| Commit message (Expand) | Author | Age | Files | Lines |
* | Fix jails and jail-friendly file systems handling: | pjd | 2007-04-13 | 1 | -0/+1 |
* | Allow PRIV_NETINET_REUSEPORT in jail. | rwatson | 2007-04-10 | 1 | -1/+3 |
* | prison_free() can be called with a mutex held. This wasn't a problem until | pjd | 2007-04-08 | 1 | -11/+16 |
* | Only use prison mutex to protect the fields that need to be protected by it. | pjd | 2007-04-08 | 1 | -2/+2 |
* | pr_list is protected by the allprison_lock. | pjd | 2007-04-08 | 1 | -1/+1 |
* | Implement functionality I called 'jail services'. | pjd | 2007-04-05 | 1 | -27/+244 |
* | Make prison_find() globally accessible. | pjd | 2007-04-05 | 1 | -2/+1 |
* | Add security.jail.mount_allowed sysctl, which allows to mount and | pjd | 2007-04-05 | 1 | -0/+17 |
* | Minor simplification. | pjd | 2007-03-09 | 1 | -3/+1 |
* | White space nits. | pjd | 2007-03-07 | 1 | -4/+4 |
* | Remove 'MPSAFE' annotations from the comments above most system calls: all | rwatson | 2007-03-04 | 1 | -4/+0 |
* | Rename PRIV_VFS_CLEARSUGID to PRIV_VFS_RETAINSUGID, which seems to better | pjd | 2007-03-01 | 1 | -1/+1 |
* | Remove unused PRIV_IPC_EXEC. Renumbers System V IPC privilege. | rwatson | 2007-02-20 | 1 | -1/+0 |
* | Rename three quota privileges from the UFS privilege namespace to the | rwatson | 2007-02-19 | 1 | -2/+2 |
* | Limit quota privileges in jail to PRIV_UFS_GETQUOTA and | rwatson | 2007-02-19 | 1 | -5/+2 |
* | For now, reflect practical reality that Audit system calls aren't | rwatson | 2007-02-19 | 1 | -0/+2 |
* | Add a new priv(9) kernel interface for checking the availability of | rwatson | 2006-11-06 | 1 | -1/+168 |
* | Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h | rwatson | 2006-10-22 | 1 | -1/+2 |
* | Declare security and security.bsd sysctl hierarchies in sysctl.h along | rwatson | 2006-09-17 | 1 | -1/+0 |
* | Push Giant down in jails. Pass the MPSAFE flag to NDINIT, and keep track | csjp | 2005-09-28 | 1 | -16/+15 |
* | Actually only protect mount-point if security.jail.enforce_statfs is set to 2. | pjd | 2005-06-23 | 1 | -1/+0 |
* | Rename sysctl security.jail.getfsstatroot_only to security.jail.enforce_statfs | pjd | 2005-06-09 | 1 | -11/+86 |
* | - Use taskqueue_thread rather than taskqueue_swi since our task is going | jeff | 2005-04-05 | 1 | -1/+1 |
* | Drop a bogus mp_fixme(). Adding a lock would do nothing to reduce userland | jhb | 2005-03-31 | 1 | -2/+0 |
* | Add a new sysctl, "security.jail.chflags_allowed", which controls the | cperciva | 2005-02-08 | 1 | -0/+5 |
* | /* -> /*- for copyright notices, minor format tweaks as necessary | imp | 2005-01-06 | 1 | -1/+1 |
* | Add two missing includes and remove two uneeded. | pjd | 2004-06-27 | 1 | -0/+3 |
* | Fix sysctl name: security.jail.getfsstate_getfsstatroot_only -> | pjd | 2004-05-20 | 1 | -1/+1 |
* | Give jail(8) the feature to allow raw sockets from within a | bmilekic | 2004-04-26 | 1 | -0/+5 |
* | Remove sysctl security.jail.list_allowed. | pjd | 2004-03-15 | 1 | -6/+1 |
* | Rework jail_attach(2) so that an already jailed process cannot hop | nectar | 2004-02-19 | 1 | -12/+12 |
* | Added sysctl security.jail.jailed. | pjd | 2004-02-19 | 1 | -0/+13 |
* | By default, don't allow processes in a jail to list the set of | rwatson | 2004-02-14 | 1 | -0/+7 |
* | Fix mismerge in last commit: check that cred->cr_prison is NULL | rwatson | 2004-02-14 | 1 | -1/+1 |
* | By default, when a process in jail calls getfsstat(), only return the | rwatson | 2004-02-14 | 1 | -0/+20 |
* | Defer the vrele() on a jail's root vnode reference from prison_free() | rwatson | 2004-01-23 | 1 | -6/+22 |
* | Use __FBSDID(). | obrien | 2003-06-11 | 1 | -3/+3 |
* | style(9) | mike | 2003-04-28 | 1 | -25/+20 |
* | - The prison mutex cannot possibly protect pointers to the prison it | jhb | 2003-04-17 | 1 | -3/+1 |
* | o In struct prison, add an allprison linked list of prisons (protected | mike | 2003-04-09 | 1 | -20/+218 |
* | Back out M_* changes, per decision of the TRB. | imp | 2003-02-19 | 1 | -1/+1 |
* | Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0. | alfred | 2003-01-21 | 1 | -1/+1 |
* | Don't forget to destroy the mutex if an error occurs | mux | 2002-12-20 | 1 | -0/+1 |
* | remove syscallarg(). | alfred | 2002-12-14 | 1 | -1/+1 |
* | Use strlcpy() instead of strncpy() to copy NUL terminated strings | robert | 2002-10-17 | 1 | -3/+2 |
* | The jail syscall calls chroot, which is not mpsafe, so put back a | iedowse | 2002-07-01 | 1 | -0/+2 |
* | - Alleviate jail() from having the burden of acquiring Giant by simply | arr | 2002-06-26 | 1 | -3/+0 |
* | Change callers of mtx_init() to pass in an appropriate lock type name. In | jhb | 2002-04-04 | 1 | -1/+1 |
* | Change the suser() API to take advantage of td_ucred as well as do a | jhb | 2002-04-01 | 1 | -1/+1 |
* | Make getcredhostname() take a buffer and the buffer's size | robert | 2002-02-27 | 1 | -3/+12 |