Thanks for working on this, but I think pedantic compilation modes should be kept working.

I agree that the man page should be changed, but I think it can be done better.

I like it.

The code itself looks good, but something could be improved in the man page and test.

Even though it is from January, this is still a useful patch.

I found two minor issues. It looks good otherwise.

I like the idea. Apparently, the idea of the designers of setfacl was to pipe in a list of filenames from find, but this cannot handle filenames containing newlines and race conditions (such as where an untrusted user replaces a file with a symlink to a different location).

Thanks for writing missing documentation.

In D14725#309715, @cem wrote:

In D14725#309655, @jilles wrote:

I think this kind of compatibility should be provided only if necessary for old code that cannot be changed (such as third party code). If it is just to avoid churn, we should keep using the old timespecadd and timespecsub (that is, abandon this change).

I don't follow that line of argument — that compatibility means we should abandon 3-arg timespecfoo, or bringing timespecfoo into userspace. But I will bow to quorum here, which seems to be: we'd rather churn it than have compatibility.

The changes to adapt to the new API look correct to me.

This patch only affects the -d case. Failure to change owner and modes when installing regular files is fatal in any case. Perhaps the directory case should work the same way?

This seems sensible, but I found some small mistakes in the man page.

I agree that this should be based on unlinkat(), not unlink(). The new call will therefore take two file descriptors.

I agree that hash table resizing would be nicer, but this is acceptable to commit.

Hmm, it is remarkable to see this after the monotonic clock has existed for so long. Also, GNU time and mksh's keyword appear to use CLOCK_REALTIME without configurability.

This was committed by antoine as rS327473.

It looks like it will work.

getopts also allows option-arguments in the same argument as the option, like -jGAOL, or even -ejGAOL (for a jail named GAOL). Therefore, extracting the jail option out without rebuilding the arguments completely is rather hard.

It is already possible to disable swapping out kernel stacks via sysctl vm.swap_enabled (which has a wrong description) and configure it via sysctls vm.swap_idle_threshold1 and vm.swap_idle_threshold2. What is the problem you are trying to solve?

For a long time, "swapping out" a process has only made its U area (later, only the kernel stack) pageable. This is a few pages per thread. Therefore, comparing vmspace_resident_count does not seem to make much sense.

As of rS303524 (July 2016), _WITH_GETLINE is no longer checked by stdio.h. Therefore, there are two possibilities:

Looks useful.

OK for bin/sh tests and man pages.

It looks like daemon()'s chdir and close actions are performed just before returning successfully; therefore, capability mode code could also call daemon(1, 1) and perform the chdir and/or close actions after it, either open-coded or calling new function(s).

Sorry for the delay.

This will leave the calls to /usr/bin/fortune in share/skel/dot.login and share/skel/dot.profile referring to something that does not and will not exist (the port will install as /usr/local/bin/fortune).

Accepted with a minor change to the man page.

Hmm, looking again, the idea of continuing is good, but printing diagnostics without affecting the exit status is usually not POSIX-compliant. To fix this, the global variable exitstatus can be set to 1. Note that there are existing places in function.c that do this wrong (which need not be fixed for this review).

An alternative implementation would write to a temporary file, then rename onto the destination once stdin closes. This is how ksh93's >;pathname redirection works (this does not mean I think this definitely should be done like that, or that the shell is the best place to implement this feature).

Note that all my comments on the cpuset_parselist() implementation also apply to the original version in cpuset.c; therefore, they could be fixed in a separate commit.

In D10363#260440, @theraven wrote:

This probably means that we no longer need to expose _DefaultRuneLocale in the header.

Looks good except for the missing DESTDIR error check.

As a side effect, this change brings in recent updates to the man page (this is good).