| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Instead use %ju and cast the argument.
WFORMAT=0 is still required in the Makefile because gcc warns about
some strftime() calls (I don't think this behaviour is useful.)
Tested on: sparc64, alpha, i386
|
|
|
|
| |
namespace pollution 2 layers deep in <sys/eventhandler.h>.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
seperate entry points for each occasion:
mac_check_vnode_mmap() Check at initial mapping
mac_check_vnode_mprotect() Check at mapping protection change
mac_check_vnode_mmap_downgrade() Determine if a mapping downgrade
should take place following
subject relabel.
Implement mmap() and mprotect() entry points for labeled vnode
policies. These entry points are currently not hooked up to the
VM system in the base tree. These changes improve the consistency
of the access control interface and offer more flexibility regarding
limiting access to vnode mmaping.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
| |
|
|
|
|
|
|
| |
the first label to the raw disk.
Sponsored by: DARPA & NAI Labs.
|
|
|
|
|
|
|
| |
as well.
Detected by: scottl
Sponsored by: DARPA & NAI Labs.
|
|
|
|
|
|
|
|
|
|
|
| |
flags so that we can call malloc with M_NOWAIT if necessary, avoiding
potential sleeps while holding mutexes in the TCP syncache code.
Similar to the existing support for mbuf label allocation: if we can't
allocate all the necessary label store in each policy, we back out
the label allocation and fail the socket creation. Sync from MAC tree.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
| |
though.
|
|
|
|
|
|
|
|
| |
archs have them there, alghough the variable are declared in
subr_clock.c. These should probably be moved into some MI
place.
Approved by: jake
|
|
|
|
|
|
|
| |
when accounting is suspended--otherwise when accounting is restored,
we may incorrectly assume the credential is valid.
Panics experienced by: juli
|
|
|
|
|
|
|
| |
vnode labels. Sync from MAC tree.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
|
| |
Detected by: jhay
Sponsored by: DARPA & NAI Labs.
|
|
|
|
|
|
|
|
|
| |
devfs VOP symlink creation by introducing a new entry point to determine
the label of the devfs_dirent prior to allocation of a vnode for the
symlink.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
| |
X-MFC after: ASAP
|
|
|
|
|
|
|
| |
file-system aware MAC policies. Sync to MAC tree.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
|
|
|
|
| |
point that instruments the creation of hard links. Policy implementations
to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
|
|
|
|
|
|
|
|
| |
to mbuf label initialization, that functionality was never merged to
the main tree. Go ahead and merge that functionality now. Note that
this requires policy modules to accept the case where the label
element may be destroyed even if init has not succeeded on it (in
the event that policy failed the init). This will shortly also
apply to sockets.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
|
|
|
|
|
| |
order used in mac_policy.h and elsewhere. Sort order is basically
"by operation category", then "alphabetically by object". Sync to
MAC tree.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
|
|
|
| |
Updated release notes: Update KSE info and add cross-reference to
kse(2) manpage.
Fix a couple of minor typos while I'm here.
|
|
|
|
| |
remove a slightly less than useful comment.
|
|
|
|
| |
able to handle (0xffffff).
|
|
|
|
|
|
|
|
| |
externalization, and cred label life cycle events to entirely above
devfs and vnode events. Sync from MAC tree.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
|
|
|
|
| |
entry points to better match the entry point ordering in mac_policy.h.
Big diff, no functional change; merge from the MAC tree.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
|
|
|
|
|
|
|
| |
- If a policy isn't registered when a policy module unloads, silently
succeed.
- Hold the policy list lock across more of the validity tests to avoid
races.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NB: But it will enable it in all kernels not having options "NO_GEOM"
Put the GEOM related options into the intended order.
Add "options NO_GEOM" to all kernel configs apart from NOTES.
In some order of controlled fashion, the NO_GEOM options will be
removed, architecture by architecture in the coming days.
There are currently three known issues which may force people to
need the NO_GEOM option:
boot0cfg/fdisk:
Tries to update the MBR while it is being used to control
slices. GEOM does not allow this as a direct operation.
SCSI floppy drives:
Appearantly the scsi-da driver return "EBUSY" if no media
is inserted. This is wrong, it should return ENXIO.
PC98:
It is unclear if GEOM correctly recognizes all variants of
PC98 disklabels. (Help Wanted! I have neither docs nor HW)
These issues are all being worked.
Sponsored by: DARPA & NAI Labs.
|
| |
|
|
|
|
|
|
|
| |
rather than directly under security.mac.debug.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
|
|
| |
This removes yet a dependency on the old disklabel stuff.
Sponsored by: DARPA & NAI Labs.
|
|
|
|
| |
Sponsored by: DARPA & NAI Labs
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Change mpo_init_foo(obj, label) and mpo_destroy_foo(obj, label) policy
entry points to mpo_init_foo_label(label) and
mpo_destroy_foo_label(label). This will permit the use of the same
entry points for holding temporary type-specific label during
internalization and externalization, as well as for caching purposes.
- Because of this, break out mpo_{init,destroy}_socket() and
mpo_{init,destroy}_mount() into seperate entry points for socket
main/peer labels and mount main/fs labels.
- Since the prototype for label initialization is the same across almost
all entry points, implement these entry points using common
implementations for Biba, MLS, and Test, reducing the number of
almost identical looking functions.
This simplifies policy implementation, as well as preparing us for the
merge of the new flexible userland API for managing labels on objects.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
|
|
|
| |
Also fix some style bugs in surrounding code, and add a comment
about FP state restoral that seems questionable.
Submitted by: bde
|
|
|
|
| |
Sponsored by: DARPA & NAI Labs.
|
|
|
|
| |
Sponsored by: DARPA & NAI Labs.
|
|
|
|
| |
Sponsored by: DARPA & NAI Labs
|
|
|
|
| |
mutex being unlocked again causing system panic.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
treat it as an invalid partition.
This fixes a bug where ``dumpon <device>'' will configure the dump
device at a random offset on the disk if <device> isn't a valid
partition.
Reviewed by: phk
|
|
|
|
| |
<sys/cdefs.h>. Sort function prototypes.
|
|
|
|
| |
<sys/cdefs.h>.
|
|
|
|
| |
that headers that include it can conditionalize sigset_t's visibility.
|
|
|
|
|
| |
middle of a block of code, with no clear assignment. While here, move one
nearby assignment out of declaration.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(1) Use namei() and devfs to discover devices rather than a hard-coded
MAKEDEV implementation. Once rootfs is in place, this will allow
Vinum to be used for the root file system partition.
(2) Pass FREAD to device opens so that GEOM will return sector size
rather than an error on attempts to read label data.
(3) Avoid clobbering return values from close_drive() and masking this
failure, resulting in a later divide by zero due to not having
updated the Vinum-cached sector size.
(4) Ignore failures from DIOCWLABEL as that appears not to be required
in the GEOM environment.
We've done testing in simple Vinum environments, but those with more
complex environments might want to give this a spin in DP2 and make
sure everything is up to speed.
Fixes in collaboration with: iedowse
Reviewed by: grog
|
|
|
|
|
|
| |
release the mutex multiple times for multi-plex volumes.
Following further consultation with: grog
|
|
|
|
|
|
|
|
| |
before freeing so that WITNESS doesn't dereference mutex data pointers
and page fault. It's now possible to unload vinum.ko with a GENERIC
kernel on 5.0-CURRENT without panic.
Debugged/fixed with the aid of: jake, grog
|
| |
|
|
|
|
|
|
|
|
| |
the FPU state on receiving and returning from a signal.
The FPU save and restore macros are no longer needed, but
remain defined in case we need to use them again (something
else breaks). They'll be removed permanently once new
syscalls are added to handle the new i386 ucontext size.
|
|
|
|
|
|
| |
before start accessing PCI config space.
Reviewed by: jhb
|