#
2b3f93ea |
| 13-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed.
Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
show more ...
|
Revision tags: v6.4.0, v6.4.0rc1, v6.5.0, v6.2.2, v6.2.1, v6.2.0, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2, v5.8.1 |
|
#
d147c943 |
| 28-Mar-2020 |
Sascha Wildner <saw@online.de> |
kernel: Remove <sys/mutex.h> from all files that don't need it (2/2).
98% of these were remains from porting from FreeBSD which could have been removed after converting to lockmgr(), etc.
Due to an
kernel: Remove <sys/mutex.h> from all files that don't need it (2/2).
98% of these were remains from porting from FreeBSD which could have been removed after converting to lockmgr(), etc.
Due to an issue in my checking earlier, not everything was cleaned up correctly.
show more ...
|
Revision tags: v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3 |
|
#
691f0a75 |
| 23-Oct-2019 |
Sascha Wildner <saw@online.de> |
world/kernel: Use the {set,clr}bit() and is{set,clr}() macros a bit more.
Tested-by: zrj
|
Revision tags: v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2, v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1, v5.2.0, v5.3.0, v5.2.0rc, v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1, v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0, v4.4.3, v4.4.2, v4.4.1, v4.4.0, v4.5.0, v4.4.0rc, v4.2.4, v4.3.1, v4.2.3, v4.2.1, v4.2.0, v4.0.6, v4.3.0, v4.2.0rc, v4.0.5, v4.0.4 |
|
#
e1a08f23 |
| 22-Feb-2015 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
kernel/usb4bsd: Update uhci and ohci drivers
|
Revision tags: v4.0.3, v4.0.2, v4.0.1, v4.0.0, v4.0.0rc3, v4.0.0rc2, v4.0.0rc, v4.1.0, v3.8.2, v3.8.1, v3.6.3, v3.8.0, v3.8.0rc2, v3.9.0, v3.8.0rc, v3.6.2, v3.6.1 |
|
#
d5eda170 |
| 06-Jan-2014 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
Sync ohci code with FreeBSD
|
Revision tags: v3.6.0, v3.7.1, v3.6.0rc, v3.7.0, v3.4.3 |
|
#
57bed822 |
| 11-Aug-2013 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: Synchronise with FreeBSD r254159
|
Revision tags: v3.4.2 |
|
#
7fd4e1a1 |
| 04-May-2013 |
Sascha Wildner <saw@online.de> |
Use C99 __func__ instead of __FUNCTION__.
|
Revision tags: v3.4.0, v3.4.1, v3.4.0rc, v3.5.0, v3.2.2, v3.2.1, v3.2.0, v3.3.0 |
|
#
63da4a34 |
| 01-Oct-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Cleanup pass.
* Adjust indentation, whitespace and typos.
* Uniformly use #if 0 to deactivate code instead of C comments.
|
#
722d05c3 |
| 26-Sep-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Perform the usual porting on the controller, storage and core code.
malloc -> kmalloc, printf -> kprintf, locking, and so forth.
Submitted-by: Markus Pfeiffer <markus.pfeiffer@morphism.de>
|
#
12bd3c8b |
| 25-Sep-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Bring in FreeBSD's libusbhid, usbhidctl and USB kernel code.
In order to make it live peacefully along with our old USB code, name all directories with new USB code *u4b* instead of *usb*.
usb4bsd: Bring in FreeBSD's libusbhid, usbhidctl and USB kernel code.
In order to make it live peacefully along with our old USB code, name all directories with new USB code *u4b* instead of *usb*.
This is FreeBSD SVN r231881.
Submitted-by: Markus Pfeiffer <markus.pfeiffer@morphism.de>
show more ...
|