summaryrefslogtreecommitdiffstats
path: root/sys/security
Commit message (Expand)AuthorAgeFilesLines
* Default policies to on: if you load them or compile them into yourrwatson2002-12-107-7/+7
* Remove dm_root entry from struct devfs_mount. It's never set, and isrwatson2002-12-0916-131/+164
* Remove a const that generates a warning: the const isn't strictlyrwatson2002-12-041-1/+1
* License tweak: remove clause 3 per permission of NAI.rwatson2002-12-032-6/+0
* Unhook the old LOMAC module, now replaced with mac_lomac.rwatson2002-12-0327-6787/+0
* Correct two warnings by staticizing a function and removing an unusedrwatson2002-11-261-11/+1
* Import an implementation of LOMAC (Low-Watermark Mandatory Accessrwatson2002-11-262-0/+2842
* Un-staticize mac_cred_mmapped_drop_perms() so that it may be usedrwatson2002-11-269-8/+9
* Introduce p_label, extensible security label storage for the MAC frameworkrwatson2002-11-2010-8/+204
* Merge kld access control checks from the MAC tree: these access controlrwatson2002-11-1910-0/+375
* Introduce a condition variable to avoid returning EBUSY whenrwatson2002-11-138-232/+416
* Garbage collect mac_create_devfs_vnode() -- it hasn't been used sincerwatson2002-11-1215-108/+0
* Garbage collect definition of M_MACOPVEC -- we no longer perform arwatson2002-11-118-16/+0
* Update MAC modules for changes in arguments for exec MAC policyrwatson2002-11-087-14/+68
* Add an explicit execlabel argument to exec-related MAC policy entryrwatson2002-11-089-27/+36
* Update policy modules for changes in arguments associated with supportrwatson2002-11-056-12/+18
* Bring in two sets of changes:rwatson2002-11-0510-55/+467
* Since neither the Biba policy nor the MLS policy make use ofrwatson2002-11-052-46/+0
* Assert that appropriate vnodes are locked in mac_execve_will_transition().rwatson2002-11-058-0/+64
* Implement mpo_check_system_acct and mpo_check_system_settime() for Biba:rwatson2002-11-041-0/+46
* Correct use of mac_biba_subject_privileged() in swapon() code.rwatson2002-11-041-2/+4
* Permit MAC policies to instrument the access control decisions forrwatson2002-11-0410-0/+253
* Remove mac_cache_fslabel_in_vnode sysctl -- with the new VFS/MACrwatson2002-11-048-48/+0
* License and wording updates: NAI has authorized the removal of clauserwatson2002-11-0413-91/+52
* License clarification and wording changes: NAI has approved removal ofrwatson2002-11-0410-70/+40
* Introduce mac_check_system_settime(), a MAC check allowing policies torwatson2002-11-0310-0/+106
* Change privilege model for mac_partition such that BSD superuser can changerwatson2002-11-031-6/+4
* Fix some warnings on 64 bit architectures. The vn_extattr_get()mux2002-11-022-4/+2
* Add MAC checks for various kenv() operations: dump, get, set, unset,rwatson2002-11-0110-0/+425
* Move to C99 sparse structure initialization for the mac_policy_opsrwatson2002-10-3018-6263/+734
* Various minor type, prototype tweaks -- clean up cruft due to lack ofrwatson2002-10-305-10/+10
* While 'mode_t' seemed like a good idea for the access mode argument forrwatson2002-10-3016-41/+41
* Try again to fix the KASSERT.rwatson2002-10-301-1/+1
* Fix a KASSERT bug that showed up only in the LINT build, not therwatson2002-10-301-1/+1
* Hook up no-op stubs for reboot, swapon, sysctl entry points.rwatson2002-10-292-0/+58
* Implement Biba policy entry points for mac_check_system_swapon()rwatson2002-10-291-0/+59
* Require Biba privilege to relabel a network interface.rwatson2002-10-291-0/+7
* Correct a typo in a previously commented include entry that was maderwatson2002-10-281-1/+1
* Remove all reference to 'struct oldmac', since it's no longer requiredrwatson2002-10-283-49/+61
* Add a return type for mac_biba_high_single(), apparently lost in anrwatson2002-10-281-0/+1
* Rename mac_biba_subject_equal_ok() to mac_biba_subject_privileged()rwatson2002-10-281-6/+6
* Zero the trusted_interface buffer before starting parsing.rwatson2002-10-281-0/+6
* An inappropriate ASSERT slipped in during the recent merge of therwatson2002-10-288-16/+0
* Centrally manage enforcement of {reboot,swapon,sysctl} using therwatson2002-10-278-104/+72
* Implement mac_check_system_sysctl(), a MAC Framework entry point torwatson2002-10-2710-0/+231
* Hook up mac_check_system_reboot(), a MAC Framework entry point thatrwatson2002-10-2710-0/+187
* Merge from MAC tree: rename mac_check_vnode_swapon() torwatson2002-10-2710-148/+148
* Slightly change the semantics of vnode labels for MAC: rather thanrwatson2002-10-2615-4159/+1099
* Comment describing the semantics of mac_late.rwatson2002-10-258-8/+48
* Provide a simple sample labeled access control policy, mac_partition.rwatson2002-10-232-0/+337
OpenPOWER on IntegriCloud