| Commit message (Expand) | Author | Age | Files | Lines |
* | Add a new priv(9) kernel interface for checking the availability of | rwatson | 2006-11-06 | 1 | -1/+168 |
* | Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h | rwatson | 2006-10-22 | 1 | -1/+2 |
* | Declare security and security.bsd sysctl hierarchies in sysctl.h along | rwatson | 2006-09-17 | 1 | -1/+0 |
* | Push Giant down in jails. Pass the MPSAFE flag to NDINIT, and keep track | csjp | 2005-09-28 | 1 | -16/+15 |
* | Actually only protect mount-point if security.jail.enforce_statfs is set to 2. | pjd | 2005-06-23 | 1 | -1/+0 |
* | Rename sysctl security.jail.getfsstatroot_only to security.jail.enforce_statfs | pjd | 2005-06-09 | 1 | -11/+86 |
* | - Use taskqueue_thread rather than taskqueue_swi since our task is going | jeff | 2005-04-05 | 1 | -1/+1 |
* | Drop a bogus mp_fixme(). Adding a lock would do nothing to reduce userland | jhb | 2005-03-31 | 1 | -2/+0 |
* | Add a new sysctl, "security.jail.chflags_allowed", which controls the | cperciva | 2005-02-08 | 1 | -0/+5 |
* | /* -> /*- for copyright notices, minor format tweaks as necessary | imp | 2005-01-06 | 1 | -1/+1 |
* | Add two missing includes and remove two uneeded. | pjd | 2004-06-27 | 1 | -0/+3 |
* | Fix sysctl name: security.jail.getfsstate_getfsstatroot_only -> | pjd | 2004-05-20 | 1 | -1/+1 |
* | Give jail(8) the feature to allow raw sockets from within a | bmilekic | 2004-04-26 | 1 | -0/+5 |
* | Remove sysctl security.jail.list_allowed. | pjd | 2004-03-15 | 1 | -6/+1 |
* | Rework jail_attach(2) so that an already jailed process cannot hop | nectar | 2004-02-19 | 1 | -12/+12 |
* | Added sysctl security.jail.jailed. | pjd | 2004-02-19 | 1 | -0/+13 |
* | By default, don't allow processes in a jail to list the set of | rwatson | 2004-02-14 | 1 | -0/+7 |
* | Fix mismerge in last commit: check that cred->cr_prison is NULL | rwatson | 2004-02-14 | 1 | -1/+1 |
* | By default, when a process in jail calls getfsstat(), only return the | rwatson | 2004-02-14 | 1 | -0/+20 |
* | Defer the vrele() on a jail's root vnode reference from prison_free() | rwatson | 2004-01-23 | 1 | -6/+22 |
* | Use __FBSDID(). | obrien | 2003-06-11 | 1 | -3/+3 |
* | style(9) | mike | 2003-04-28 | 1 | -25/+20 |
* | - The prison mutex cannot possibly protect pointers to the prison it | jhb | 2003-04-17 | 1 | -3/+1 |
* | o In struct prison, add an allprison linked list of prisons (protected | mike | 2003-04-09 | 1 | -20/+218 |
* | Back out M_* changes, per decision of the TRB. | imp | 2003-02-19 | 1 | -1/+1 |
* | Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0. | alfred | 2003-01-21 | 1 | -1/+1 |
* | Don't forget to destroy the mutex if an error occurs | mux | 2002-12-20 | 1 | -0/+1 |
* | remove syscallarg(). | alfred | 2002-12-14 | 1 | -1/+1 |
* | Use strlcpy() instead of strncpy() to copy NUL terminated strings | robert | 2002-10-17 | 1 | -3/+2 |
* | The jail syscall calls chroot, which is not mpsafe, so put back a | iedowse | 2002-07-01 | 1 | -0/+2 |
* | - Alleviate jail() from having the burden of acquiring Giant by simply | arr | 2002-06-26 | 1 | -3/+0 |
* | Change callers of mtx_init() to pass in an appropriate lock type name. In | jhb | 2002-04-04 | 1 | -1/+1 |
* | Change the suser() API to take advantage of td_ucred as well as do a | jhb | 2002-04-01 | 1 | -1/+1 |
* | Make getcredhostname() take a buffer and the buffer's size | robert | 2002-02-27 | 1 | -3/+12 |
* | Add a function which returns the correct hostname for a given | robert | 2002-02-27 | 1 | -0/+11 |
* | - Attempt to help declutter kern. sysctl by moving security out from | arr | 2002-01-16 | 1 | -5/+5 |
* | - Move _jail sysctl node underneath _kern_security in order to standardize | arr | 2001-12-12 | 1 | -4/+5 |
* | o Introduce pr_mtx into struct prison, providing protection for the | rwatson | 2001-12-03 | 1 | -0/+17 |
* | o Move suser() calls in kern/ to using suser_xxx() with an explicit | rwatson | 2001-11-01 | 1 | -1/+1 |
* | - Catch up to the new ucred API. | jhb | 2001-10-11 | 1 | -18/+24 |
* | o Initialize per-jail securelevel from global securelevel as part of | rwatson | 2001-09-26 | 1 | -0/+1 |
* | KSE Milestone 2 | julian | 2001-09-12 | 1 | -3/+4 |
* | Pushdown Giant for acct(), kqueue(), kevent(), execve(), fork(), | dillon | 2001-09-01 | 1 | -4/+14 |
* | Anton kindly pointed out (and fixed) a bug in the Jail handling of the | rwatson | 2001-08-03 | 1 | -1/+8 |
* | o Move per-process jail pointer (p->pr_prison) to inside of the subject | rwatson | 2001-02-21 | 1 | -18/+67 |
* | Convert more malloc+bzero to malloc+M_ZERO. | dwmalone | 2000-12-08 | 1 | -2/+1 |
* | o Deny access to System V IPC from within jail by default, as in the | rwatson | 2000-10-31 | 1 | -0/+5 |
* | o Modify jail to limit creation of sockets to UNIX domain sockets, | rwatson | 2000-06-04 | 1 | -1/+8 |
* | Yet-another-update: rename ``kern.prison'' to a new sysctl root entry, | rwatson | 2000-02-12 | 1 | -0/+9 |
* | Add a version number field to the jail(2) argument so that future changes | phk | 1999-09-19 | 1 | -0/+2 |