summaryrefslogtreecommitdiffstats
path: root/sys/security
Commit message (Expand)AuthorAgeFilesLines
* Regularize the vop_stdlock'ing protocol across all the filesystemsmckusick2002-10-141-4/+4
* Integrate mac_check_socket_send() and mac_check_socket_receive()rwatson2002-10-0610-0/+280
* Trim accidentally introduced trailing whitespace.rwatson2002-10-061-1/+1
* Sync from MAC tree: break out the single mmap entry point intorwatson2002-10-0615-200/+647
* Modify label allocation semantics for sockets: pass in soalloc's mallocrwatson2002-10-0515-120/+570
* Implement mac_create_devfs_symlink() for policies that interact withrwatson2002-10-055-0/+55
* Integrate a devfs/MAC fix from the MAC tree: avoid a race condition duringrwatson2002-10-0510-0/+110
* Merge implementation of mpo_check_vnode_link() for various appropriaterwatson2002-10-056-0/+113
* Merge support for mac_check_vnode_link(), a MAC framework/policy entryrwatson2002-10-0510-0/+246
* While the MAC API has supported the ability to handle M_NOWAIT passedrwatson2002-10-058-24/+88
* Rearrange object and label init/destroy functions to match therwatson2002-10-058-808/+808
* Sync to MAC tree: use 'flag' instead of 'how' for mac_init_mbuf();rwatson2002-10-058-24/+24
* Another big diff, little functional change: move label internalization,rwatson2002-10-058-520/+520
* Move all object label init/destroy routines to the head of therwatson2002-10-058-2280/+2280
* Synch from TrustedBSD MAC tree:rwatson2002-10-058-24/+200
* Cosmetic line wrap synchronization.rwatson2002-10-058-16/+32
* Push the debugging obect label counters into security.mac.debug.countersrwatson2002-10-058-88/+128
* Begin another merge from the TrustedBSD MAC branch:rwatson2002-10-0514-1422/+1107
* Add a new MAC entry point, mac_thread_userret(td), which permits policyrwatson2002-10-0210-0/+92
* Remember to include "opt_devfs.h" so we get any relevant changesphk2002-10-018-0/+8
* Improve locking of pipe mutexes in the context of MAC:rwatson2002-10-018-0/+272
* Push 'security.mac.debug_label_fallback' behind options MAC_DEBUG.rwatson2002-10-018-80/+112
* Add tunables for the existing sysctl twiddles for pipe and vmrwatson2002-09-308-0/+16
* - Use vrefcnt() instead of v_usecount.jeff2002-09-251-4/+4
* Remove another missed trailing space.rwatson2002-09-211-1/+1
* Trim trailing whitespace from the ends of lines.rwatson2002-09-212-23/+23
* Continue cleanup and sync of mac_biba and mac_mls policies to therwatson2002-09-212-26/+0
* Remove mac_biba_high_single() check for interface renaming: we nowrwatson2002-09-211-12/+0
* As INVARIANTS isn't supported for code that loads only as a kernelrwatson2002-09-212-4/+4
* Remove un-needed stack variable 'ops'.rwatson2002-09-188-24/+16
* Add a toggle to disable VM enforcement.rwatson2002-09-188-0/+56
* At the cost of seeming a little gauche, make use of more traditionalrwatson2002-09-188-32/+32
* Remove all use of vnode->v_tag, replacing with appropriate substitutes.njl2002-09-1410-34/+34
* Include <sys/malloc.h> instead of depending on namespace pollution 2bde2002-09-102-0/+2
* Add security.mac.mmap_revocation, a flag indicating whether werwatson2002-09-098-0/+64
* Minor code sync to MAC tree: push Giant locking up fromrwatson2002-09-098-16/+16
* Re-insert TUNABLE() export of MAC Biba and MAC MLS module 'enabled'rwatson2002-09-052-0/+2
* Include <sys/malloc.h> instead of depending on namespace pollution 2bde2002-09-058-48/+40
* Prefer NULL to 0 when passing a NULL pointer.rwatson2002-08-202-2/+2
* Provide stub mpo_syscall() implementations for mac_none and mac_test.rwatson2002-08-203-0/+27
* Close a race in process label changing opened due to dropping therwatson2002-08-198-56/+80
* Pass active_cred and file_cred into the MAC framework explicitlyrwatson2002-08-1916-156/+229
* Provide an implementation of mac_syscall() so that security modulesrwatson2002-08-1910-1/+318
* Break out mac_check_pipe_op() into component check entry points:rwatson2002-08-1915-97/+618
* Break out mac_check_vnode_op() into three seperate checks:rwatson2002-08-1915-148/+678
* Assert process locks in proces-related access control checks.rwatson2002-08-198-0/+48
* Add a missing vnode assertion for the exec() check.rwatson2002-08-198-0/+16
* Keep a copy of the credential used to mount filesystems around sophk2002-08-191-1/+1
* Wrap maintenance of varios nmac{objectname} counters in MAC_DEBUG so werwatson2002-08-168-0/+368
* Rename mac_check_socket_receive() to mac_check_socket_deliver() so thatrwatson2002-08-158-32/+32
OpenPOWER on IntegriCloud