| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Centrally manage enforcement of {reboot,swapon,sysctl} using the | rwatson | 2002-10-27 | 1 | -13/+9 |
| * | Implement mac_check_system_sysctl(), a MAC Framework entry point to | rwatson | 2002-10-27 | 1 | -0/+28 |
| * | Hook up mac_check_system_reboot(), a MAC Framework entry point that | rwatson | 2002-10-27 | 1 | -0/+23 |
| * | Merge from MAC tree: rename mac_check_vnode_swapon() to | rwatson | 2002-10-27 | 1 | -18/+18 |
| * | Slightly change the semantics of vnode labels for MAC: rather than | rwatson | 2002-10-26 | 1 | -486/+90 |
| * | Comment describing the semantics of mac_late. | rwatson | 2002-10-25 | 1 | -1/+6 |
| * | Introduce MAC_CHECK_VNODE_SWAPON, which permits MAC policies to | rwatson | 2002-10-22 | 1 | -0/+22 |
| * | Missed in previous merge: export sizeof(struct oldmac) rather than | rwatson | 2002-10-22 | 1 | -1/+1 |
| * | Support the new MAC user API in kernel: modify existing system calls | rwatson | 2002-10-22 | 1 | -169/+917 |
| * | Use if_printf(ifp, "blah") instead of | brooks | 2002-10-21 | 1 | -2/+1 |
| * | If MAC_MAX_POLICIES isn't defined, don't try to define it, just let the | rwatson | 2002-10-20 | 1 | -3/+1 |
| * | Make sure to clear the 'registered' flag for MAC policies when they | rwatson | 2002-10-19 | 1 | -0/+1 |
| * | Integrate mac_check_socket_send() and mac_check_socket_receive() | rwatson | 2002-10-06 | 1 | -0/+34 |
| * | Sync from MAC tree: break out the single mmap entry point into | rwatson | 2002-10-06 | 1 | -18/+63 |
| * | Modify label allocation semantics for sockets: pass in soalloc's malloc | rwatson | 2002-10-05 | 1 | -13/+69 |
| * | Integrate a devfs/MAC fix from the MAC tree: avoid a race condition during | rwatson | 2002-10-05 | 1 | -0/+13 |
| * | Merge support for mac_check_vnode_link(), a MAC framework/policy entry | rwatson | 2002-10-05 | 1 | -0/+30 |
| * | While the MAC API has supported the ability to handle M_NOWAIT passed | rwatson | 2002-10-05 | 1 | -3/+11 |
| * | Rearrange object and label init/destroy functions to match the | rwatson | 2002-10-05 | 1 | -101/+101 |
| * | Sync to MAC tree: use 'flag' instead of 'how' for mac_init_mbuf(); | rwatson | 2002-10-05 | 1 | -3/+3 |
| * | Another big diff, little functional change: move label internalization, | rwatson | 2002-10-05 | 1 | -65/+65 |
| * | Move all object label init/destroy routines to the head of the | rwatson | 2002-10-05 | 1 | -285/+285 |
| * | Synch from TrustedBSD MAC tree: | rwatson | 2002-10-05 | 1 | -3/+25 |
| * | Cosmetic line wrap synchronization. | rwatson | 2002-10-05 | 1 | -2/+4 |
| * | Push the debugging obect label counters into security.mac.debug.counters | rwatson | 2002-10-05 | 1 | -11/+16 |
| * | Begin another merge from the TrustedBSD MAC branch: | rwatson | 2002-10-05 | 1 | -68/+86 |
| * | Add a new MAC entry point, mac_thread_userret(td), which permits policy | rwatson | 2002-10-02 | 1 | -0/+11 |
| * | Remember to include "opt_devfs.h" so we get any relevant changes | phk | 2002-10-01 | 1 | -0/+1 |
| * | Improve locking of pipe mutexes in the context of MAC: | rwatson | 2002-10-01 | 1 | -0/+34 |
| * | Push 'security.mac.debug_label_fallback' behind options MAC_DEBUG. | rwatson | 2002-10-01 | 1 | -10/+14 |
| * | Add tunables for the existing sysctl twiddles for pipe and vm | rwatson | 2002-09-30 | 1 | -0/+2 |
| * | Remove un-needed stack variable 'ops'. | rwatson | 2002-09-18 | 1 | -3/+2 |
| * | Add a toggle to disable VM enforcement. | rwatson | 2002-09-18 | 1 | -0/+7 |
| * | At the cost of seeming a little gauche, make use of more traditional | rwatson | 2002-09-18 | 1 | -4/+4 |
| * | Remove all use of vnode->v_tag, replacing with appropriate substitutes. | njl | 2002-09-14 | 1 | -4/+4 |
| * | Add security.mac.mmap_revocation, a flag indicating whether we | rwatson | 2002-09-09 | 1 | -0/+8 |
| * | Minor code sync to MAC tree: push Giant locking up from | rwatson | 2002-09-09 | 1 | -2/+2 |
| * | Include <sys/malloc.h> instead of depending on namespace pollution 2 | bde | 2002-09-05 | 1 | -6/+5 |
| * | Close a race in process label changing opened due to dropping the | rwatson | 2002-08-19 | 1 | -7/+10 |
| * | Pass active_cred and file_cred into the MAC framework explicitly | rwatson | 2002-08-19 | 1 | -12/+20 |
| * | Provide an implementation of mac_syscall() so that security modules | rwatson | 2002-08-19 | 1 | -0/+38 |
| * | Break out mac_check_pipe_op() into component check entry points: | rwatson | 2002-08-19 | 1 | -4/+46 |
| * | Break out mac_check_vnode_op() into three seperate checks: | rwatson | 2002-08-19 | 1 | -10/+57 |
| * | Assert process locks in proces-related access control checks. | rwatson | 2002-08-19 | 1 | -0/+6 |
| * | Add a missing vnode assertion for the exec() check. | rwatson | 2002-08-19 | 1 | -0/+2 |
| * | Wrap maintenance of varios nmac{objectname} counters in MAC_DEBUG so we | rwatson | 2002-08-16 | 1 | -0/+46 |
| * | Rename mac_check_socket_receive() to mac_check_socket_deliver() so that | rwatson | 2002-08-15 | 1 | -10/+10 |
| * | Sync to trustedbsd_mac tree: default to sigsegv rather than copy-on-write | rwatson | 2002-08-15 | 1 | -1/+1 |
| * | Declare a module service "kernel_mac_support" when MAC support is | rwatson | 2002-08-12 | 1 | -0/+8 |
| * | - Replace v_flag with v_iflag and v_vflag | jeff | 2002-08-04 | 1 | -5/+7 |
