Each /proc/service entry must have a unique label. With cloning,
multiple RS services may have the same label. Since we are not
actually interested in inactive services (for now), eliminate those
entries, leaving only the active service which will then indeed have
a unique label in the list. This resolves a procfs crash.
Change-Id: I0de7ef8fd186ab13f3e22e46416504fd981c09aa
Previously, procfs would retrieve the rproc and rprocpub tables from
RS in two separate calls. This allowed for a race condition where the
tables could change in between the calls, resulting in a panic in
procfs under certain circumstances. RS now implements a new method
for getsysinfo that allows the retrieval of both tables at once.
Change-Id: I5ec22d25898361270c90e805a43fc6d76ad9e29d
This patch adds support for Unix98 pseudo terminals, that is,
posix_openpt(3), grantpt(3), unlockpt(3), /dev/ptmx, and /dev/pts/.
The latter is implemented with a new pseudo file system, PTYFS.
In effect, this patch adds secure support for unprivileged pseudo
terminal allocation, allowing programs such as tmux(1) to be used by
non-root users as well. Test77 has been extended with new tests, and
no longer needs to run as root.
The new functionality is optional. To revert to the old behavior,
remove the "ptyfs" entry from /etc/fstab.
Technical nodes:
o The reason for not implementing the NetBSD /dev/ptm approach is that
implementing the corresponding ioctl (TIOCPTMGET) would require
adding a number of extremely hairy exceptions to VFS, including the
PTY driver having to create new file descriptors for its own device
nodes.
o PTYFS is required for Unix98 PTYs in order to avoid that the PTY
driver has to be aware of old-style PTY naming schemes and even has
to call chmod(2) on a disk-backed file system. PTY cannot be its
own PTYFS since a character driver may currently not also be a file
system. However, PTYFS may be subsumed into a DEVFS in the future.
o The Unix98 PTY behavior differs somewhat from NetBSD's, in that
slave nodes are created on ptyfs only upon the first call to
grantpt(3). This approach obviates the need to revoke access as
part of the grantpt(3) call.
o Shutting down PTY may leave slave nodes on PTYFS, but once PTY is
restarted, these leftover slave nodes will be removed before they
create a security risk. Unmounting PTYFS will make existing PTY
slaves permanently unavailable, and absence of PTYFS will block
allocation of new Unix98 PTYs until PTYFS is (re)mounted.
Change-Id: I822b43ba32707c8815fd0f7d5bb7a438f51421c1
The stat.st_ino field must always be filled with the inode number
given as part of the fdr_stat request anyway, so libfsdriver can
simply fill in the number and allow the file system not to bother.
Change-Id: Ia7a849d0b23dfc83010df0d48fa26e4225427694
This change requires a small patch to libc, in order to avoid that
libminc has to pull in a large chunk of libc just for mktime(3).
Change-Id: I48e598b3716eff626cac461f78a41e32334e6b28
Previously, services would obtain the user ID of "service" through
getpwnam(3). While this approach is conceptually better, it also
imposes linking against libc which in turn causes problems with
printf(3), which already led to PFS no longer dropping privileges at
all. For now, we hardcode SERVICE_UID and use that instead.
In the future, two changes should allow removal of SERVICE_UID again:
- "service edit" should cause RS to request that a service (such as
PFS) drop privileges through SEF, using the user ID resolved by
service(8), or something similar;
- a future devfs should make it possible for inet to start without
root privileges altogether.
Change-Id: Ie02a1e888cde325806fc0ae76909943ac42c9b96
- Expose in procfs the service status and supported recovery policies.
- This adds a test (testrelpol.sh) to exercise the restart policies of
the system services and drivers.
NOTE:
The policy support information is temporarily hardcoded in ProcFS, but
this has to be replaced by properly retrieving this information from
RS, which should in turn be setup on a per service basis, at
initialization time.
Change-Id: I0cb1516a450355b38d0c46b1a8b3d9e841a2c029
This directory is filled dynamically with regular files, one for each
service that RS knows about, named after its label. Its contents are
still subject to (heavy) change, but currently expose the service's
endpoint and number of restarts so far.
Change-Id: Ie58c824bcb6382c8da7a714e59fee87329970b4b
- rename start_vtreefs to run_vtreefs, since the function returns upon
termination these days;
- add get_inode_slots function to retrieve the number of indexed slots;
- add support for extra per-inode data for arbitrary storage.
Change-Id: If2d365d7b478a1cecc9e20fb2b3e70c1a1cf7243
Fix for problems reported by Alejandro Hernández:
. VM unmap: handle case where there is no nextvr
Fixes for problems found by running Melkor ELF fuzzing tool:
. VM: better handle case where region prealloc fails by
freeing memory that was allocated so far
. MFS fs_readwrite: EOF check should happen for read and
peek requests, not just read
This fixes#4.
Change-Id: I2adf4eebdfb4c48a297beff0478eed5c917a53a4
- Adding missing fields for PCI device lookup
- Adding the domain (for now set to zero) as part of the slot name
Change-Id: Iebaf3b21f6ab5024738cbc1dea66d5ad3ada175d
- fix for "out of extents" panic;
- return ENOENT when a file name does not exist;
- inode count sanity check upon unmount.
Change-Id: Icb97dbaf7c8aec463438f06b341defca357094b2
iso9660fs has been cleaned up and debugged. It now supports:
* ISO 9660 Level 3,
* System Use Sharing Protocol (SUSP),
* Rock Ridge Interchange Protocol (RRIP).
The following Rock Ridge features are supported:
* POSIX file attributes (PX),
* POSIX device number (PN),
* Symbolic links (SL),
* Alternate file name (NM),
* Timestamps in 7-byte format (TF).
Change-Id: Ib227411bdda5bc10a957b27ad05fafdc95eca35f
- remove the buffer pool, inode bitmap, and inode hash table, and
simplify the code accordingly;
- use theoretically slightly more optimal buffer management;
- put the entire source in one file, instead of having many files
with one or two functions each;
- convert the code to KNF style.
Change-Id: Ib8f6f0bd99fbc6eb9098fba718e71b8e560783d9
In order to avoid creating libfsdriver exceptions, two changes to VFS
are necessary:
- the returned position field for reads/writes is no longer abused to
return the new pipe size; VFS is perfectly capable of updating the
size itself;
- during system startup, PFS is now sent a mount request, just like all
other file systems.
In proper "two steps forward, one step back" fashion, the latter point
has the consequence that PFS can no longer drop its privileges at
startup. This is probably best resolved with a more general solution
for all boot image system services. The upside is that PFS no longer
needs to be linked with libc.
Change-Id: I92e2410cdb0d93d0e6107bae10bc08efc2dbb8b3
It is currently too broken to be of any use anyway. Fixes are pending,
which is why this patch is intended to be reverted before those are
merged.
For the time being, the following tools can be used to access cdroms:
- isodir
- isoinfo
- isoread
- writeisofs
Change-Id: I681e8f1224bb464ba978f893dc18d46fa06a8208
. get rid of includes in libcompat_minix:
. move configfile.h to minix/include/
. all others are unneeded as they point to other files
. merge the .c files with libc
Change-Id: I5e840c66fb9bc484f377926aa9d66473bbd16259
. add /sbin to tests $PATH for ping
. take disable file mmap item from default boot menu
. ask for feedback in motd
. fix ext2fs on arm (the memory alloced with STATICINIT is flaky on arm)
Change-Id: I7525207074d62abc47ed3891139f6ef7ef6025be
This concerns all services, a.k.a drivers, filesystem drivers, network
(inet, lwip, uds) servers, and the system servers.
Change-Id: I626fd15c795e15af42df2d10d47fb4a703665d63
