summaryrefslogtreecommitdiffstats
path: root/sys
Commit message (Collapse)AuthorAgeFilesLines
* Spotted a couple of places where the socket buffer's counters were beingkbyanc2002-11-052-0/+8
| | | | | | | manipulated directly (rather than using sballoc()/sbfree()); update them to tweak the new sb_ctl field too. Sponsored by: NTT Multimedia Communications Labs
* Fix filt_soread() to properly flag a kevent when a 0-byte datagram iskbyanc2002-11-051-1/+1
| | | | | | | received. Verified by: dougb, Manfred Antar <null@pozo.com> Sponsored by: NTT Multimedia Communications Labs
* Correct merge-o: disable the right execve() variation if !MACrwatson2002-11-051-4/+4
|
* Update policy modules for changes in arguments associated with supportrwatson2002-11-056-12/+18
| | | | | for label access on the interpreter, not just the shell script. No policies currently present in the system rely on the new labels.
* Bring in two sets of changes:rwatson2002-11-0516-76/+617
| | | | | | | | | | | | | | | | | | | | | | (1) Permit userland applications to request a change of label atomic with an execve() via mac_execve(). This is required for the SEBSD port of SELinux/FLASK. Attempts to invoke this without MAC compiled in result in ENOSYS, as with all other MAC system calls. Complexity, if desired, is present in policy modules, rather than the framework. (2) Permit policies to have access to both the label of the vnode being executed as well as the interpreter if it's a shell script or related UNIX nonsense. Because we can't hold both vnode locks at the same time, cache the interpreter label. SEBSD relies on this because it supports secure transitioning via shell script executables. Other policies might want to take both labels into account during an integrity or confidentiality decision at execve()-time. Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* Regen.rwatson2002-11-055-7/+16
|
* Flesh out the definition of __mac_execve(): per earlier discussion,rwatson2002-11-051-1/+2
| | | | | | | | it's essentially execve() with an optional MAC label argument. Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* Since neither the Biba policy nor the MLS policy make use ofrwatson2002-11-052-46/+0
| | | | | | | transitioning, remove their transition entry points. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* Grab 181 for HP/Compaq ProLiant advanced server management driverpeter2002-11-051-0/+1
|
* Assert that appropriate vnodes are locked in mac_execve_will_transition().rwatson2002-11-059-0/+72
| | | | | | | | Allow transitioning to be twiddled off using the process and fs enforcement flags, although at some point this should probably be its own flag. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* Hook up the mac_will_execve_transition() and mac_execve_transition()rwatson2002-11-051-0/+15
| | | | | | | | | | | | | | | | | entrypoints, #ifdef MAC. The supporting logic already existed in kern_mac.c, so no change there. This permits MAC policies to cause a process label change as the result of executing a binary -- typically, as a result of executing a specially labeled binary. For example, the SEBSD port of SELinux/FLASK uses this functionality to implement TE type transitions on processes using transitioning binaries, in a manner similar to setuid. Policies not implementing a notion of transition (all the ones in the tree right now) require no changes, since the old label data is copied to the new label via mac_create_cred() even if a transition does occur. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* Typo in comment: commmand -> commandkeramida2002-11-051-1/+1
| | | | Reviewed by: jhb
* Wrap function prototype declarations in __BEGIN_DECLS to do the right thingjmallett2002-11-051-0/+4
| | | | | | | | | with them in non-C cases, outside of the kernel. Include <sys/cdefs.h> for __BEGIN_DECLS/__END_DECLS as other headers seem to do in this area. Requested by: Patrick Hartling <patrick@137.org>
* Remove undefined variable.mdodd2002-11-051-1/+1
| | | | Somehow this didn't make it in the last commits.
* Style/whitespace changes.mdodd2002-11-051-82/+78
|
* Fix for GEOM.mdodd2002-11-052-56/+11
| | | | Tested on: i386
* - Convert to newbus, bus_space etc.mdodd2002-11-0512-2101/+605
| | | | | | - Move to MI space. Tested on: i386
* o Remove devices that are commented out.marcel2002-11-051-10/+4
| | | | | | o Enable sc o Remove NO_GEOM. We need GEOM for GPT. o Remove NO_CPU_COPTFLAGS.
* Remove mcclock. It's an Alpha left-over.marcel2002-11-051-2/+0
|
* Fix typo. ioport_rid should be irq_rid.davidxu2002-11-053-3/+3
|
* Sony CXD3222 OHCI i.LINK chips needs more DELAY before starting SCLKsimokawa2002-11-051-1/+1
| | | | when no devices are connected.
* Remove reference to struct execve_args from struct imgact, whichrwatson2002-11-055-21/+46
| | | | | | | | | | | | | | | | | describes an image activation instance. Instead, make use of the existing fname structure entry, and introduce two new entries, userspace_argv, and userspace_envv. With the addition of mac_execve(), this divorces the image structure from the specifics of the execve() system call, removes a redundant pointer, etc. No semantic change from current behavior, but it means that the structure doesn't depend on syscalls.master-generated includes. There seems to be some redundant initialization of imgact entries, which I have maintained, but which could probably use some cleaning up at some point. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* Slight redesign for fitting in with -current.julian2002-11-051-27/+50
|
* Export the function vm_page_splay().alc2002-11-042-1/+2
|
* Call pcm_chn_destroy() in pcm_killchan() so that channel mutexes are ↵cognet2002-11-041-1/+7
| | | | | | | destroyed and struct pcm_channel freed. Reviewed by: cg MFC after: 3 days
* Implement mpo_check_system_acct and mpo_check_system_settime() for Biba:rwatson2002-11-041-0/+46
| | | | | | | | | | require Biba privilege to configure either, and require that accounting files be high integrity. Note that this does allow implicit information flow from low to high integrity, but it also protects the integrity of accounting data. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* Correct use of mac_biba_subject_privileged() in swapon() code.rwatson2002-11-041-2/+4
| | | | | Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* Permit MAC policies to instrument the access control decisions forrwatson2002-11-0416-2/+315
| | | | | | | | | | | system accounting configuration and for nfsd server thread attach. Policies might use this to protect the integrity or confidentiality of accounting data, limit the ability to turn on or off accounting, as well as to prevent inappropriately labeled threads from becoming nfs server threads. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* Remove mac_cache_fslabel_in_vnode sysctl -- with the new VFS/MACrwatson2002-11-049-54/+0
| | | | | | | construction, labels are always cached. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* Polish a bit here and there.phk2002-11-042-10/+18
| | | | | | Reenable the geom.ctl device so people can play with gbde. Sponsored by: DARPA & NAI Labs
* Run a revision on the GBDE encryption facility.phk2002-11-045-244/+429
| | | | | | | | | | | | | | | | | | | | Replace ARC4 with SHA2-512. Change lock-structure encoding to use random ordering rather for obscurity. Encrypt lock-structure with AES/256 instead of AES/128. Change kkey derivation to be MD5 hash based. Watch for malloc(M_NOWAIT) failures and ditch our cache when they happen. Remove clause 3 of the license with NAI Labs consent. Many thanks to "Lucky Green" <shamrock@cypherpunks.to> and "David Wagner" <daw@cs.berkeley.edu>, for code reading, inputs and suggestions. This code has still not been stared at for 10 years by a gang of hard-core cryptographers. Discretion advised. NB: These changes result in the on-disk format changing: dump/restore needed. Sponsored by: DARPA & NAI Labs.
* Add debug.doslowdown to enable/disable niced slowdown on I/O. Defaultmckusick2002-11-041-1/+5
| | | | | | to off until locking interference issues get sorted out. Sponsored by: DARPA & NAI Labs.
* Reject slices where begin == end.phk2002-11-041-11/+11
| | | | | | Remove clause 3 from the license with NAI Labs consent. Sponsored by: DARPA & NAI Labs
* Remove clause 3 in the license with NAI's consent.phk2002-11-041-6/+6
| | | | | | | Reject slices with type==0. Diddle the bootverbose printfs. Sponsored by: DARPA & NAI Labs
* Detach the pccard bus children when we eject a 16-bit card, not theimp2002-11-041-1/+1
| | | | 32-bit ones. This was introduced in the last commit.
* Update licenses and wording: NAI has authorized the removal of clause threerwatson2002-11-042-14/+8
| | | | | of their BSD-style license; also, carry out the NAI Labs -> Network Associates Laboratories renaming in these files.
* License and wording updates: NAI has authorized the removal of clauserwatson2002-11-0413-91/+52
| | | | | three from their BSD-style license. Also, s/NAI Labs/Network Associates Laboratories/.
* License clarification and wording changes: NAI has approved removal ofrwatson2002-11-0413-91/+52
| | | | | clause three, and NAI Labs now goes by the name Network Associates Laboratories.
* Add GPT entry types for partitions we're likely to encounter in themarcel2002-11-031-0/+23
| | | | | wild. These include MS partitions and Linux partitions. At this time there's no evidence that HP-UX uses GPT.
* Hook the aic7xxx modules up. This requires some extra care since aicasmscottl2002-11-035-32/+16
| | | | | | | | is a compiler tool and needs to be compiled by the host compiler. I've tested this in i386->sparc cross-build, 4.7->current upgrade, normal buildkernel target, and normal /sys/i386/compile/GENERIC configurations. Submitted by: ru
* - Remove the memory allocation for the object/offset hash tablealc2002-11-031-45/+2
| | | | | | | | because it's no longer used. (See revision 1.215.) - Fix a harmless bug: the number of vm_page structures allocated wasn't properly adjusted when uma_bootstrap() was introduced. Consequently, we were allocating 30 unused vm_page structures. - Wrap a long line.
* Correctly recognize both bogus and genuine BSD disklabels.phk2002-11-031-1/+4
| | | | | | Don't expect me to participate in a discussion which is which. Sponsored by: DARPA & NAI Labs.
* Add status initialization code for acpi_cmbat and acpi_acad,iwasaki2002-11-032-7/+120
| | | | | | | | acpi_cmbat_init_battery() and acpi_cmbat_init_acline() respectively. Call acpi_cmbat_init_battery() from acpi_cmbat_resume() too just in case. This is a workaround for embedded controller operations which is unstable for about a minute (typically 30 or 40 sec.) at boot time.
* Enable if_fwe.simokawa2002-11-031-1/+1
|
* Add hints for wd1, wd2 and wd3.nyan2002-11-031-6/+6
|
* Introduce mac_check_system_settime(), a MAC check allowing policies torwatson2002-11-0314-0/+134
| | | | | | | augment the system policy for changing the system time. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* Change privilege model for mac_partition such that BSD superuser can changerwatson2002-11-031-6/+4
| | | | | | | | the partition once a partition has been set. This is required for correct operation of sendmail between partitions. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* Sync to src/sys/kern/syscalls.masterrwatson2002-11-023-3/+3
|
* Regen from yesterday's system call placeholder rename.rwatson2002-11-025-7/+7
|
* MFp4:imp2002-11-024-49/+38
| | | | | | | | | | | | | | | o Always release the resources on device detach. o Attach resources the same with driver added as we do we do in the insert case (maybe this should be a routine). o signal the wakeup of the thread on resume instead of trying to force an interrupt. o Minor debug hacks. o use 0xffffffff instead of -1 for uint32_t items. o Don't complain when we're asked to detach no cards. This is normal. o Eliminate the now worthless second parameter to card_detach_card. o minor style(9)isms Some of these patches may be from: iwasaki-san, jhb, iadowse
OpenPOWER on IntegriCloud