Fix an issue when scripts are executed under systrace where the argv[0]
would be normalized, and hence break scripts that depend on how they were
called.
only used for syscall name <-> number translations, and the native array
is guaranteed to be superset of the former 'aout' and 'aoutm68k' arrays
this re-adds 'aoutm68k' support, and replaces change made in 1.14
g/c #include's which are no longer needed (including aout_syscalls.c), and
also add some comments for the emulations[] array
and the subsequent namei(): inform the kernel portion of
valid filenames and then disallow symlink lookups for
those filenames by means of a hook in namei().
with suggestions from provos@
also, add (currently unused) seqnr field to struct
systrace_replace, from provos@
policy has been freed. this allows us to enforce the kernel policy size
limit for users while users are still able to execute an arbitary number
of applications; the protocol change is backwards compatible.
with privilege elevation no suid or sgid binaries are necessary any
longer. Applications can be executed completely unprivileged. Systrace
raises the privileges for a single system call depending on the
configured policy.
Idea from discussions with Perry Metzger, Dug Song and Marcus Watts.
Approved by christos and thorpej.
- avoid race conditions by having seqno in ioctl
- better uid/gid tracking
- "replace" policy to replace args
- less diffs, as many of local changes were fed back to openbsd already
due to the 1st item, it was impossible for us to provide backward-compatibility
(new kernel + old bin/systrace won't work). upgrade both.
* Don't -I/sys -- that breaks cross-building. Instead, use relative
pathnames in netbsd-syscalls.c, similar to what kdump does.
* No need to explicitly CLEANFILES the generated lex/yacc results.
* No need to link against libl and liby.