| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
manipulated directly (rather than using sballoc()/sbfree()); update them
to tweak the new sb_ctl field too.
Sponsored by: NTT Multimedia Communications Labs
|
|
|
|
|
|
|
| |
received.
Verified by: dougb, Manfred Antar <null@pozo.com>
Sponsored by: NTT Multimedia Communications Labs
|
| |
|
|
|
|
|
| |
for label access on the interpreter, not just the shell script. No
policies currently present in the system rely on the new labels.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(1) Permit userland applications to request a change of label atomic
with an execve() via mac_execve(). This is required for the
SEBSD port of SELinux/FLASK. Attempts to invoke this without
MAC compiled in result in ENOSYS, as with all other MAC system
calls. Complexity, if desired, is present in policy modules,
rather than the framework.
(2) Permit policies to have access to both the label of the vnode
being executed as well as the interpreter if it's a shell
script or related UNIX nonsense. Because we can't hold both
vnode locks at the same time, cache the interpreter label.
SEBSD relies on this because it supports secure transitioning
via shell script executables. Other policies might want to
take both labels into account during an integrity or
confidentiality decision at execve()-time.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
|
|
|
|
| |
it's essentially execve() with an optional MAC label argument.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
|
|
|
| |
transitioning, remove their transition entry points.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
|
|
|
|
| |
Allow transitioning to be twiddled off using the process and fs enforcement
flags, although at some point this should probably be its own flag.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
entrypoints, #ifdef MAC. The supporting logic already existed in
kern_mac.c, so no change there. This permits MAC policies to cause
a process label change as the result of executing a binary --
typically, as a result of executing a specially labeled binary.
For example, the SEBSD port of SELinux/FLASK uses this functionality
to implement TE type transitions on processes using transitioning
binaries, in a manner similar to setuid. Policies not implementing
a notion of transition (all the ones in the tree right now) require
no changes, since the old label data is copied to the new label
via mac_create_cred() even if a transition does occur.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
| |
Reviewed by: jhb
|
|
|
|
|
|
|
|
|
| |
with them in non-C cases, outside of the kernel.
Include <sys/cdefs.h> for __BEGIN_DECLS/__END_DECLS as other headers seem
to do in this area.
Requested by: Patrick Hartling <patrick@137.org>
|
|
|
|
| |
Somehow this didn't make it in the last commits.
|
| |
|
|
|
|
| |
Tested on: i386
|
|
|
|
|
|
| |
- Move to MI space.
Tested on: i386
|
|
|
|
|
|
| |
o Enable sc
o Remove NO_GEOM. We need GEOM for GPT.
o Remove NO_CPU_COPTFLAGS.
|
| |
|
| |
|
|
|
|
| |
when no devices are connected.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
describes an image activation instance. Instead, make use of the
existing fname structure entry, and introduce two new entries,
userspace_argv, and userspace_envv. With the addition of
mac_execve(), this divorces the image structure from the specifics
of the execve() system call, removes a redundant pointer, etc.
No semantic change from current behavior, but it means that the
structure doesn't depend on syscalls.master-generated includes.
There seems to be some redundant initialization of imgact entries,
which I have maintained, but which could probably use some cleaning
up at some point.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
| |
|
|
|
|
|
|
|
| |
destroyed and struct pcm_channel freed.
Reviewed by: cg
MFC after: 3 days
|
|
|
|
|
|
|
|
|
|
| |
require Biba privilege to configure either, and require that accounting
files be high integrity. Note that this does allow implicit information
flow from low to high integrity, but it also protects the integrity
of accounting data.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
|
| |
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
|
|
|
|
|
|
|
| |
system accounting configuration and for nfsd server thread attach.
Policies might use this to protect the integrity or confidentiality
of accounting data, limit the ability to turn on or off accounting,
as well as to prevent inappropriately labeled threads from becoming nfs
server threads.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
|
|
|
| |
construction, labels are always cached.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
|
|
| |
Reenable the geom.ctl device so people can play with gbde.
Sponsored by: DARPA & NAI Labs
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace ARC4 with SHA2-512.
Change lock-structure encoding to use random ordering rather for obscurity.
Encrypt lock-structure with AES/256 instead of AES/128.
Change kkey derivation to be MD5 hash based.
Watch for malloc(M_NOWAIT) failures and ditch our cache when they happen.
Remove clause 3 of the license with NAI Labs consent.
Many thanks to "Lucky Green" <shamrock@cypherpunks.to> and "David
Wagner" <daw@cs.berkeley.edu>, for code reading, inputs and
suggestions.
This code has still not been stared at for 10 years by a gang of
hard-core cryptographers. Discretion advised.
NB: These changes result in the on-disk format changing: dump/restore needed.
Sponsored by: DARPA & NAI Labs.
|
|
|
|
|
|
| |
to off until locking interference issues get sorted out.
Sponsored by: DARPA & NAI Labs.
|
|
|
|
|
|
| |
Remove clause 3 from the license with NAI Labs consent.
Sponsored by: DARPA & NAI Labs
|
|
|
|
|
|
|
| |
Reject slices with type==0.
Diddle the bootverbose printfs.
Sponsored by: DARPA & NAI Labs
|
|
|
|
| |
32-bit ones. This was introduced in the last commit.
|
|
|
|
|
| |
of their BSD-style license; also, carry out the NAI Labs -> Network
Associates Laboratories renaming in these files.
|
|
|
|
|
| |
three from their BSD-style license. Also, s/NAI Labs/Network Associates
Laboratories/.
|
|
|
|
|
| |
clause three, and NAI Labs now goes by the name Network Associates
Laboratories.
|
|
|
|
|
| |
wild. These include MS partitions and Linux partitions. At this time
there's no evidence that HP-UX uses GPT.
|
|
|
|
|
|
|
|
| |
is a compiler tool and needs to be compiled by the host compiler. I've
tested this in i386->sparc cross-build, 4.7->current upgrade, normal
buildkernel target, and normal /sys/i386/compile/GENERIC configurations.
Submitted by: ru
|
|
|
|
|
|
|
|
| |
because it's no longer used. (See revision 1.215.)
- Fix a harmless bug: the number of vm_page structures allocated wasn't
properly adjusted when uma_bootstrap() was introduced. Consequently,
we were allocating 30 unused vm_page structures.
- Wrap a long line.
|
|
|
|
|
|
| |
Don't expect me to participate in a discussion which is which.
Sponsored by: DARPA & NAI Labs.
|
|
|
|
|
|
|
|
| |
acpi_cmbat_init_battery() and acpi_cmbat_init_acline() respectively.
Call acpi_cmbat_init_battery() from acpi_cmbat_resume() too just in
case.
This is a workaround for embedded controller operations which is
unstable for about a minute (typically 30 or 40 sec.) at boot time.
|
| |
|
| |
|
|
|
|
|
|
|
| |
augment the system policy for changing the system time.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
|
|
|
|
|
|
|
| |
the partition once a partition has been set. This is required for correct
operation of sendmail between partitions.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o Always release the resources on device detach.
o Attach resources the same with driver added as we do we do in the insert
case (maybe this should be a routine).
o signal the wakeup of the thread on resume instead of trying to force an
interrupt.
o Minor debug hacks.
o use 0xffffffff instead of -1 for uint32_t items.
o Don't complain when we're asked to detach no cards. This is normal.
o Eliminate the now worthless second parameter to card_detach_card.
o minor style(9)isms
Some of these patches may be from: iwasaki-san, jhb, iadowse
|