#
2b3f93ea |
| 13-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed.
Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
show more ...
|
Revision tags: v6.4.0, v6.4.0rc1, v6.5.0, v6.2.2, v6.2.1, v6.2.0, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2, v5.8.1, v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3, v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2, v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1, v5.2.0, v5.3.0, v5.2.0rc, v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1, v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0, v4.4.3, v4.4.2 |
|
#
3b964699 |
| 22-Jan-2016 |
zrj <rimvydas.jasinskas@gmail.com> |
usb4bsd: Cleanup pass0.
* Adjust indentation, whitespace and typos.
|
Revision tags: v4.4.1, v4.4.0, v4.5.0, v4.4.0rc, v4.2.4, v4.3.1, v4.2.3, v4.2.1, v4.2.0, v4.0.6, v4.3.0, v4.2.0rc, v4.0.5 |
|
#
dd681da6 |
| 12-Mar-2015 |
Matthew Dillon <dillon@apollo.backplane.com> |
usb - Update bus/u4b
* Update bus/u4b from FreeBSD to commit 3121e258c76aa, 10 March 2015, with the following commit message:
Lock softc before clearing bits.
* Some bits not updated. Som
usb - Update bus/u4b
* Update bus/u4b from FreeBSD to commit 3121e258c76aa, 10 March 2015, with the following commit message:
Lock softc before clearing bits.
* Some bits not updated. Some changes around the MSI handling work differently in DFly so I punted on that. And the serial/tty in FreeBSD is a bit different, particular this 'pps' stuff.
* Numerous bits of code currently conditionalized out use ABI features from FreeBSD, particularly RWTUN, which we do not yet have. Currently non-critical, we can fix these as the related code gets used (if the related code gets used).
Reviewed-by: Markus Pfeiffer
show more ...
|
Revision tags: v4.0.4, v4.0.3, v4.0.2, v4.0.1, v4.0.0, v4.0.0rc3, v4.0.0rc2, v4.0.0rc, v4.1.0, v3.8.2, v3.8.1, v3.6.3, v3.8.0, v3.8.0rc2, v3.9.0, v3.8.0rc, v3.6.2, v3.6.1 |
|
#
889d2066 |
| 06-Jan-2014 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
Add another controller to ohci_pci.c
|
Revision tags: v3.6.0, v3.7.1, v3.6.0rc, v3.7.0, v3.4.3 |
|
#
57bed822 |
| 11-Aug-2013 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: Synchronise with FreeBSD r254159
|
Revision tags: v3.4.2, v3.4.0, v3.4.1, v3.4.0rc, v3.5.0 |
|
#
d3c9c58e |
| 20-Feb-2013 |
Sascha Wildner <saw@online.de> |
kernel: Use DEVMETHOD_END in the drivers.
|
Revision tags: v3.2.2, v3.2.1 |
|
#
53e1b6a0 |
| 14-Oct-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd/controller: Use device_delete_children().
|
#
15f415f6 |
| 12-Oct-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Use NULL for pointers.
|
Revision tags: v3.2.0, v3.3.0 |
|
#
63da4a34 |
| 01-Oct-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Cleanup pass.
* Adjust indentation, whitespace and typos.
* Uniformly use #if 0 to deactivate code instead of C comments.
|
#
722d05c3 |
| 26-Sep-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Perform the usual porting on the controller, storage and core code.
malloc -> kmalloc, printf -> kprintf, locking, and so forth.
Submitted-by: Markus Pfeiffer <markus.pfeiffer@morphism.de>
|
#
12bd3c8b |
| 25-Sep-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Bring in FreeBSD's libusbhid, usbhidctl and USB kernel code.
In order to make it live peacefully along with our old USB code, name all directories with new USB code *u4b* instead of *usb*.
usb4bsd: Bring in FreeBSD's libusbhid, usbhidctl and USB kernel code.
In order to make it live peacefully along with our old USB code, name all directories with new USB code *u4b* instead of *usb*.
This is FreeBSD SVN r231881.
Submitted-by: Markus Pfeiffer <markus.pfeiffer@morphism.de>
show more ...
|