hw.disknames. This can only happen due to a failure or user error.
In either case, silent failure makes it hard to discover and debug.
Now it will be easy to spot in the daily mail.
ok rob, schwarze
- Start with a full page of struct region_info's
- Save an mprotect in the init code: allocate 3 pages with none and
make the middle page r/w instead of a r/w allocation and two calls to make the
guard pages none
The existing example was written over a decade ago, when carp(4) was
not supporting carpdemote and did not track it's interfaces link state itself.
OK jmc@, rob@
but at that time ffs function calls were generated instead of the
compiler inlining the code. Now that ffs is marked protected in
libc this is handled better. Thanks to kshe who prompted me to
look at this again.
dance, mark it protected. This works better for both gcc and clang: gcc
blocks overriding of internal calls, while clang permits inlining again.
ok otto@
- change -a, -o to &&, || inside [[]]
- remove unecessary quoting inside [[]]
- remove X"" constructs inside [[]]
- remove \ (line continuation) in case of &&, || and pipes
- replace backticks with $()
discussed with and OK aja@
OK tb
pledge for a new execve image immediately upon start. Also introduces
"error" which makes violations return -1 ENOSYS instead of killing the
program ("error" may not be handed to a setuid/setgid program, which
may be missing/ignoring syscall return values and would continue with
inconsistant state)
Discussion with many
florian has used this to improve the strictness of a daemon
PF ruleset. This is not a complete block on _pbuild being able to communicate
(e.g. non-TCP/UDP protocols don't have a PCB with userid, so PF can't restrict
in those cases) but avoids some cases, and in particular makes it more obvious
when a port does things like download extra distfiles or dependencies
as part of the build process. Slight tweak from a diff by espie@.
to builtins like mem{set,cpy,move} and __stack_smash_handler. So, when
building with clang, instead mark those as protected visibility to get rid
of the PLT relocations. We can't take the address of them then, but that's
ok: it's a build-time error not a run-time error.
ok kettenis@
one location under /usr/share/relink.
Be more specific in src/etc/rc reorder_libs() what filesystems
need r/w remount and ensure that their mount state is restored.
Idea and positive feedback from deraadt@
OK aja@ tb@
While it is not clear (to me) why that ports ends up with corrupted
shared libs, reverting those changes fixes the issue and should allow us
to close p2k17 more smoothly.
Discussed with a bunch, ok ajacoutot@ guenther@
on the stack instead of mallocing the list and move the APIs from libpthread
to libc so that they can be used inside libc.
Note: the standard was explicitly written to permit/support this
"macro with unmatched brace" style and it's what basically everyone
else already does. We xor the info with random cookies with a
random magic to detect/trip-up overwrites.
Major bump to both libc and libpthread due to the API move.
ok mpi@
tb