| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prevent zhm from doing some evil things while it runs (e.g., ptracing)
by implementing a basic seccomp-bpf filter. The filter still allows a
lot of potentially dangerous operations (e.g., unlink(2)), but this is
a good start.
The filter is based partly on a close reading of the zhm and libhesiod
source code and partly on empirical evidence from running zhm under
strace. I’ve run zhm with this filter for several days without
incident, but some edge cases (e.g., server failover) are still
untested.
configure decides whether or not to enable seccomp by looking for
libseccomp. By default, it treats seccomp as an enhancement and enables
it opportunistically. Builders can force seccomp to be enabled or
disabled by passing --with-seccomp or --without-seccomp, respectively,
to configure.
|
| |
|
|
|
|
|
|
| |
Generate the man pages for zwgc, zctl, zhm, and zephyrd at build time,
so they can refer to the paths actually used instead of whatever was
used on Athena in the 1980's.
|
| |
|
|
|
|
|
| |
i.e. don't keep generated or foreign stuff in our source tree.
As a side effect, this lets us use a libtool, etc. from this century
|
|
|
|
| |
wthrowe@mit.edu
|
|
|
|
|
|
|
|
|
|
| |
Rearrange what libraries get pulled in where, so dpkg-shlibdeps
doesn't whine (see a theme here?) (Also so that, say, znol, doesn't
have to link with Everything.)
This will break platforms that don't do shared-library dependencies.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Rip out support for in-tree com_err.
|
|
detailed change information.
|