any threads are created turned out to be not such a good idea.
there are stronger requirements on what has to work in a forked child
while a process is still single-threaded. so take all that stuff
back out and fix the problems with single-threaded programs that
are linked with libpthread differently, by checking if the library
has been started and doing completely different stuff if it hasn't been:
- for pthread_rwlock_timedrdlock(), just fail with EDEADLK immediately.
- for sem_wait(), the only thing that can unlock the semaphore is a
signal handler, so use sigsuspend() to wait for a signal.
- for pthread_mutex_lock_slow(), just go into an infinite loop
waiting for signals.
I also noticed that there's a "sem2" test that has never worked in its
single-threaded form. the problem there is that a signal handler tries
to take a sem_t interlock which is already held when the signal is received.
fix this too, by adding a single-threaded case for sig_trywait() that
blocks signals instead of using the userland interlock.
character area.
This is reported by MORIYAMA Masayuki <msyk _at_ mtg.biglobe.ne.jp> and
"NARUSE, Yui" <naruse _at_ airemix.com>, and fixed by MORIYAMA-san.
if the target thread is a zombie.
in all the functions that didn't do so already, verify a pthread_t before
dereferencing it (under #ifdef ERRORCHECK, since these checks are not
mandated by the standard).
clean up some debugging stuff.
call pthread__start() if it hasn't already been called. this avoids
an internal assertion from the library if these routines are used
before any threads are created and they need to sleep.
fixes PR 20256, PR 24241, PR 25722, PR 26096.
The name "hash.c" is already used in db/hash/hash.c, and having duplicated
names, aside from it being bad style, breaks the tools/nbcompat build
because it picks the wrong hash.c file. Thanks to greg for helping debug
this.
support in pam_sm_setcred()
With this and a suitably pam-aware screen locker (eg xscreensaver built
with PAM), you now get the nice Windows-style behavior of having
your tickets refreshed (and tokens, with pam_afslog) when you unlock
your screen.
when the strings get expanded we gain an _ from namespace.h. So define a
macro to point to the appropriate include file for the hash function, and
include the hash function later, from the .c file we always include. This
allows us to eliminate the hack of including namespace.h twice as well as
nbtool_config.h.
- Remove all NFS related stuff from file system specific code.
- Drop the vfs_checkexp hook and generalize it in the new nfs_check_export
function, thus removing redundancy from all file systems.
- Move all NFS export-related stuff from kern/vfs_subr.c to the new
file sys/nfs/nfs_export.c. The former was becoming large and its code
is always compiled, regardless of the build options. Using the latter,
the code is only compiled in when NFSSERVER is enabled. While doing this,
also make some functions in nfs_subs.c conditional to NFSSERVER.
- Add a new command in nfssvc(2), called NFSSVC_SETEXPORTSLIST, that takes a
path and a set of export entries. At the moment it can only clear the
exports list or append entries, one by one, but it is done in a way that
allows setting the whole set of entries atomically in the future (see the
comment in mountd_set_exports_list or in doc/TODO).
- Change mountd(8) to use the nfssvc(2) system call instead of mount(2) so
that it becomes file system agnostic. In fact, all this whole thing was
done to remove a 'XXX' block from this utility!
- Change the mount*, newfs and fsck* userland utilities to not deal with NFS
exports initialization; done internally by the kernel when initializing
the NFS support for each file system.
- Implement an interface for VFS (called VFS hooks) so that several kernel
subsystems can run arbitrary code upon receipt of specific VFS events.
At the moment, this only provides support for unmount and is used to
destroy NFS exports lists from the file systems being unmounted, though it
has room for extension.
Thanks go to yamt@, chs@, thorpej@, wrstuden@ and others for their comments
and advice in the development of this patch.
SCHED_OTHER happens to be 0, so this assignment to "int *" succeeds,
and becomes a no-op.
Fix by dereferencing "policy" to do the assignment, thus filling the
return buffer with 0.
Fixes first part of PR#31184. addrsort() was not exposed to the rest of
libc as it turns out not to be usable for getaddrinfo(), so a different
sorter will be implemented for that.
policies and enforcing them in programs.
Man-page written with much help and tips from David Maxwell, Hubert
Feyrer, and Thomas Klausner.
This bumps libutil minor to 7.
XXX: Need default policy to go in /etc/passwd.conf, and integration
into local/yp/PAM password changing code.
PR/10206.
The cause of this is that in the re-entrant case we block all signals until
we timeout. Convert this to use pollts and then grab the pending signals
and sigsuspend them.
XXX: We should really convert this to use kqueue, like FreeBSD did.
was done and that this behavior is not supposed to be portable. Filling
under the security considerations section because code not following the
guidelines given here can be "less secure".
- Merge 4.4BSD strerror.3 man page changes that summarize information
for all the error printing functions. This makes the perror(3) page
obsolete.
- Implement all error functions in terms of strerror_r(), including
__strerror() which is not used internally. Can it be removed?
- Bump version for strerror_r
XXX: All this is done backwards, and is a mess. Really the _foo.c files should
include the _foo function definition, not the foo.c files, like everywhere
else.
The current code resolves paths like `/foo/bar/', `/foo/bar/./', and
`/foo/bar/../', even if `bar' is a regular file and not a directory.
Reviewed by cube@.
system-specific values. Submitted by Chris Demetriou in Nov 1995 (!)
in PR kern/1781, modified only slighly by me.
This is enabled on a per-mount basis with the MNT_MAGICLINKS mount
flag. It can be enabled at mountroot() time by building the kernel
with the ROOTFS_MAGICLINKS option.
The following magic strings are supported by the implementation:
@machine value of MACHINE for the system
@machine_arch value of MACHINE_ARCH for the system
@hostname the system host name, as set with sethostname()
@domainname the system domain name, as set with setdomainname()
@kernel_ident the kernel config file name
@osrelease the releaes number of the OS
@ostype the name of the OS (always "NetBSD" for NetBSD)
Example usage:
mkdir /arch/i386/bin
mkdir /arch/sparc/bin
ln -s /arch/@machine_arch/bin /bin
under HAVE_NBTOOL_CONFIG_H for disktab.h as well. This means
disktab.h has to be installed in the nbinclude include directory.
(Failure mode: with TOOLDIR as a subdirectory of /usr, the host's disktab.h
got picked up, and not the in-tree copy.)
Reviewed by dyoung.
This is a workaround to make gcc's behavior consistent, since gcc can
transform:
printf("%s\n", s) -> puts(s)
fprintf(fp, "%s", s) -> fputs(s, fp)
as an optimization.
I've left the _DIAGASSERT's that make sure that s != NULL alone because we
should really still abort in a debugging environment.
- Change #ifdef VERIFIED_EXEC_VERBOSE to another verbose level, 2. Add
sysctl(3) bits.
- Simplify access type conflict handling during load. This depends on
the values of access type defines to be ordered from least to most
'strict'.
- Better organize strict level. Now we have 4 levels:
- Level 0, learning mode: Warnings only about anything that might've
resulted in 'access denied' or similar in a higher strict level.
- Level 1, IDS mode:
- Deny access on fingerprint mismatch.
- Deny modification of veriexec tables.
- Level 2, IPS mode:
- All implications of strict level 1.
- Deny write access to monitored files.
- Prevent removal of monitored files.
- Enforce access type - 'direct', 'indirect', or 'file'.
- Level 3, lockdown mode:
- All implications of strict level 2.
- Prevent creation of new files.
- Deny access to non-monitored files.
- Update sysctl(3) man-page with above. (date bumped too :)
- Remove FINGERPRINT_INDIRECT from possible fp_status values; it's no
longer needed.
- Simplify veriexec_removechk() in light of new strict level policies.
- Eliminate use of 'securelevel'; veriexec now behaves according to
its strict level only.
not correct since, as far as reading the source, it is impossible for
cgetset() to set such errno. I guess `seq' is not a typo of `set' but
abbreviation of `sequen...'.
and install ${TOOLDIR}/bin/${MACHINE_GNU_PLATFORM}-disklabel,
${TOOLDIR}/bin/${MACHINE_GNU_PLATFORM}-fdisk by "reaching over" to
the sources in ${NETBSDSRCDIR}/sbin/{disklabel fdisk}/.
To avoid clashes with a build-host's header files, especially on
*BSD, the host-tools versions of fdisk and disklabel search for
#includes such as disklabel.h, disklabel_acorn.h, disklabel_gpt.h,
and bootinfo.h in a new #includes namespace, nbinclude/. That is,
they #include <nbinclude/sys/disklabel.h>, <nbinclude/machine/disklabel.h>,
<nbinclude/sparc64/disklabel.h>, instead of <sys/disklabel.h> and
such. I have also updated the system headers to #include from
nbinclude/-space when HAVE_NBTOOL_CONFIG_H is #defined.
Provide a layer of indirection between the readline compatibility functions
and our internal implementation, so that we have the freedom to change the
function signature.
The place to change the completion_append_character is
usually somewhere in the `rl_completion_entry_function'
callback which is where one usually can distinguish between
file- or dir-like entries to append a slash for dirs etc.
This does no longer work since `fn_complete()' takes the
`append_character' as argument before the callback is executed,
so that changes to the variable `rl_completion_append_character'
have in fact no effect for the current completion.
Fix by adding a function that returns the rl_completion_append_character,
when it gets passed in a filename in readline emulation.
location so that an uninitialized `in' won't be used if net_i == BYADDR.
Detected with gcc -Wuninitialized, confirmed by diffing against BIND 4.9.11.
(The bug was introduced in rev 1.26. Hi Itojun! :)
+ the rl_callback_handler_install takes a pointer to a void function
which has one char * argument (it's called that way in the readline
emulation source, otherwise there's no way to pass the line buffer
to the function which processes the line when EOL is encountered)
+ provide a prototype for that function signature and use it
Makes the callback readline interface work now.
New features:
- Add a veriexec_report() routine to make most reporting consistent and
remove some common code.
- Add 'strict' mode that controls how veriexec behaves.
- Add sysctl knobs:
o kern.veriexec.verbose controls verbosity levels. Value: 0, 1.
o kern.veriexec.strict controls strict level. Values: 0, 1, 2. See
documentation in sysctl(3) for details.
o kern.veriexec.algorithms returns a string with a space separated
list of supported hashing algorithms in veriexec.
- Updated documentation in man pages for sysctl(3) and sysctl(8).
Bug fixes:
- veriexec_removechk(): Code cleanup + handle FINGERPRINT_NOTEVAL
correctly.
- exec_script(): Don't pass 0 as flag when executing a script; use the
defined VERIEXEC_INDIRECT - which is 1. Makes indirect execution
enforcement work.
- Fix some printing formats and types..
* add some functions:
_citrus_memory_stream_bind_ptr()
_citrus_memory_stream_tell()
_citrus_memory_stream_ungetc()
_citrus_region_get_subregion()
* fix a bug in _citrus_memory_stream_seek().