Asymmetric keyrings can require key payloads to be X.509 certificates
signed by a key in a different keyring. This can be helpful for rotating
keys on a live machines for subsystems like IMA while preventing local
tampering.
Tested locally by applying the "key_or_keyring:<id>" restriction to a
keyring.
Change-Id: Ia8dcb343abc5f405d374c357d5cac3d5181d7159
Reviewed-on: https://go-review.googlesource.com/c/sys/+/178400
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
The code generator produces -0x1 for (~0) from the tipc.h C header, but this
value is unusable in Go as a uint32. Undefine and replace this value with
the appropriate constant for TIPC_WAIT_FOREVER.
Fixesgolang/go#34310
Change-Id: Ic6ab0ddd14394e15868085e2123a9a97a841bc6d
Reviewed-on: https://go-review.googlesource.com/c/sys/+/195757
Run-TryBot: Matt Layher <mdlayher@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Adds initial constants and types to use with SockaddrTIPC. For more
information on TIPC, see: http://tipc.sourceforge.net/.
Because the C struct sockaddr_tipc makes use of a union for its addr
field, I have created a wrapping layer in SockaddrTIPC that uses
an interface to determine which variant is in use.
Tests accompany this change due to the complexity of this code. There
is currently little test coverage in the Sockaddr-related code, but
perhaps this is something that could be picked up as a relatively
straightforward task for a new contributor.
Change-Id: I5033a0685cb7128d4b1a23d18aca71c202d0c0aa
Reviewed-on: https://go-review.googlesource.com/c/sys/+/187960
Run-TryBot: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Add IoctlRetInt() for ioctls that use syscall's return value
as an output parameter. Add a unit test for Linux, and the
NS_GET_ defines that it requires (see ioctl_ns(2)).
Motivation:
Currently, x/sys/unix provides a few functions to deal with ioctls.
In particular, IoctlGetInt(), which "performs an ioctl operation
which gets an integer value". It does that by passing a pointer
to an integer to a syscall and returning that integer. The value
returned from syscall is treated as success/failure flag
(0 means success, -1 means failure, and in such case errno
is used to figure out the underlying error).
It appears that there are a few ioctls in Linux and at least one
in Solaris, which do not use the above way to return an int, instead
they use the syscall's return value (in case it's not negative).
As Linux ioctl(2) man page says,
> RETURN VALUE
> Usually, on success zero is returned. A few ioctl() requests
> use the return value as an output parameter and return
> a nonnegative value on success. On error, -1 is returned,
> and errno is set appropriately.
Currently I am aware of at least 6 Linux ioctls that do that
(return the value directly):
* LOOP_CTL_* ioctls on /dev/loop-control (all 3 of them). Source: loop(4)
* NS_* ioctls (3 out of 4) on /proc/PID/ns/*. Source: ioctl_ns(2)
And one in Solaris:
* I_FIND ioctl, source: streamio(7i).
There might be some more ioctls like the ones above, but since
ioctls are scarcely documented, it is hard to say how many more.
Obviously, using IoctlGetInt() for such ioctls would be a big
mistake, as 0 will always be returned. For example, there was
a bug in Docker's pkg/loopback (moby/moby#39801).
[v6: make it linux-specific for now]
Fixesgolang/go#33966
Change-Id: Ie64f72fd84101b955ba14519a357e06a66d685d0
Reviewed-on: https://go-review.googlesource.com/c/sys/+/192780
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
The local copy of bits.OnesCount64 was added for compatibility with Go
1.8 and earlier in CL 86477. Go 1.8 is no longer supported and go.mod
requires Go 1.12, so drop the local copy and use bits.OnesCount64.
Change-Id: Ieb77f0cef5f8f206b74ca737449efdcfe1949d44
Reviewed-on: https://go-review.googlesource.com/c/sys/+/192357
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
Although CL 128110043 had deleted nacl from x/sys/unix, CL 38758
accidentially introduced its build tag in dirent.go when copying
over stdlib syscall code, which this CL removes.
Fixesgolang/go#33391.
Change-Id: Iad6fe9818e38f14548eecdc078392865a60e4685
Reviewed-on: https://go-review.googlesource.com/c/sys/+/188361
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Resolves a number of issues, except for the clen function being
unused on Linux, as that would require a larger refactor which
probably isn't strictly necessary.
$ staticcheck .
affinity_linux.go:94:8: const m3 is unused (U1000)
affinity_linux.go:95:8: const m4 is unused (U1000)
sendfile_test.go:41:2: the goroutine calls T.Fatal, which must be called in the same goroutine as the test (SA2002)
sendfile_test.go:47:6: this value of err is never used (SA4006)
syscall_linux_test.go:519:21: should use time.Since instead of time.Now().Sub (S1012)
syscall_linux_test.go:530:21: should use time.Since instead of time.Now().Sub (S1012)
syscall_test.go:66:2: this value of ts is never used (SA4006)
syscall_test.go:67:2: this value of ts is never used (SA4006)
syscall_unix.go:88:6: func clen is unused (U1000)
Change-Id: I2611b4559339cea758b5da27ea1f36fb8cc2df3f
Reviewed-on: https://go-review.googlesource.com/c/sys/+/188037
Run-TryBot: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Implement ParseDirent in x/sys/unix instead of calling
syscall.ParseDirent. The latter uses offsets into syscall.Dirent which
might not be matching unix.Dirent depending on Go version. This is e.g.
the case with of FreeBSD whose Dirent structure was updated for Go 1.12.
This fixes TestDirent and TestGetdirentries on freebsd with Go 1.11
Reverts CL 88475
Change-Id: I04318f59c6fbf148c75ce3667255a0c0428288e2
Reviewed-on: https://go-review.googlesource.com/c/sys/+/183897
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Use ParseDirent to get the directory entries instead of manually parsing
them. This fixes the test on dragonfly where type Dirent doesn't have a
Reclen member.
Manually tested on darwin, dragonfly and freebsd.
Change-Id: I234c6aff78243fec8bba8784c1d4948fbbb4d027
Reviewed-on: https://go-review.googlesource.com/c/sys/+/183226
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Provide common implementation for ReadDirent based on Getdents for
aix, *bsd and linux.
Add Getdents on aix as a wrapper around getdirent.
Keep the implementation for ReadDirent based on Getdirentries for
darwin and dragonfly.
Change-Id: I09094156a1452118ba48af4f14dfe44b1ab745d3
Reviewed-on: https://go-review.googlesource.com/c/sys/+/182321
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
The generated name X__bits should be changed to Val to match the type on
Linux. This was done manually in CL 179099 when Sigset_t was added for
freebsd. Modify mkpost.go to do it, so future changes won't revert the
rename.
Change-Id: I0ce135cbd8d03648a1576244d9c977b39c8f5889
Reviewed-on: https://go-review.googlesource.com/c/sys/+/183220
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
On freebsd 12, the system call for getdirentries writes 64 bits to
*basep, even on 32-bit systems. Accomodate that by providing a uint64
to the system call and copy the base to/from that uint64.
The uint64 seems to be a virtual file offset, so failing if the high
bits are not zero should be fine for reasonable-sized directories.
Update golang/go#32498
Change-Id: I4451894aff4e353c9f009c06ad2fdd5578dfd9f8
Reviewed-on: https://go-review.googlesource.com/c/sys/+/181500
Run-TryBot: Keith Randall <khr@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
While the linux/riscv64 port is not yet upstream, most of the syscalls package
already has linux/riscv64 support and this will make testing and development
easier.
Updates golang/go#27532
Change-Id: I6e505be55fdbb2942fb6e4f34c040e7b82809630
Reviewed-on: https://go-review.googlesource.com/c/sys/+/177799
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
The kernel raw syscall takes an additional parameter specifying
the size of the Sigset_t parameter, returns a file descriptor and sets errno.
Add a uintptr maxSize parameter, adjust the return to be (newfd int, err error).
Add the _NSIG #define and a wrapper to call with maxSize set to _C__NSIG/8 as done
in glibc/musl.
Change-Id: I277db0aab5c12364533c26ea800b7f394ec83ae4
Reviewed-on: https://go-review.googlesource.com/c/sys/+/178858
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
