>here is a diff that will cause systrace to periodically save policies
>that have been modified. Useful if you run systrace on an xterm and
>kill it accidently. Or other applications like opera that are long
>running and can cause weird crashes.
for TARGET_CHAR when building mksyntax. This isn't perfect, but
it lets the host tool work on non-BSD systems without completely
redoing how sh is built.
be changed in the future to "yes".
If MKDYNAMICROOT == "no", there is no change from existing behaviour
of a static /bin and /sbin (and a few programs in elsewhere).
If MKDYNAMICROOT == "yes", the following changes occur:
in <bsd.own.mk>:
SHLIBDIR?= /lib
SHLINKDIR?= /lib
in various Makefiles, the following entry is DISABLED.
LDSTATIC?=-static
This results in all programs (except those "standalone" programs built
in sys/arch/*/stand) are linked dynamically, the shared linker is moved
from /usr/libexec to /lib (with a compat symlink), and the shared
libraries used by /bin and /sbin programs are moved from /usr/lib to
/lib (with compat symlinks).
- avoid race conditions by having seqno in ioctl
- better uid/gid tracking
- "replace" policy to replace args
- less diffs, as many of local changes were fed back to openbsd already
due to the 1st item, it was impossible for us to provide backward-compatibility
(new kernel + old bin/systrace won't work). upgrade both.
IEEE 1003.1-2001 (where applicable) and other systems, by follwoing symlinks
on the command line and changing their targets' modes/ownership/flags, rather
than ignoring them.
This fixes PR standards/563 (at last).
process and "parent" process is more conducive to policy generation.
Previously, tracing of a given program worked something like this:
fork()
if (child)
execprogram()
else
dotracing()
That means that if you "systrace -a named", named would fork and
background itself, but you would never get your prompt back because
systrace didn't exit. Now it works like this:
fork()
if (interactive)
if (child)
execprogram()
else
dotracing()
else
if (parent)
execprogram()
else
fork()
if (parent)
exit(0)
setsid()
dotracing()
This makes it *much* easier to do automated policy generation for
tasks run from rc.d. Or, for that matter, makes it much easier to use
systrace with tasks run from rc.d.
isn't addressed with a negative offset when back at the top of the tree.
This caused pax -M on sparc64 to generate corrupt tar files.
Problem found by Tim Goodwin <tjg@star.le.ac.uk> in [bin/17412].
* Don't -I/sys -- that breaks cross-building. Instead, use relative
pathnames in netbsd-syscalls.c, similar to what kdump does.
* No need to explicitly CLEANFILES the generated lex/yacc results.
* No need to link against libl and liby.
itojun