system-specific values. Submitted by Chris Demetriou in Nov 1995 (!)
in PR kern/1781, modified only slighly by me.
This is enabled on a per-mount basis with the MNT_MAGICLINKS mount
flag. It can be enabled at mountroot() time by building the kernel
with the ROOTFS_MAGICLINKS option.
The following magic strings are supported by the implementation:
@machine value of MACHINE for the system
@machine_arch value of MACHINE_ARCH for the system
@hostname the system host name, as set with sethostname()
@domainname the system domain name, as set with setdomainname()
@kernel_ident the kernel config file name
@osrelease the releaes number of the OS
@ostype the name of the OS (always "NetBSD" for NetBSD)
Example usage:
mkdir /arch/i386/bin
mkdir /arch/sparc/bin
ln -s /arch/@machine_arch/bin /bin
under HAVE_NBTOOL_CONFIG_H for disktab.h as well. This means
disktab.h has to be installed in the nbinclude include directory.
(Failure mode: with TOOLDIR as a subdirectory of /usr, the host's disktab.h
got picked up, and not the in-tree copy.)
Reviewed by dyoung.
This is a workaround to make gcc's behavior consistent, since gcc can
transform:
printf("%s\n", s) -> puts(s)
fprintf(fp, "%s", s) -> fputs(s, fp)
as an optimization.
I've left the _DIAGASSERT's that make sure that s != NULL alone because we
should really still abort in a debugging environment.
- Change #ifdef VERIFIED_EXEC_VERBOSE to another verbose level, 2. Add
sysctl(3) bits.
- Simplify access type conflict handling during load. This depends on
the values of access type defines to be ordered from least to most
'strict'.
- Better organize strict level. Now we have 4 levels:
- Level 0, learning mode: Warnings only about anything that might've
resulted in 'access denied' or similar in a higher strict level.
- Level 1, IDS mode:
- Deny access on fingerprint mismatch.
- Deny modification of veriexec tables.
- Level 2, IPS mode:
- All implications of strict level 1.
- Deny write access to monitored files.
- Prevent removal of monitored files.
- Enforce access type - 'direct', 'indirect', or 'file'.
- Level 3, lockdown mode:
- All implications of strict level 2.
- Prevent creation of new files.
- Deny access to non-monitored files.
- Update sysctl(3) man-page with above. (date bumped too :)
- Remove FINGERPRINT_INDIRECT from possible fp_status values; it's no
longer needed.
- Simplify veriexec_removechk() in light of new strict level policies.
- Eliminate use of 'securelevel'; veriexec now behaves according to
its strict level only.
not correct since, as far as reading the source, it is impossible for
cgetset() to set such errno. I guess `seq' is not a typo of `set' but
abbreviation of `sequen...'.
and install ${TOOLDIR}/bin/${MACHINE_GNU_PLATFORM}-disklabel,
${TOOLDIR}/bin/${MACHINE_GNU_PLATFORM}-fdisk by "reaching over" to
the sources in ${NETBSDSRCDIR}/sbin/{disklabel fdisk}/.
To avoid clashes with a build-host's header files, especially on
*BSD, the host-tools versions of fdisk and disklabel search for
#includes such as disklabel.h, disklabel_acorn.h, disklabel_gpt.h,
and bootinfo.h in a new #includes namespace, nbinclude/. That is,
they #include <nbinclude/sys/disklabel.h>, <nbinclude/machine/disklabel.h>,
<nbinclude/sparc64/disklabel.h>, instead of <sys/disklabel.h> and
such. I have also updated the system headers to #include from
nbinclude/-space when HAVE_NBTOOL_CONFIG_H is #defined.
Provide a layer of indirection between the readline compatibility functions
and our internal implementation, so that we have the freedom to change the
function signature.
The place to change the completion_append_character is
usually somewhere in the `rl_completion_entry_function'
callback which is where one usually can distinguish between
file- or dir-like entries to append a slash for dirs etc.
This does no longer work since `fn_complete()' takes the
`append_character' as argument before the callback is executed,
so that changes to the variable `rl_completion_append_character'
have in fact no effect for the current completion.
Fix by adding a function that returns the rl_completion_append_character,
when it gets passed in a filename in readline emulation.
simonb