#
2b3f93ea |
| 13-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed.
Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
show more ...
|
Revision tags: v6.4.0, v6.4.0rc1, v6.5.0, v6.2.2, v6.2.1, v6.2.0, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2, v5.8.1 |
|
#
d147c943 |
| 28-Mar-2020 |
Sascha Wildner <saw@online.de> |
kernel: Remove <sys/mutex.h> from all files that don't need it (2/2).
98% of these were remains from porting from FreeBSD which could have been removed after converting to lockmgr(), etc.
Due to an
kernel: Remove <sys/mutex.h> from all files that don't need it (2/2).
98% of these were remains from porting from FreeBSD which could have been removed after converting to lockmgr(), etc.
Due to an issue in my checking earlier, not everything was cleaned up correctly.
show more ...
|
Revision tags: v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3 |
|
#
691f0a75 |
| 23-Oct-2019 |
Sascha Wildner <saw@online.de> |
world/kernel: Use the {set,clr}bit() and is{set,clr}() macros a bit more.
Tested-by: zrj
|
Revision tags: v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2, v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1, v5.2.0, v5.3.0, v5.2.0rc |
|
#
bff82488 |
| 20-Mar-2018 |
Aaron LI <aly@aaronly.me> |
<net/if.h>: Do not include <net/if_var.h> for _KERNEL
* Clean up an ancient leftover: do not include <net/if_var.h> from <net/if.h> for kernel stuffs.
* Adjust various files to include the necess
<net/if.h>: Do not include <net/if_var.h> for _KERNEL
* Clean up an ancient leftover: do not include <net/if_var.h> from <net/if.h> for kernel stuffs.
* Adjust various files to include the necessary <net/if_var.h> header.
NOTE: I have also tested removing the inclusion of <net/if.h> from <net/if_var.h>, therefore add <net/if.h> inclusion for those files that need it but only included <net/if_var.h>. For some files, the header inclusion orderings are also adjusted.
show more ...
|
Revision tags: v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1, v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0, v4.4.3, v4.4.2 |
|
#
15130067 |
| 22-Jan-2016 |
zrj <rimvydas.jasinskas@gmail.com> |
usb4bsd: Cleanup pass1.
* Uniformly use #if 0 to deactivate code instead of C comments.
* Move MODULE macros after struct declarations.
|
Revision tags: v4.4.1, v4.4.0, v4.5.0, v4.4.0rc, v4.2.4, v4.3.1, v4.2.3, v4.2.1, v4.2.0, v4.0.6, v4.3.0, v4.2.0rc, v4.0.5 |
|
#
a9b765b7 |
| 12-Mar-2015 |
Sascha Wildner <saw@online.de> |
kernel/usb4bsd: Unbreak building with USB_DEBUG in the config.
|
#
dd681da6 |
| 12-Mar-2015 |
Matthew Dillon <dillon@apollo.backplane.com> |
usb - Update bus/u4b
* Update bus/u4b from FreeBSD to commit 3121e258c76aa, 10 March 2015, with the following commit message:
Lock softc before clearing bits.
* Some bits not updated. Som
usb - Update bus/u4b
* Update bus/u4b from FreeBSD to commit 3121e258c76aa, 10 March 2015, with the following commit message:
Lock softc before clearing bits.
* Some bits not updated. Some changes around the MSI handling work differently in DFly so I punted on that. And the serial/tty in FreeBSD is a bit different, particular this 'pps' stuff.
* Numerous bits of code currently conditionalized out use ABI features from FreeBSD, particularly RWTUN, which we do not yet have. Currently non-critical, we can fix these as the related code gets used (if the related code gets used).
Reviewed-by: Markus Pfeiffer
show more ...
|
Revision tags: v4.0.4, v4.0.3, v4.0.2, v4.0.1, v4.0.0, v4.0.0rc3, v4.0.0rc2, v4.0.0rc, v4.1.0, v3.8.2, v3.8.1, v3.6.3, v3.8.0, v3.8.0rc2, v3.9.0, v3.8.0rc, v3.6.2 |
|
#
bb57f329 |
| 25-Feb-2014 |
Sascha Wildner <saw@online.de> |
kernel/usb4bsd: Small -Wunused-variable fix from FreeBSD.
|
Revision tags: v3.6.1, v3.6.0, v3.7.1, v3.6.0rc, v3.7.0, v3.4.3 |
|
#
989856f5 |
| 20-Aug-2013 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd/udav sync driver with FreeBSD
|
#
ef4aa9ff |
| 23-Aug-2013 |
Sascha Wildner <saw@online.de> |
kernel/usb4bsd: Switch to generating usbdevs{,_data}.h during the build.
Taken-from: FreeBSD
|
#
ac9843a1 |
| 04-Jun-2013 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
ifq: Remove the unused parameter 'mpolled' from ifq dequeue interface
The ifq_poll() -> ifq_dequeue() model is not MPSAFE, and mpolled has not been used, i.e. set to NULL, for years; time to let it
ifq: Remove the unused parameter 'mpolled' from ifq dequeue interface
The ifq_poll() -> ifq_dequeue() model is not MPSAFE, and mpolled has not been used, i.e. set to NULL, for years; time to let it go.
show more ...
|
Revision tags: v3.4.2, v3.4.0, v3.4.1, v3.4.0rc, v3.5.0 |
|
#
d3c9c58e |
| 20-Feb-2013 |
Sascha Wildner <saw@online.de> |
kernel: Use DEVMETHOD_END in the drivers.
|
#
d40991ef |
| 13-Feb-2013 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
if: Per-cpu ifnet/ifaddr statistics, step 1/3
Wrap ifnet/ifaddr stats updating, setting and extraction into macros; ease upcoming changes.
|
Revision tags: v3.2.2, v3.2.1 |
|
#
15f415f6 |
| 12-Oct-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Use NULL for pointers.
|
#
cb652d71 |
| 12-Oct-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd/if_udav: Comment out a variable (usage is not yet enabled).
|
#
b946173a |
| 11-Oct-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Port network devices (uether, udav, axe) and hook into build.
Submitted-by: Markus Pfeiffer <markus.pfeiffer@morphism.de>
|
Revision tags: v3.2.0, v3.3.0 |
|
#
12bd3c8b |
| 25-Sep-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Bring in FreeBSD's libusbhid, usbhidctl and USB kernel code.
In order to make it live peacefully along with our old USB code, name all directories with new USB code *u4b* instead of *usb*.
usb4bsd: Bring in FreeBSD's libusbhid, usbhidctl and USB kernel code.
In order to make it live peacefully along with our old USB code, name all directories with new USB code *u4b* instead of *usb*.
This is FreeBSD SVN r231881.
Submitted-by: Markus Pfeiffer <markus.pfeiffer@morphism.de>
show more ...
|