Commit Graph

24 Commits

Author SHA1 Message Date
soren
236006d5dc Remove extraneous \n's in {err,warn}{,x} that used to be printfs. 2002-08-08 13:24:12 +00:00
itojun
95c7243aec more effort to make it compile on platforms w/o linux emul 2002-08-02 14:29:34 +00:00
itojun
71a4240254 aenable linux systrace only on platforms that support it.
noted by hannken@eis.cs.tu-bs.de
2002-08-01 08:47:03 +00:00
itojun
2b8709b902 backout previous. mandoc(4) lies. 2002-07-31 00:28:02 +00:00
itojun
822deb809a .Bd -offset does not take numeric arg, but string. 2002-07-31 00:26:56 +00:00
jdolecek
bdd538626a re-apply part of rev. 1.4 - Explain why you would use this.
contrary to rev. 1.4, keep 'The options are as follows' sentence, since
this seems to be used more on system manpages
2002-07-30 21:58:25 +00:00
jdolecek
e9b2b4b074 re-apply changes in rev. 1.3 - Slight changes to the English. 2002-07-30 21:43:26 +00:00
wiz
93aef72209 Sort sections, Sh -> Ss in one place. 2002-07-30 17:06:58 +00:00
itojun
4f0c9c76b6 sync up with latest openbsd systrace.
- avoid race conditions by having seqno in ioctl
- better uid/gid tracking
- "replace" policy to replace args
- less diffs, as many of local changes were fed back to openbsd already

due to the 1st item, it was impossible for us to provide backward-compatibility
(new kernel + old bin/systrace won't work).  upgrade both.
2002-07-30 16:29:28 +00:00
soren
8f6326d364 A local copy of <sys/tree.h> is unnecessary. 2002-07-30 06:09:56 +00:00
atatat
11bb544ec0 Mostly just a rewrite of intercept_run() so the arrangement of "child"
process and "parent" process is more conducive to policy generation.
Previously, tracing of a given program worked something like this:

	fork()
	if (child)
		execprogram()
	else
		dotracing()

That means that if you "systrace -a named", named would fork and
background itself, but you would never get your prompt back because
systrace didn't exit.  Now it works like this:

	fork()
	if (interactive)
		if (child)
			execprogram()
		else
			dotracing()
	else
		if (parent)
			execprogram()
		else
			fork()
			if (parent)
				exit(0)
			setsid()
			dotracing()

This makes it *much* easier to do automated policy generation for
tasks run from rc.d.  Or, for that matter, makes it much easier to use
systrace with tasks run from rc.d.
2002-07-03 22:54:38 +00:00
wiz
716daf6160 Sort sections. 2002-06-26 15:29:43 +00:00
gmcgarry
28272e6493 Explain why you would use this. Reword a little and add some history. 2002-06-26 06:50:14 +00:00
agc
1e4714b470 Slight changes to the English. 2002-06-20 10:07:42 +00:00
thorpej
2265b1ff78 Fix warnings on Alpha: Cast to intptr_t to extract ints stored in void *'s,
and pull in proper prototypes.
2002-06-18 21:22:45 +00:00
thorpej
44e317ae3d Do the previous slightly differently. 2002-06-18 21:21:17 +00:00
thorpej
2623bb99b9 Add an extra cast to size_t when extracting an int stored in a void *.
(XXX Gross.)
2002-06-18 21:19:59 +00:00
itojun
3196ec98ba need ${.CURDIR} for linux_syscalls.c include 2002-06-18 09:52:04 +00:00
thorpej
4192e0aa5a Fix an include snafu pointed out by Matt Thomas. 2002-06-18 02:55:19 +00:00
thorpej
873bb550a0 Some const poisoning. 2002-06-18 02:49:08 +00:00
thorpej
0e0062e921 * Use CPPFLAGS for preprocessor flags, not CFLAGS.
* Don't -I/sys -- that breaks cross-building.  Instead, use relative
  pathnames in netbsd-syscalls.c, similar to what kdump does.
* No need to explicitly CLEANFILES the generated lex/yacc results.
* No need to link against libl and liby.
2002-06-18 01:37:12 +00:00
thorpej
5a040ec813 The SYSTR_CLONE ioctl is gone, so don't use it. (The kernel clones
the systrace communication channel as needed.)
2002-06-18 01:25:04 +00:00
wiz
b70e67425c No .Pp before .Sh, drop trailing space, sort sections. 2002-06-17 17:06:08 +00:00
christos
5039a9e5ee Add userland portion of systrace. 2002-06-17 16:29:07 +00:00