| #
2b3f93ea |
| 13-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restrictions
are inherited by sub-processes recursively. Once set, restrictions cannot
be removed.
Basic restrictions that mimic an unadorned jail can be enabled without
creating a jail, but generally speaking real security also requires
creating a chrooted filesystem topology, and a jail is still needed
to really segregate processes from each other. If you do so, however,
you can (for example) disable mount/umount and most global root-only
features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with
a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to
improve jailess security in the near future, and to optimize the
priv_check code.
show more ...
|
|
Revision tags: v6.4.0, v6.4.0rc1, v6.5.0, v6.2.2, v6.2.1, v6.2.0, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2, v5.8.1, v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3, v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2, v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1, v5.2.0, v5.3.0, v5.2.0rc, v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1, v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0, v4.4.3, v4.4.2 |
|
| #
3b964699 |
| 22-Jan-2016 |
zrj <rimvydas.jasinskas@gmail.com> |
usb4bsd: Cleanup pass0.
* Adjust indentation, whitespace and typos.
|
|
Revision tags: v4.4.1, v4.4.0, v4.5.0, v4.4.0rc, v4.2.4, v4.3.1, v4.2.3, v4.2.1, v4.2.0, v4.0.6, v4.3.0, v4.2.0rc, v4.0.5 |
|
| #
dd681da6 |
| 12-Mar-2015 |
Matthew Dillon <dillon@apollo.backplane.com> |
usb - Update bus/u4b
* Update bus/u4b from FreeBSD to commit 3121e258c76aa, 10 March 2015,
with the following commit message:
Lock softc before clearing bits.
* Some bits not updated. Som
usb - Update bus/u4b
* Update bus/u4b from FreeBSD to commit 3121e258c76aa, 10 March 2015,
with the following commit message:
Lock softc before clearing bits.
* Some bits not updated. Some changes around the MSI handling work
differently in DFly so I punted on that. And the serial/tty in FreeBSD
is a bit different, particular this 'pps' stuff.
* Numerous bits of code currently conditionalized out use ABI features
from FreeBSD, particularly RWTUN, which we do not yet have. Currently
non-critical, we can fix these as the related code gets used (if the
related code gets used).
Reviewed-by: Markus Pfeiffer
show more ...
|
|
Revision tags: v4.0.4, v4.0.3, v4.0.2, v4.0.1, v4.0.0, v4.0.0rc3, v4.0.0rc2, v4.0.0rc, v4.1.0, v3.8.2, v3.8.1, v3.6.3, v3.8.0, v3.8.0rc2, v3.9.0, v3.8.0rc, v3.6.2, v3.6.1 |
|
| #
889d2066 |
| 06-Jan-2014 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
Add another controller to ohci_pci.c
|
|
Revision tags: v3.6.0, v3.7.1, v3.6.0rc, v3.7.0, v3.4.3 |
|
| #
57bed822 |
| 11-Aug-2013 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: Synchronise with FreeBSD r254159
|
|
Revision tags: v3.4.2, v3.4.0, v3.4.1, v3.4.0rc, v3.5.0 |
|
| #
d3c9c58e |
| 20-Feb-2013 |
Sascha Wildner <saw@online.de> |
kernel: Use DEVMETHOD_END in the drivers.
|
|
Revision tags: v3.2.2, v3.2.1 |
|
| #
53e1b6a0 |
| 14-Oct-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd/controller: Use device_delete_children().
|
| #
15f415f6 |
| 12-Oct-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Use NULL for pointers.
|
|
Revision tags: v3.2.0, v3.3.0 |
|
| #
63da4a34 |
| 01-Oct-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Cleanup pass.
* Adjust indentation, whitespace and typos.
* Uniformly use #if 0 to deactivate code instead of C comments.
|
| #
722d05c3 |
| 26-Sep-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Perform the usual porting on the controller, storage and core code.
malloc -> kmalloc, printf -> kprintf, locking, and so forth.
Submitted-by: Markus Pfeiffer <markus.pfeiffer@morphism.de>
|
| #
12bd3c8b |
| 25-Sep-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Bring in FreeBSD's libusbhid, usbhidctl and USB kernel code.
In order to make it live peacefully along with our old USB code, name
all directories with new USB code *u4b* instead of *usb*.
usb4bsd: Bring in FreeBSD's libusbhid, usbhidctl and USB kernel code.
In order to make it live peacefully along with our old USB code, name
all directories with new USB code *u4b* instead of *usb*.
This is FreeBSD SVN r231881.
Submitted-by: Markus Pfeiffer <markus.pfeiffer@morphism.de>
show more ...
|