- Merge 4.4BSD strerror.3 man page changes that summarize information
for all the error printing functions. This makes the perror(3) page
obsolete.
- Implement all error functions in terms of strerror_r(), including
__strerror() which is not used internally. Can it be removed?
- Bump version for strerror_r
XXX: All this is done backwards, and is a mess. Really the _foo.c files should
include the _foo function definition, not the foo.c files, like everywhere
else.
The current code resolves paths like `/foo/bar/', `/foo/bar/./', and
`/foo/bar/../', even if `bar' is a regular file and not a directory.
Reviewed by cube@.
system-specific values. Submitted by Chris Demetriou in Nov 1995 (!)
in PR kern/1781, modified only slighly by me.
This is enabled on a per-mount basis with the MNT_MAGICLINKS mount
flag. It can be enabled at mountroot() time by building the kernel
with the ROOTFS_MAGICLINKS option.
The following magic strings are supported by the implementation:
@machine value of MACHINE for the system
@machine_arch value of MACHINE_ARCH for the system
@hostname the system host name, as set with sethostname()
@domainname the system domain name, as set with setdomainname()
@kernel_ident the kernel config file name
@osrelease the releaes number of the OS
@ostype the name of the OS (always "NetBSD" for NetBSD)
Example usage:
mkdir /arch/i386/bin
mkdir /arch/sparc/bin
ln -s /arch/@machine_arch/bin /bin
under HAVE_NBTOOL_CONFIG_H for disktab.h as well. This means
disktab.h has to be installed in the nbinclude include directory.
(Failure mode: with TOOLDIR as a subdirectory of /usr, the host's disktab.h
got picked up, and not the in-tree copy.)
Reviewed by dyoung.
This is a workaround to make gcc's behavior consistent, since gcc can
transform:
printf("%s\n", s) -> puts(s)
fprintf(fp, "%s", s) -> fputs(s, fp)
as an optimization.
I've left the _DIAGASSERT's that make sure that s != NULL alone because we
should really still abort in a debugging environment.
- Change #ifdef VERIFIED_EXEC_VERBOSE to another verbose level, 2. Add
sysctl(3) bits.
- Simplify access type conflict handling during load. This depends on
the values of access type defines to be ordered from least to most
'strict'.
- Better organize strict level. Now we have 4 levels:
- Level 0, learning mode: Warnings only about anything that might've
resulted in 'access denied' or similar in a higher strict level.
- Level 1, IDS mode:
- Deny access on fingerprint mismatch.
- Deny modification of veriexec tables.
- Level 2, IPS mode:
- All implications of strict level 1.
- Deny write access to monitored files.
- Prevent removal of monitored files.
- Enforce access type - 'direct', 'indirect', or 'file'.
- Level 3, lockdown mode:
- All implications of strict level 2.
- Prevent creation of new files.
- Deny access to non-monitored files.
- Update sysctl(3) man-page with above. (date bumped too :)
- Remove FINGERPRINT_INDIRECT from possible fp_status values; it's no
longer needed.
- Simplify veriexec_removechk() in light of new strict level policies.
- Eliminate use of 'securelevel'; veriexec now behaves according to
its strict level only.
not correct since, as far as reading the source, it is impossible for
cgetset() to set such errno. I guess `seq' is not a typo of `set' but
abbreviation of `sequen...'.
and install ${TOOLDIR}/bin/${MACHINE_GNU_PLATFORM}-disklabel,
${TOOLDIR}/bin/${MACHINE_GNU_PLATFORM}-fdisk by "reaching over" to
the sources in ${NETBSDSRCDIR}/sbin/{disklabel fdisk}/.
To avoid clashes with a build-host's header files, especially on
*BSD, the host-tools versions of fdisk and disklabel search for
#includes such as disklabel.h, disklabel_acorn.h, disklabel_gpt.h,
and bootinfo.h in a new #includes namespace, nbinclude/. That is,
they #include <nbinclude/sys/disklabel.h>, <nbinclude/machine/disklabel.h>,
<nbinclude/sparc64/disklabel.h>, instead of <sys/disklabel.h> and
such. I have also updated the system headers to #include from
nbinclude/-space when HAVE_NBTOOL_CONFIG_H is #defined.
location so that an uninitialized `in' won't be used if net_i == BYADDR.
Detected with gcc -Wuninitialized, confirmed by diffing against BIND 4.9.11.
(The bug was introduced in rev 1.26. Hi Itojun! :)
New features:
- Add a veriexec_report() routine to make most reporting consistent and
remove some common code.
- Add 'strict' mode that controls how veriexec behaves.
- Add sysctl knobs:
o kern.veriexec.verbose controls verbosity levels. Value: 0, 1.
o kern.veriexec.strict controls strict level. Values: 0, 1, 2. See
documentation in sysctl(3) for details.
o kern.veriexec.algorithms returns a string with a space separated
list of supported hashing algorithms in veriexec.
- Updated documentation in man pages for sysctl(3) and sysctl(8).
Bug fixes:
- veriexec_removechk(): Code cleanup + handle FINGERPRINT_NOTEVAL
correctly.
- exec_script(): Don't pass 0 as flag when executing a script; use the
defined VERIEXEC_INDIRECT - which is 1. Makes indirect execution
enforcement work.
- Fix some printing formats and types..
* add some functions:
_citrus_memory_stream_bind_ptr()
_citrus_memory_stream_tell()
_citrus_memory_stream_ungetc()
_citrus_region_get_subregion()
* fix a bug in _citrus_memory_stream_seek().
Return the correct result. (broken in rev 1.56 -- Hi Christos!)
getgr{ent,nam,uid}_r():
Return 0 "entry not found" and errno for other failures.
("entry not found" still sets *result to NULL).
Various backends:
don't set the retval to errno (or modify errno) for NS_NOTFOUND.
Per discussion with Klaus Klein.
Return 0 "entry not found" and errno for other failures.
("entry not found" still sets *result to NULL).
Various backends:
don't set the retval to errno (or modify errno) for NS_NOTFOUND.
Per discussion with Klaus Klein.
conversion to construct a quiet NaN on hppa, mips, sh3, and sh5 as well.
Also, remove the portion constructing a ROP on vax; this is not required
by the standard, and in its consequences it is not an appropriate
substitute for a qNaN.
distinction between signalling NaNs and quiet NaNs back into the
machine-dependent headers; treat the implementation of __nanf in the
same spirit.
IEEE 754 leaves the distinction between signalling NaNs and quiet NANs
to the implementation, and unlike our headers used to suggest they're
not identical in the interpretation of the fraction's MSb; in due
course, make those of hppa, mips, sh3, and sh5 reflect reality.
as target for a bunch of MLINKS. This had the effect that whatever came
last in install overwrote everything from the other camp.
Solve this by renaming the libc page -- this makes sense because no
function is really named "getcap" here.
causes lint to complain because it sees both struct statvfs and struct
_statvfs. Fix by changing the macro to have arguments.
XXX[1]: Probably this should be done for the rest of the functions that have
the same names as struct tags.
XXX[2]: Is there a better way?
