| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
UARTs.
Requested by: doconnor@gsoft.com.au
|
| | |
|
| |
|
|
|
| |
because errors from mount(2) were explicitly ignored. I didn't fix that
bug.
|
| |
|
|
| |
same size so this doesn't fix a bug, but it makes it cleaner.
|
| | |
|
| |
|
|
|
|
| |
location of the passwd and master.passwd files.
Submitted by: Andre Guibert de Bruet <andy@siliconlandmark.com>
|
| |
|
|
| |
Submitted by: Andre Guibert de Bruet <andy@siliconlandmark.com>
|
| |
|
|
|
|
|
| |
manipulated directly (rather than using sballoc()/sbfree()); update them
to tweak the new sb_ctl field too.
Sponsored by: NTT Multimedia Communications Labs
|
| |
|
|
|
|
|
| |
received.
Verified by: dougb, Manfred Antar <null@pozo.com>
Sponsored by: NTT Multimedia Communications Labs
|
| |
|
|
|
|
|
|
| |
o ia64: Set DOFS_SH to point to an alternate version.
o ia64: Lower BIGBOOTSIZE from 120M (LS-120) to ~5M.
o ia64: Set BIGBOOTLABEL to efi so that we can check for it
in the alternate doFS.sh script. If the label is not efi, we
can invoke the generic doFS.sh.
|
| | |
|
| |
|
|
|
| |
for label access on the interpreter, not just the shell script. No
policies currently present in the system rely on the new labels.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(1) Permit userland applications to request a change of label atomic
with an execve() via mac_execve(). This is required for the
SEBSD port of SELinux/FLASK. Attempts to invoke this without
MAC compiled in result in ENOSYS, as with all other MAC system
calls. Complexity, if desired, is present in policy modules,
rather than the framework.
(2) Permit policies to have access to both the label of the vnode
being executed as well as the interpreter if it's a shell
script or related UNIX nonsense. Because we can't hold both
vnode locks at the same time, cache the interpreter label.
SEBSD relies on this because it supports secure transitioning
via shell script executables. Other policies might want to
take both labels into account during an integrity or
confidentiality decision at execve()-time.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| | |
|
| |
|
|
|
|
|
|
| |
it's essentially execve() with an optional MAC label argument.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
transitioning, remove their transition entry points.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| | |
|
| |
|
|
|
|
|
|
| |
Allow transitioning to be twiddled off using the process and fs enforcement
flags, although at some point this should probably be its own flag.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
entrypoints, #ifdef MAC. The supporting logic already existed in
kern_mac.c, so no change there. This permits MAC policies to cause
a process label change as the result of executing a binary --
typically, as a result of executing a specially labeled binary.
For example, the SEBSD port of SELinux/FLASK uses this functionality
to implement TE type transitions on processes using transitioning
binaries, in a manner similar to setuid. Policies not implementing
a notion of transition (all the ones in the tree right now) require
no changes, since the old label data is copied to the new label
via mac_create_cred() even if a transition does occur.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
| |
Reviewed by: jhb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Strip ${RD}/mfsfd/stand/etc/defaults/rc.conf.
Don't copy loader.help to ${RD}/mfsfd/boot, it serves no useful purpose.
Removed the now no-op commands to copy ${RD}/trees/base/dev bits to
${RD}/mfsfd/dev, now that DEVFS is the default.
Removed UFS_ACL, PSEUDOFS, and COMPAT_FREEBSD4 options from the BOOTMFS
kernel.
Moved miibus network module to the drivers floppy.
isp(4) and mpt(4) now have corresponding modules, move them to the third
floppy as well.
Caution! With these changes, mfsroot.flp has only 11K left, and
kern.flp has even less -- 5K.
|
| |
|
|
|
|
| |
and (we have the disk error from libufs? the disk error: the errno).
Requested by: bde, <many>
|
| | |
|
| |
|
|
|
|
|
|
|
| |
with them in non-C cases, outside of the kernel.
Include <sys/cdefs.h> for __BEGIN_DECLS/__END_DECLS as other headers seem
to do in this area.
Requested by: Patrick Hartling <patrick@137.org>
|
| |
|
|
| |
Somehow this didn't make it in the last commits.
|
| |
|
|
|
|
| |
with them in non-C cases.
Requested by: Patrick Hartling <patrick@137.org>
|
| | |
|
| |
|
|
| |
Tested on: i386
|
| |
|
|
|
|
| |
- Move to MI space.
Tested on: i386
|
| | |
|
| |
|
|
|
|
| |
o Enable sc
o Remove NO_GEOM. We need GEOM for GPT.
o Remove NO_CPU_COPTFLAGS.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
the loader in an EFI partition. This automaticly means we need the
kernel there as well.
In order to avoid having to worry about a geometry as much as
possible, we partition the disk with GPT.
With this, auto-boot works, but we have a problem mounting the
MFS.
|
| |
|
|
|
|
| |
the module compiled in or loaded instead of bogusly checking for ppp0.
Also if and only if the caller is actually root and the kernel does not
have ppp support, try to load the ppp module before giving up.
|
| | |
|
| |
|
|
| |
which is needed in order for nexted C functions to work.
|
| |
|
|
| |
when no devices are connected.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
describes an image activation instance. Instead, make use of the
existing fname structure entry, and introduce two new entries,
userspace_argv, and userspace_envv. With the addition of
mac_execve(), this divorces the image structure from the specifics
of the execve() system call, removes a redundant pointer, etc.
No semantic change from current behavior, but it means that the
structure doesn't depend on syscalls.master-generated includes.
There seems to be some redundant initialization of imgact entries,
which I have maintained, but which could probably use some cleaning
up at some point.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
a partial-write is followed by an error.
PR: 43335
MFC after: 1 week
|
| | |
|
| |
|
|
|
| |
implementation status of these services has changed substantially
since this man page was last updated.
|
| |
|
|
|
|
| |
problems people were having at startup.
Approved by: re
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
fixes. See contrib/ntp/ChangeLog for details.
MFC after: 1 month
Prodded by: jhay
Tested on: sparc64 (panther), alpha (beast) and i386.
|
