| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | - Add a FEATURE for capsicum (security_capabilities). | netchild | 2011-03-04 | 1 | -1/+1 |
| * | Add some FEATURE macros for various features (AUDIT/CAM/IPC/KTR/MAC/NFS/NTP/ | netchild | 2011-02-25 | 1 | -0/+3 |
| * | Unless "cnt" exceeds MAX_COMMIT_COUNT, nfsrv_commit() and nfsvno_fsync() are | alc | 2011-02-05 | 1 | -5/+2 |
| * | sysctl(9) cleanup checkpoint: amd64 GENERIC builds cleanly. | mdf | 2011-01-12 | 1 | -1/+1 |
| * | Add missing DTrace probe invocation to mac_vnode_check_open; the probe | rwatson | 2010-10-23 | 1 | -0/+2 |
| * | Add an extra comment to the SDT probes definition. This allows us to get | rpaulo | 2010-08-22 | 2 | -13/+15 |
| * | Add one further check with mac_policy_count to an mbuf copying case | rwatson | 2009-06-03 | 1 | -0/+3 |
| * | Continue work to optimize performance of "options MAC" when no MAC policy | rwatson | 2009-06-03 | 5 | -63/+92 |
| * | Mark MAC Framework sx and rm locks as NOWITNESS to suppress warnings that | rwatson | 2009-06-02 | 1 | -2/+2 |
| * | Add internal 'mac_policy_count' counter to the MAC Framework, which is a | rwatson | 2009-06-02 | 3 | -22/+70 |
| * | Make the rmlock(9) interface a bit more like the rwlock(9) interface: | rwatson | 2009-05-29 | 1 | -1/+1 |
| * | Convert the MAC Framework from using rwlocks to rmlocks to stabilize | rwatson | 2009-05-27 | 2 | -21/+32 |
| * | Rename MAC Framework-internal macros used to invoke policy entry points: | rwatson | 2009-05-01 | 18 | -304/+339 |
| * | Rework MAC Framework synchronization in a number of ways in order to | rwatson | 2009-03-14 | 20 | -327/+410 |
| * | Remove 'uio' argument from MAC Framework and MAC policy entry points for | rwatson | 2009-03-08 | 3 | -10/+8 |
| * | Rename 'ucred' argument to mac_socket_check_bind() to 'cred' to match | rwatson | 2009-03-08 | 1 | -3/+3 |
| * | Improve the consistency of MAC Framework and MAC policy entry point | rwatson | 2009-03-08 | 6 | -215/+196 |
| * | Add static DTrace probes for MAC Framework access control checks and | rwatson | 2009-03-08 | 17 | -14/+660 |
| * | Reduce the verbosity of SDT trace points for DTrace by defining several | rwatson | 2009-03-03 | 1 | -12/+3 |
| * | Use vm_map_entry_t instead of explicit struct vm_map_entry *. | kib | 2009-02-24 | 1 | -1/+1 |
| * | Use __FBSDID() for $FreeBSD$ version strings in .c files. | rwatson | 2009-01-24 | 2 | -4/+6 |
| * | Begin to add SDT tracing of the MAC Framework: add policy modevent, | rwatson | 2009-01-24 | 1 | -1/+24 |
| * | Rather than having MAC policies explicitly declare what object types | rwatson | 2009-01-10 | 3 | -37/+77 |
| * | Use MPC_OBJECT_IP6Q to indicate labeling of struct ip6q rather than | rwatson | 2009-01-10 | 1 | -1/+1 |
| * | Make preparations for resurrecting shared/read locks on vm maps: | alc | 2008-12-22 | 1 | -4/+2 |
| * | Break out strictly credential-related portions of mac_process.c into a | rwatson | 2008-10-28 | 2 | -141/+213 |
| * | Introduce accmode_t. This is required for NFSv4 ACLs - it will be neccessary | trasz | 2008-10-28 | 3 | -8/+12 |
| * | Rename mac_cred_mmapped_drop_perms(), which revokes access to virtual | rwatson | 2008-10-28 | 3 | -16/+14 |
| * | Rename three MAC entry points from _proc_ to _cred_ to reflect the fact | rwatson | 2008-10-28 | 3 | -43/+43 |
| * | Add a MAC label, MAC Framework, and MAC policy entry points for IPv6 | rwatson | 2008-10-26 | 3 | -3/+129 |
| * | Add mac_inpcb_check_visible MAC Framework entry point, which is similar | bz | 2008-10-17 | 3 | -0/+16 |
| * | Introduce two related changes to the TrustedBSD MAC Framework: | rwatson | 2008-08-23 | 16 | -144/+318 |
| * | Rework the lifetime management of the kernel implementation of POSIX | jhb | 2008-06-27 | 3 | -15/+45 |
| * | Remove the posixsem_check_destroy() MAC check. It is semantically identical | jhb | 2008-06-23 | 3 | -14/+0 |
| * | The TrustedBSD MAC Framework named struct ipq instances 'ipq', which is the | rwatson | 2008-06-13 | 3 | -26/+25 |
| * | Plug a memory leak which can occur when multiple MAC policies are loaded | csjp | 2008-05-27 | 1 | -0/+4 |
| * | When propagating a MAC label from an inpcb to an mbuf, allow read and | rwatson | 2008-04-19 | 1 | -1/+1 |
| * | Convert pcbinfo and inpcb mutexes to rwlocks, and modify macros to | rwatson | 2008-04-17 | 1 | -3/+3 |
| * | Make naming of include guards for MAC Framework include files more | rwatson | 2008-04-13 | 3 | -9/+9 |
| * | Add the support for the AT_FDCWD and fd-relative name lookups to the | kib | 2008-03-31 | 1 | -0/+1 |
| * | VOP_LOCK1() (and so VOP_LOCK()) and VOP_UNLOCK() are only used in | attilio | 2008-01-13 | 2 | -4/+4 |
| * | vn_lock() is currently only used with the 'curthread' passed as argument. | attilio | 2008-01-10 | 2 | -4/+4 |
| * | Add a new file descriptor type for IPC shared memory objects and use it to | jhb | 2008-01-08 | 3 | -0/+187 |
| * | Fix a MAC label leak for POSIX semaphores, in which per-policy labels | rwatson | 2007-12-17 | 1 | -0/+1 |
| * | Garbage collect mac_mbuf_create_multicast_encap TrustedBSD MAC Framework | rwatson | 2007-10-28 | 3 | -22/+0 |
| * | Continue to move from generic network entry points in the TrustedBSD MAC | rwatson | 2007-10-28 | 4 | -20/+41 |
| * | Move towards more explicit support for various network protocol stacks | rwatson | 2007-10-28 | 7 | -23/+188 |
| * | Update comment following MAC Framework entry point renaming and | rwatson | 2007-10-26 | 1 | -1/+6 |
| * | Rename 'mac_mbuf_create_from_firewall' to 'mac_netinet_firewall_send' as | rwatson | 2007-10-26 | 4 | -11/+11 |
| * | Sort entry points in mac_framework.h and mac_policy.h alphabetically by | rwatson | 2007-10-25 | 2 | -629/+574 |
