daemon: Add option for output file mode
The daemon utility has always created its output file with a fixed mode
of 0600. This causes issues for log collection setups where the collector
does not run as root but instead relies on group access to the watched
daemon’s log file.
Introduce a new option that allows specifying the output file mode using
install(1)-style semantics. This enables non-root log collectors to access
the file as intended and improves compatibility with log rotation tools.
Reviewed by: kevans
MFC after: 1 week
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D54930
(cherry picked from commit a3b90a1f008365d9f62773998f89f9c872e2bed5)
diff: Improve directory loop detection
When we're done processing a directory, remove its entry from the tree
of visited inodes, ensuring that we only report a loop when we encounter
a descendant-to-ancestor link, not when we encounter a cousin-to-cousin
or sibling-to-sibling link.
MFC after: 1 week
Reported by: Bakul Shah <bakul at iitbombay.org>
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D55248
(cherry picked from commit 71569594d860a59d8362770a56d806e1d31fb946)
m4: Change defn processing order
Currently, defn pushes its arguments on the stack in order, which means
they are then processed in reverse order. POSIX does not specify what
order they are processed in, which arguably suggests that they should be
processed in the order they are listed. Push them in reverse order so
they will be processed in their original order. This matches GNU m4.
PR: 292937
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: obiwac, imp
Differential Revision: https://reviews.freebsd.org/D55116
(cherry picked from commit 25a8168f86a1222388475ce858da405e4d06c1c3)
pwd: Error out if writing to stdout failed
POSIX requires us to print a diagnostic and return a non-zero exit
code if writing to stdout failed.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D55227
(cherry picked from commit 5b398611607b0dab2f2550ef73f62d41dab6fac5)
pwd: Clean up and adopt POSIX semantics
According to POSIX, the default should be -L. Based on code history,
whoever first wrote BSD pwd(1) could not figure out how to implement
-L and therefore made -P the default (and only) option. Support for -L
was later added, but the default was never changed.
Clean up the code, make -L the default, and rewrite getcwd_logical() to
reject paths that contain dot or dot-dot, as required by POSIX.
MFC after: 1 week
Reviewed by: olce
Differential Revision: https://reviews.freebsd.org/D55146
(cherry picked from commit 2df923c5d2d02350abc29f61b603c5b9615b225c)
install: Expect EINTR while copying
Both copy_file_range() and read() / write() in our fallback loop can be
interrupted before copying anything at all, in which case it returns -1
and sets errno to EINTR. If that happens, we should retry, not fail.
While here, drop the size argument from copy() (we always want to copy
the entire file anyway) and add test cases which exercise the metalog
and digest functionality.
PR: 293028
MFC after: 1 week
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D55168
(cherry picked from commit 0fb940fd63dd9b6d6b848421c53b1e9ac8387265)
cp: Expect EINTR while copying
Both copy_file_range() and copy_fallback() can be interrupted before
they have read anything at all, in which case they return -1 and set
errno to EINTR. If that happens, we should retry, not fail.
PR: 293028
MFC after: 1 week
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D55167
(cherry picked from commit 7aa30669d6e04444b8ad1e4863a6e674fcac4afc)
asmc: Add MacPro3,1 temperature sensor support
Test and verified with Sonicblue7
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D54952
netinet6: Return EAFNOSUPPORT for non-IPv6 addresses in mcast sockopts.
This is a non-functional change; it just returns the correct errno value
where IPv6 multicast socket options were passed non-AF_INET6 arguments,
in preparation for handling PR 193246 with a side-call into netinet as
xnu currently does.
Reviewed by: glebius
Approved by: glebius
PR: 193246 (with refinements)
Differential revision: https://reviews.freebsd.org/D55233
tr: fix class handling in unicode world
toupper/tolower logic was only handled for CCLASS_TOUPPER and
CCLASS_TOLOWER, add support for CCLASS ([:alpha:])
PR: 219900
MFC After: 1 week
kern: mac: add a prison_cleanup entry point
The MAC framework provides a lot of useful functionality that can be
configured per-jail without requiring the use of labels. Having another
entry point that we invoke just for general prison cleanup rather than
freeing the label is useful to allow a module that can otherwise work
off of a series of MAC entry points + sysctls for configuration to free
its per-jail configuration without having to bring in osd(9).
One such example in the wild is HardenedBSD's secadm, but some of my
own personal use had wanted it as well- it was simply overlooked in the
final version because my first policy made more sense with labels. On
that note, it's expected that prison_cleanup and prison_destroy_label
will effectively be mutually exclusive -- the former only used when
a label isn't needed, the latter when it is.
Note that prison_cleanup isn't perfectly symmetrical w.r.t.
prison_created: the latter takes a label as well, because it's called
later in jail setup and a better point for propagation than when the
[11 lines not shown]
HBSD: Resolve merge conflicts
This also brings us a little closer to upstream's llvm-related
Makefiles. Reintroduce the MK_LLVM_LINK_STATIC_LIBRARIES option,
defaulted to yes.
It is not advised for HardenedBSD users to set
WITHOUT_LLVM_LINK_STATIC_LIBRARIES just yet. Initial testing
demonstrated some issues with linking the right libraries. I do plan to
still move us towards supporting the src compiler toolchain being
compiled as PIEs.
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
sys/compat/freebsd32: Fix i386 compilation
The compile assertion now failing is due to the change '__int64_t' =>
'__int32_t' as the type of 'time32_t' on i386, which is the correct
value. The use of 'freebsd32.h' on i386 may seem strange, but it comes
from 'kern_umtx.c' including it unconditionally as it needs 'struct
umutex32'.
Fixes: 87632ddf67b0 ("openzfs sys/types32.h: use abi_compat.h for time32_t")
Sponsored by: The FreeBSD Foundation
sys: ELF: Rename SHN_FBSD_CACHED => SHN_FREEBSD_CACHED
All other FreeBSD-specific constants have FREEBSD fully spelled out in
their names. Be consistent.
No functional change (intended).
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55224