Fix LOCAL_PEERCRED in 32-bit compat mode
Previously the cr_pid field would be incorrectly copied to userland, due
to a size mismatch between the structure as defined in 32-bit vs 64-bit
builds. Fix it by converting the structure before copying it to
userland.
PR: 294833
Sponsored by: ConnectWise
MFC after: 1 week
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D56675
nullfs: Clear inotify flags during reclaim
The inotify flags are copied from the lower vnode into the nullfs vnode
so that the INOTIFY() macro will invoke VOP_INOTIFY on the nullfs vnode;
this is then bypassed to the lower vnode. However, when a nullfs vnode
is reclaimed we should clear these flags, as the vnode is now doomed and
no longer forwards VOPs to the lower vnode.
Add regression tests. Remove a test in vn_inotify_revoke() which is no
longer needed after this change.
Approved by: re (cperciva)
PR: 292495
Reviewed by: kib
Reported by: Jed Laundry <jlaundry at jlaundry.com>
Fixes: f1f230439fa4 ("vfs: Initial revision of inotify")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56639
[2 lines not shown]
tests/socket_afinet: Fix the bind_connected_port test
The test verifies that a socket can bind to a local address assigned by
connect(2) to a different socket. It was however trying to bind to the
wrong address, and the check of the result was inverted, so this went
unnoticed. It also needs to set SO_REUSEADDR for this to succeed.
Approved by: re (cperciva)
Reported by: glebius
MFC after: 1 week
(cherry picked from commit d3d0466cae546254c50c80cf3e0c060bbbbba53c)
(cherry picked from commit 9e8d7d83ecfbf8b34b785d7981a29dda567d0bc6)
jail: avoid leaking jail config fds to exec.* hooks
The jail(8) command must not leave parsed configuration files open
since the file descriptors will be leaked to child processes
including the untrusted exec.start or exec.stop hooks.
While fopen() doesn't provide direct access to O_CLOEXEC, it does
provide access to FD_CLOEXEC via "e" in the mode string which
provides the desired defense in depth against leaking file descriptors
into exec.* hooks since those always execve() into a shell.
Jail configuration is potentially sensitive and some hooks execute from
within the jail context, leaving some opening for the jail to exfiltrate
information about the host environment.
(Commit message wordsmithed by kevans)
Approved by: re (cperciva)
PR: 295052
[4 lines not shown]
rtadvd(8): Honor pltime/vltime in interface declarations
Currently rtadvd ignores interface pltime/vltime specifications
unless the (static) address range is also included in the config file.
This extends the validity of a pltime and/or vltime stanza in
the config file for an interface to delegated addresses from
an upstream provider.
Approved by: re (cperciva)
Signed-off-by: tickerguy <karl at denninger.net>
PR: 288426
Reviewed by: pouria
Pull Request: https://github.com/freebsd/freebsd-src/pull/1863
(cherry picked from commit 103f9883d1ed7431c432caa6ab9c61cd4d0831d0)
(cherry picked from commit 18caefe847086a9e89812db600c852b225467090)
certctl: Unstickify (un)trusted certificates
Ever since certctl was rewritten in C, the rehash command has reingested
TRUSTDESTDIR / UNTRUSTDESTDIR in addition to TRUSTPATH / UNTRUSTPATH.
This seemed like a good idea at the time but was, in retrospect, a
mistake, as it means a (un)trusted certificate remains (un)trusted
forever (or at least until it expires) even if it is removed from
(UN)TRUSTPATH. Among other issues, it causes ports QA to fail for any
port that either installs certificates or depends on a port that does.
Although this behavior was undocumented, the change may surprise users
who have added certificates manually, so update the manual page to point
it out and add prominent warnings to the trust and untrust commands.
Approved by: re (cperciva)
PR: 290078
MFC after: 1 week
Reviewed by: kevans, bcr
Differential Revision: https://reviews.freebsd.org/D56617
[3 lines not shown]
vis.3: Try to better describe VIS_SAFE
The current text fails to draw the reader's attention to the fact that
VIS_SAFE essentially exempts certain characters from being encoded.
While here, fix some markup nits.
Approved by: re (cperciva)
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56716
(cherry picked from commit 8acc4c16c6635c3cd8871d0ee1221b62d48d71b9)
(cherry picked from commit b21f08f97ba0c1e254b55e2ac66ec6853ad281f7)
stat: fix use of devname(3)
Besides being a little hard to parse through visually, this had its own
bug of inspecting st->st_mode to determine what to pass to devname(3),
which is only correct for st_rdev.
For st_dev, you're likely to be looking at files or directories and
attempting to assess what device they're located on, so the mode is
meaningless- we just have to assume that our filesystems are on
character devices and attempt to resolve st_dev as such.
Approved by: re (cperciva)
Reviewed by: des, kib (previous version)
Differential Revision: https://reviews.freebsd.org/D56565
(cherry picked from commit 4d4acdbfc22c84081037f31cff4fb03d18373036)
stat: The devname test case requires root
[26 lines not shown]
nuageinit: only parse user_data as yaml when necessary
This fixes a regression introduced in cae280931c9e which prevents
user_data as a shell script to be used
Approved by: re (cperciva)
PR: 295062
Reported by: Ross McKelvie <ross at exitzero.uk>
MFC After: 1 day
(cherry picked from commit c316ec259011e9e22e40eaa72d834f3bfac95c28)
(cherry picked from commit 4211f280ba087c75dcd84f9b592238b2eae33af9)
