_MMAN SYSFIL_IDX(2) /* memory management */
	+#define SYSFIL_FDESC SYSFIL_IDX(3) /* file descriptor management */
	+#define SYSFIL_CLOCK SYSFIL_IDX(4) /* read system clocks */
	+#define SYSFIL_TIMER SYSFIL_IDX(5) /* per-process timers usage */
	+#define SYSFIL_SIGHAND SYSFIL_IDX(6) /* change signal handlers */
	+#define SYSFIL_SIGMASK SYSFIL_IDX(7) /* signal masking */
	+#define SYSFIL_SIGWAIT SYSFIL_IDX(8) /* waiting on signals */
	+#define SYSFIL_STATUS SYSFIL_IDX(9) /* misc. info on current proc */
	+#define SYSFIL_SYSINFO SYSFIL_IDX(10) /* sysctl, misc. info syscalls */
	+#define SYSFIL_THREAD SYSFIL_IDX(11) /* thread mgmt, _umtx_op(2) */
	+#define SYSFIL_SCHED SYSFIL_IDX(12) /* inspect/change sched. params */
	+#define SYSFIL_POSIXRT SYSFIL_IDX(13) /* POSIX.1b sched/timers */
	+#define SYSFIL_FATTR SYSFIL_IDX(14) /* changing file attributes */
	+#define SYSFIL_FLOCK SYSFIL_IDX(15) /* advisory file locking */
	+#define SYSFIL_PATH SYSFIL_IDX(16) /* misc. operations with paths */
	+#define SYSFIL_RPATH SYSFIL_IDX(17) /* reading at paths */
	+#define SYSFIL_WPATH SYSFIL_IDX(18) /* writing at paths */
	+#define SYSFIL_CPATH SYSFIL_IDX(19) /* creating paths */
	+#define SYSFIL_DPATH SYSFIL_IDX(20) /* deleting paths*/
	+#define SYSFIL_SOCKIO SYSFIL_IDX(21) /* sendmsg/recvmsg, sockopts */
	+#define SYSFIL_SOCK SYSFIL_IDX(22) /* misc. socket operations */
	+#define SYSFIL_TTY SYSFIL_IDX(23) /* revoke(2)/posix_openpt(2) */
	+#define SYSFIL_WAIT SYSFIL_IDX(24) /* child process wait/status */
	+#define SYSFIL_FORK SYSFIL_IDX(25) /* forking, pgrps, sessions */
	+#define SYSFIL_EXEC SYSFIL_IDX(26) /* execve(2)/fexecve(2) */
	+#define SYSFIL_RLIMIT SYSFIL_IDX(27) /* change resource limits */
	+#define SYSFIL_GETCRED SYSFIL_IDX(28) /* inspect uid/gids/login/etc */
	+#define SYSFIL_SETCRED SYSFIL_IDX(29) /* change uid/gids/login/etc */
	+#define SYSFIL_PROCCTL SYSFIL_IDX(30) /* procctl(2)/curtainctl(2) */
	+#define SYSFIL_QUOTA SYSFIL_IDX(31) /* inspect/change quotas */
	+#define SYSFIL_FMODE_SPECIAL SYSFIL_IDX(32) /* use non-ACCESSPERMS mode bits */
	+#define SYSFIL_EXTATTR SYSFIL_IDX(33) /* inspect/modify extattrs */
	+#define SYSFIL_ACL SYSFIL_IDX(34) /* inspect/modify ACLs */
	+#define SYSFIL_MAC SYSFIL_IDX(35) /* inspect/manage MAC labels */
	+#define SYSFIL_AIO SYSFIL_IDX(36) /* aio(4) */
	+#define SYSFIL_SENDFILE SYSFIL_IDX(37) /* sendfile(2) */
	+#define SYSFIL_MLOCK SYSFIL_IDX(38) /* locking pages in memory */
	+#define SYSFIL_SYSVSHM SYSFIL_IDX(39) /* SysV shared memory */
	+#define SYSFIL_SYSVSEM SYSFIL_IDX(40) /* SysV semaphores */
	+#define SYSFIL_SYSVMSG SYSFIL_IDX(41) /* SysV message queues */
	+#define SYSFIL_POSIXSHM SYSFIL_IDX(42) /* POSIX shared memory */
	+#define SYSFIL_POSIXSEM SYSFIL_IDX(43) /* POSIX semaphores */
	+#define SYSFIL_POSIXMSG SYSFIL_IDX(44) /* POSIX message queues */
	+#define SYSFIL_FFCLOCK SYSFIL_IDX(45) /* "feed-forward clock" */
	+#define SYSFIL_CPUSET SYSFIL_IDX(46) /* cpuset(2) */
	+#define SYSFIL_CHROOT SYSFIL_IDX(47) /* chroot(2) */
	+#define SYSFIL_JAIL SYSFIL_IDX(48) /* inspect/manage jails */
	+#define SYSFIL_TRACE SYSFIL_IDX(49) /* ktrace(2)/ptrace(2) */
	+#define SYSFIL_RFORK SYSFIL_IDX(50) /* non-RFSPAWN rfork(2) */
	+#define SYSFIL_MOUNT SYSFIL_IDX(51) /* mount points management */
	+#define SYSFIL_AUDIT SYSFIL_IDX(52) /* audit(4) context/mgmt */
	+#define SYSFIL_FH SYSFIL_IDX(53) /* getfh(2) and friends */
	+#define SYSFIL_SETTIME SYSFIL_IDX(54) /* set system clock */
	+#define SYSFIL_KMOD SYSFIL_IDX(55) /* inspect/manage kernel modules */
	+#define SYSFIL__UNUSED56 SYSFIL_IDX(56)
	+#define SYSFIL__UNUSED57 SYSFIL_IDX(57)
	+#define SYSFIL__UNUSED58 SYSFIL_IDX(58)
	+#define SYSFIL__UNUSED59 SYSFIL_IDX(59)
	+#define SYSFIL__UNUSED60 SYSFIL_IDX(60)
	+#define SYSFIL__UNUSED61 SYSFIL_IDX(61)
	+#define SYSFIL__UNUSED62 SYSFIL_IDX(62)
	+#define SYSFIL_CATCHALL SYSFIL_IDX(63) /* misc. unsafe operations */
	+
	+/*
	+ * Some syscalls are assigned sysfils that may seem to be less restrictive than
	+ * they should be. These syscalls will be doing their own checking and only
	+ * allow safe operations. These aliases are used to keep track of them and
	+ * make it explicit.
	+ */
	+
	+/* Very small set of operations that should always be allowed. */
	+#define SYSFIL_ALWAYS SYSFIL_NONE
	+/* Allow to enter/check capability mode and manage file descriptor rights/limits, etc. */
	+#define SYSFIL_CAPCOMPAT SYSFIL_CORE
	+/* Can signal self, other processes depending on visibility checks */
	+#define SYSFIL_SIGSEND SYSFIL_CORE
	+/* Can do certain operations on self. */
	+#define SYSFIL_THREAD_ SYSFIL_CORE
	+#define SYSFIL_CPUSET_ SYSFIL_SCHED
	+/* Allow RFSPAWN with just SYSFIL_FORK. */
	+#define SYSFIL_RFORK_ SYSFIL_FORK
	+/* Creation of anonymous memory objects are allowed. */
	+#define SYSFIL_POSIXSHM_ SYSFIL_MMAN
	+/* Retrieving correction delta with adjtime(2) is allowed. */
	+#define SYSFIL_SETTIME_ SYSFIL_CLOCK
	+
	+
	+#define SYSFILSET_IN_RESTRICTED_MODE(sfs) (~(sfs) != 0)
	+#define SYSFILSET_IN_CAPABILITY_MODE(sfs) (((sfs) & SYSFIL_NOTCAPMODE) == 0)
	+#define SYSFILSET_IN_VFS_VEILED_MODE(sfs) (((sfs) & SYSFIL_CATCHALL) == 0)
	+#define SYSFILSET_MATCH(have, need) (((need) & ~(have)) == 0)
	+
	+#endif
	Index: sys/sys/ucred.h
	===================================================================
	--- sys/sys/ucred.h
	+++ sys/sys/ucred.h
	@@ -40,6 +40,7 @@
	#include <sys/_mutex.h>
	#endif
	#include <bsm/audit.h>
	+#include <sys/sysfil.h>

	struct loginclass;

	@@ -58,7 +59,9 @@
	*
	* See "Credential management" comment in kern_prot.c for more information.
	*/
	+
	#if defined(_KERNEL) \|\| defined(_WANT_UCRED)
	+
	struct ucred {
	struct mtx cr_mtx;
	u_int cr_ref; /* (c) reference count */
	@@ -75,16 +78,37 @@
	struct uidinfo cr_ruidinfo; / per ruid resource consumption */
	struct prison cr_prison; / jail(2) */
	struct loginclass cr_loginclass; / login class */
	- u_int cr_flags; /* credential flags */
	- void cr_pspare2[2]; / general use 2 */
	+#ifndef NOSYSFIL
	+ sysfilset_t cr_sysfilset; /* permitted sysfils */
	+#endif
	+ void cr_pspare2[2]; / general use 2 */
	#define cr_endcopy cr_label
	struct label cr_label; / MAC label */
	gid_t cr_groups; / groups */
	int cr_agroups; /* Available groups */
	gid_t cr_smallgroups[XU_NGROUPS]; /* storage for small groups */
	};
	+
	#define NOCRED ((struct ucred )0) / no credential available */
	#define FSCRED ((struct ucred )-1) / filesystem credential */
	+
	+
	+#ifdef NOSYSFIL
	+#define CRED_IN_RESTRICTED_MODE(cr) 0
	+#define CRED_IN_CAPABILITY_MODE(cr) 0
	+#define CRED_IN_VFS_VEILED_MODE(cr) 0
	+#define CRED_HAS_SYSFIL(cr, need) 1
	+#else
	+#define CRED_IN_RESTRICTED_MODE(cr) \
	+ SYSFILSET_IN_RESTRICTED_MODE((cr)->cr_sysfilset)
	+#define CRED_IN_CAPABILITY_MODE(cr) \
	+ SYSFILSET_IN_CAPABILITY_MODE((cr)->cr_sysfilset)
	+#define CRED_IN_VFS_VEILED_MODE(cr) \
	+ SYSFILSET_IN_VFS_VEILED_MODE((cr)->cr_sysfilset)
	+#define CRED_HAS_SYSFIL(cr, need) \
	+ SYSFILSET_MATCH((cr)->cr_sysfilset, need)
	+#endif
	+
	#endif /* _KERNEL \|\| _WANT_UCRED */

	/*
	Index: sys/sys/user.h
	===================================================================
	--- sys/sys/user.h
	+++ sys/sys/user.h
	@@ -112,6 +112,7 @@

	/* Flags for the process credential. */
	#define KI_CRF_CAPABILITY_MODE 0x00000001
	+#define KI_CRF_RESTRICTED_MODE 0x00000002
	/*
	* Steal a bit from ki_cr_flags to indicate that the cred had more than
	* KI_NGROUPS groups.
	Index: sys/tools/makesyscalls.lua
	===================================================================
	--- sys/tools/makesyscalls.lua
	+++ sys/tools/makesyscalls.lua
	@@ -1057,9 +1057,10 @@
	end

	process_syscall_def = function(line)
	- local sysstart, sysend, flags, funcname, sysflags
	+ local sysstart, sysend, flags, funcname, sysflags, capenabled
	local thr_flag, syscallret
	local orig = line
	+ local sysfils_list = {}
	flags = 0
	thr_flag = "SY_THR_STATIC"

	@@ -1094,10 +1095,14 @@

	-- Split flags
	for flag in allflags:gmatch("([^\|]+)") do
	- if known_flags[flag] == nil then
	- abort(1, "Unknown flag " .. flag .. " for " .. sysnum)
	+ if flag:match("^SYSFIL_") then
	+ sysfils_list[#sysfils_list + 1] = flag
	+ else
	+ if known_flags[flag] == nil then
	+ abort(1, "Unknown flag " .. flag .. " for " .. sysnum)
	+ end
	+ flags = flags \| known_flags[flag]
	end
	- flags = flags \| known_flags[flag]
	end

	if (flags & get_mask({"RESERVED", "UNIMPL"})) == 0 and sysnum == nil then
	@@ -1213,8 +1218,6 @@
	funcomment = funcname
	end

	- sysflags = "0"
	-
	-- NODEF events do not get audited
	if flags & known_flags['NODEF'] ~= 0 then
	auditev = 'AUE_NULL'
	@@ -1226,9 +1229,23 @@
	if flags & known_flags['CAPENABLED'] ~= 0 or
	config["capenabled"][funcname] ~= nil or
	config["capenabled"][stripped_name] ~= nil then
	- sysflags = "SYF_CAPENABLED"
	+ capenabled = true
	+ else
	+ capenabled = false
	end

	+ if #sysfils_list == 0 then
	+ -- Assume that syscall entries without any sysfil
	+ -- keywords should be restricted. Syscalls that
	+ -- shouldn't require any sysfils should use
	+ -- SYSFIL_ALWAYS.
	+ sysfils_list[#sysfils_list + 1] = "SYSFIL_CATCHALL"
	+ end
	+ if not capenabled then
	+ sysfils_list[#sysfils_list + 1] = "SYSFIL_NOTCAPMODE"
	+ end
	+ sysflags = "SYF_SYSFILS(" .. (table.concat(sysfils_list, " \| ")) .. ")"
	+
	local funcargs = {}
	local changes_abi = false
	if args ~= nil then
	Index: usr.bin/procstat/procstat_cred.c
	===================================================================
	--- usr.bin/procstat/procstat_cred.c
	+++ usr.bin/procstat/procstat_cred.c
	@@ -65,8 +65,9 @@
	xo_emit("{:rgid/%5d} ", kipp->ki_rgid);
	xo_emit("{:svgid/%5d} ", kipp->ki_svgid);
	xo_emit("{:umask/%5s} ", get_umask(procstat, kipp));
	- xo_emit("{:cr_flags/%s}", kipp->ki_cr_flags & CRED_FLAG_CAPMODE ?
	- "C" : "-");
	+ xo_emit("{:cr_flags/%c%c}",
	+ kipp->ki_cr_flags & KI_CRF_CAPABILITY_MODE ? 'C' : '-',
	+ kipp->ki_cr_flags & KI_CRF_RESTRICTED_MODE ? 'R' : '-');
	xo_emit("{P: }");

	groups = NULL;

File Metadata

Mime Type: text/plain
Expires: Mon, Jan 26, 11:16 AM (8 h, 53 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 28024866
Default Alt Text: D34761.diff (109 KB)

D34761.diffNo OneTemporaryActions

D34761.diffView Options

File Metadata

Event Timeline

D34761.diff
No OneTemporary
Actions

D34761.diff
View Options