| #
2b3f93ea |
| 13-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restrictions
are inherited by sub-processes recursively. Once set, restrictions cannot
be removed.
Basic restrictions that mimic an unadorned jail can be enabled without
creating a jail, but generally speaking real security also requires
creating a chrooted filesystem topology, and a jail is still needed
to really segregate processes from each other. If you do so, however,
you can (for example) disable mount/umount and most global root-only
features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with
a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to
improve jailess security in the near future, and to optimize the
priv_check code.
show more ...
|
|
Revision tags: v6.4.0, v6.4.0rc1, v6.5.0, v6.2.2, v6.2.1, v6.2.0, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2, v5.8.1 |
|
| #
d147c943 |
| 28-Mar-2020 |
Sascha Wildner <saw@online.de> |
kernel: Remove <sys/mutex.h> from all files that don't need it (2/2).
98% of these were remains from porting from FreeBSD which could have
been removed after converting to lockmgr(), etc.
Due to an
kernel: Remove <sys/mutex.h> from all files that don't need it (2/2).
98% of these were remains from porting from FreeBSD which could have
been removed after converting to lockmgr(), etc.
Due to an issue in my checking earlier, not everything was cleaned up
correctly.
show more ...
|
|
Revision tags: v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3 |
|
| #
691f0a75 |
| 23-Oct-2019 |
Sascha Wildner <saw@online.de> |
world/kernel: Use the {set,clr}bit() and is{set,clr}() macros a bit more.
Tested-by: zrj
|
|
Revision tags: v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2, v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1, v5.2.0, v5.3.0, v5.2.0rc |
|
| #
bff82488 |
| 20-Mar-2018 |
Aaron LI <aly@aaronly.me> |
<net/if.h>: Do not include <net/if_var.h> for _KERNEL
* Clean up an ancient leftover: do not include <net/if_var.h> from <net/if.h>
for kernel stuffs.
* Adjust various files to include the necess
<net/if.h>: Do not include <net/if_var.h> for _KERNEL
* Clean up an ancient leftover: do not include <net/if_var.h> from <net/if.h>
for kernel stuffs.
* Adjust various files to include the necessary <net/if_var.h> header.
NOTE:
I have also tested removing the inclusion of <net/if.h> from <net/if_var.h>,
therefore add <net/if.h> inclusion for those files that need it but only
included <net/if_var.h>. For some files, the header inclusion orderings are
also adjusted.
show more ...
|
|
Revision tags: v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1, v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0, v4.4.3, v4.4.2 |
|
| #
15130067 |
| 22-Jan-2016 |
zrj <rimvydas.jasinskas@gmail.com> |
usb4bsd: Cleanup pass1.
* Uniformly use #if 0 to deactivate code instead of C comments.
* Move MODULE macros after struct declarations.
|
|
Revision tags: v4.4.1, v4.4.0, v4.5.0, v4.4.0rc, v4.2.4, v4.3.1, v4.2.3, v4.2.1, v4.2.0, v4.0.6, v4.3.0, v4.2.0rc, v4.0.5 |
|
| #
a9b765b7 |
| 12-Mar-2015 |
Sascha Wildner <saw@online.de> |
kernel/usb4bsd: Unbreak building with USB_DEBUG in the config.
|
| #
dd681da6 |
| 12-Mar-2015 |
Matthew Dillon <dillon@apollo.backplane.com> |
usb - Update bus/u4b
* Update bus/u4b from FreeBSD to commit 3121e258c76aa, 10 March 2015,
with the following commit message:
Lock softc before clearing bits.
* Some bits not updated. Som
usb - Update bus/u4b
* Update bus/u4b from FreeBSD to commit 3121e258c76aa, 10 March 2015,
with the following commit message:
Lock softc before clearing bits.
* Some bits not updated. Some changes around the MSI handling work
differently in DFly so I punted on that. And the serial/tty in FreeBSD
is a bit different, particular this 'pps' stuff.
* Numerous bits of code currently conditionalized out use ABI features
from FreeBSD, particularly RWTUN, which we do not yet have. Currently
non-critical, we can fix these as the related code gets used (if the
related code gets used).
Reviewed-by: Markus Pfeiffer
show more ...
|
|
Revision tags: v4.0.4, v4.0.3, v4.0.2, v4.0.1, v4.0.0, v4.0.0rc3, v4.0.0rc2, v4.0.0rc, v4.1.0, v3.8.2, v3.8.1, v3.6.3, v3.8.0, v3.8.0rc2, v3.9.0, v3.8.0rc, v3.6.2 |
|
| #
bb57f329 |
| 25-Feb-2014 |
Sascha Wildner <saw@online.de> |
kernel/usb4bsd: Small -Wunused-variable fix from FreeBSD.
|
|
Revision tags: v3.6.1, v3.6.0, v3.7.1, v3.6.0rc, v3.7.0, v3.4.3 |
|
| #
989856f5 |
| 20-Aug-2013 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd/udav sync driver with FreeBSD
|
| #
ef4aa9ff |
| 23-Aug-2013 |
Sascha Wildner <saw@online.de> |
kernel/usb4bsd: Switch to generating usbdevs{,_data}.h during the build.
Taken-from: FreeBSD
|
| #
ac9843a1 |
| 04-Jun-2013 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
ifq: Remove the unused parameter 'mpolled' from ifq dequeue interface
The ifq_poll() -> ifq_dequeue() model is not MPSAFE, and mpolled has
not been used, i.e. set to NULL, for years; time to let it
ifq: Remove the unused parameter 'mpolled' from ifq dequeue interface
The ifq_poll() -> ifq_dequeue() model is not MPSAFE, and mpolled has
not been used, i.e. set to NULL, for years; time to let it go.
show more ...
|
|
Revision tags: v3.4.2, v3.4.0, v3.4.1, v3.4.0rc, v3.5.0 |
|
| #
d3c9c58e |
| 20-Feb-2013 |
Sascha Wildner <saw@online.de> |
kernel: Use DEVMETHOD_END in the drivers.
|
| #
d40991ef |
| 13-Feb-2013 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
if: Per-cpu ifnet/ifaddr statistics, step 1/3
Wrap ifnet/ifaddr stats updating, setting and extraction into macros;
ease upcoming changes.
|
|
Revision tags: v3.2.2, v3.2.1 |
|
| #
15f415f6 |
| 12-Oct-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Use NULL for pointers.
|
| #
cb652d71 |
| 12-Oct-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd/if_udav: Comment out a variable (usage is not yet enabled).
|
| #
b946173a |
| 11-Oct-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Port network devices (uether, udav, axe) and hook into build.
Submitted-by: Markus Pfeiffer <markus.pfeiffer@morphism.de>
|
|
Revision tags: v3.2.0, v3.3.0 |
|
| #
12bd3c8b |
| 25-Sep-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Bring in FreeBSD's libusbhid, usbhidctl and USB kernel code.
In order to make it live peacefully along with our old USB code, name
all directories with new USB code *u4b* instead of *usb*.
usb4bsd: Bring in FreeBSD's libusbhid, usbhidctl and USB kernel code.
In order to make it live peacefully along with our old USB code, name
all directories with new USB code *u4b* instead of *usb*.
This is FreeBSD SVN r231881.
Submitted-by: Markus Pfeiffer <markus.pfeiffer@morphism.de>
show more ...
|