| Commit message (Expand) | Author | Age | Files | Lines |
* | Add one further check with mac_policy_count to an mbuf copying case | rwatson | 2009-06-03 | 1 | -0/+3 |
* | Continue work to optimize performance of "options MAC" when no MAC policy | rwatson | 2009-06-03 | 5 | -63/+92 |
* | Mark MAC Framework sx and rm locks as NOWITNESS to suppress warnings that | rwatson | 2009-06-02 | 1 | -2/+2 |
* | Add internal 'mac_policy_count' counter to the MAC Framework, which is a | rwatson | 2009-06-02 | 3 | -22/+70 |
* | Make the rmlock(9) interface a bit more like the rwlock(9) interface: | rwatson | 2009-05-29 | 1 | -1/+1 |
* | Convert the MAC Framework from using rwlocks to rmlocks to stabilize | rwatson | 2009-05-27 | 2 | -21/+32 |
* | Rename MAC Framework-internal macros used to invoke policy entry points: | rwatson | 2009-05-01 | 18 | -304/+339 |
* | Rework MAC Framework synchronization in a number of ways in order to | rwatson | 2009-03-14 | 20 | -327/+410 |
* | Remove 'uio' argument from MAC Framework and MAC policy entry points for | rwatson | 2009-03-08 | 3 | -10/+8 |
* | Rename 'ucred' argument to mac_socket_check_bind() to 'cred' to match | rwatson | 2009-03-08 | 1 | -3/+3 |
* | Improve the consistency of MAC Framework and MAC policy entry point | rwatson | 2009-03-08 | 6 | -215/+196 |
* | Add static DTrace probes for MAC Framework access control checks and | rwatson | 2009-03-08 | 17 | -14/+660 |
* | Reduce the verbosity of SDT trace points for DTrace by defining several | rwatson | 2009-03-03 | 1 | -12/+3 |
* | Use vm_map_entry_t instead of explicit struct vm_map_entry *. | kib | 2009-02-24 | 1 | -1/+1 |
* | Use __FBSDID() for $FreeBSD$ version strings in .c files. | rwatson | 2009-01-24 | 2 | -4/+6 |
* | Begin to add SDT tracing of the MAC Framework: add policy modevent, | rwatson | 2009-01-24 | 1 | -1/+24 |
* | Rather than having MAC policies explicitly declare what object types | rwatson | 2009-01-10 | 3 | -37/+77 |
* | Use MPC_OBJECT_IP6Q to indicate labeling of struct ip6q rather than | rwatson | 2009-01-10 | 1 | -1/+1 |
* | Make preparations for resurrecting shared/read locks on vm maps: | alc | 2008-12-22 | 1 | -4/+2 |
* | Break out strictly credential-related portions of mac_process.c into a | rwatson | 2008-10-28 | 2 | -141/+213 |
* | Introduce accmode_t. This is required for NFSv4 ACLs - it will be neccessary | trasz | 2008-10-28 | 3 | -8/+12 |
* | Rename mac_cred_mmapped_drop_perms(), which revokes access to virtual | rwatson | 2008-10-28 | 3 | -16/+14 |
* | Rename three MAC entry points from _proc_ to _cred_ to reflect the fact | rwatson | 2008-10-28 | 3 | -43/+43 |
* | Add a MAC label, MAC Framework, and MAC policy entry points for IPv6 | rwatson | 2008-10-26 | 3 | -3/+129 |
* | Add mac_inpcb_check_visible MAC Framework entry point, which is similar | bz | 2008-10-17 | 3 | -0/+16 |
* | Introduce two related changes to the TrustedBSD MAC Framework: | rwatson | 2008-08-23 | 16 | -144/+318 |
* | Rework the lifetime management of the kernel implementation of POSIX | jhb | 2008-06-27 | 3 | -15/+45 |
* | Remove the posixsem_check_destroy() MAC check. It is semantically identical | jhb | 2008-06-23 | 3 | -14/+0 |
* | The TrustedBSD MAC Framework named struct ipq instances 'ipq', which is the | rwatson | 2008-06-13 | 3 | -26/+25 |
* | Plug a memory leak which can occur when multiple MAC policies are loaded | csjp | 2008-05-27 | 1 | -0/+4 |
* | When propagating a MAC label from an inpcb to an mbuf, allow read and | rwatson | 2008-04-19 | 1 | -1/+1 |
* | Convert pcbinfo and inpcb mutexes to rwlocks, and modify macros to | rwatson | 2008-04-17 | 1 | -3/+3 |
* | Make naming of include guards for MAC Framework include files more | rwatson | 2008-04-13 | 3 | -9/+9 |
* | Add the support for the AT_FDCWD and fd-relative name lookups to the | kib | 2008-03-31 | 1 | -0/+1 |
* | VOP_LOCK1() (and so VOP_LOCK()) and VOP_UNLOCK() are only used in | attilio | 2008-01-13 | 2 | -4/+4 |
* | vn_lock() is currently only used with the 'curthread' passed as argument. | attilio | 2008-01-10 | 2 | -4/+4 |
* | Add a new file descriptor type for IPC shared memory objects and use it to | jhb | 2008-01-08 | 3 | -0/+187 |
* | Fix a MAC label leak for POSIX semaphores, in which per-policy labels | rwatson | 2007-12-17 | 1 | -0/+1 |
* | Garbage collect mac_mbuf_create_multicast_encap TrustedBSD MAC Framework | rwatson | 2007-10-28 | 3 | -22/+0 |
* | Continue to move from generic network entry points in the TrustedBSD MAC | rwatson | 2007-10-28 | 4 | -20/+41 |
* | Move towards more explicit support for various network protocol stacks | rwatson | 2007-10-28 | 7 | -23/+188 |
* | Update comment following MAC Framework entry point renaming and | rwatson | 2007-10-26 | 1 | -1/+6 |
* | Rename 'mac_mbuf_create_from_firewall' to 'mac_netinet_firewall_send' as | rwatson | 2007-10-26 | 4 | -11/+11 |
* | Sort entry points in mac_framework.h and mac_policy.h alphabetically by | rwatson | 2007-10-25 | 2 | -629/+574 |
* | Normalize TCP syncache-related MAC Framework entry points to match most | rwatson | 2007-10-25 | 3 | -20/+20 |
* | Rename mac_associate_nfsd_label() to mac_proc_associate_nfsd(), and move | rwatson | 2007-10-25 | 4 | -19/+19 |
* | Further MAC Framework cleanup: normalize some local variable names and | rwatson | 2007-10-25 | 3 | -21/+22 |
* | Merge first in a series of TrustedBSD MAC Framework KPI changes | rwatson | 2007-10-24 | 16 | -1150/+1193 |
* | Bump MAC_VERSION to 4 and add an 8.x line in the version table. Version 4 | rwatson | 2007-10-23 | 1 | -1/+2 |
* | Canonicalize naming of local variables for struct ksem and associated | rwatson | 2007-10-21 | 3 | -34/+33 |