kernel - Add per-process capability-based restrictions* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed. Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features.* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)* Add sys/caps.h* Add the "setcaps" userland utility and manual page.* Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure.* The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
show more ...
kernel: Remove <sys/mutex.h> from all files that don't need it (2/2).98% of these were remains from porting from FreeBSD which could havebeen removed after converting to lockmgr(), etc.Due to an
kernel: Remove <sys/mutex.h> from all files that don't need it (2/2).98% of these were remains from porting from FreeBSD which could havebeen removed after converting to lockmgr(), etc.Due to an issue in my checking earlier, not everything was cleaned upcorrectly.
kernel - Change callout in struct ccb_hdr* Change the callout declaration in struct ccb_hdr from an embedded structure to a pointer, add padding to get the whole structure to its original size
kernel - Change callout in struct ccb_hdr* Change the callout declaration in struct ccb_hdr from an embedded structure to a pointer, add padding to get the whole structure to its original size (prior to the recent callout patch).* This removes an improper ABI dependency on the kernel struct callout structure which was causing 'camcontrol', and 'smartctl' (from smartmontools) to fail.Testing: dillon, tuxillo
kernel: Remove unused *.h files from SRCS in kernel module Makefiles. (2)Forgot two Makefiles.
kernel: Remove unused *.h files from SRCS in kernel module Makefiles.They were found by checking the preprocessed code of the filesin SRCS to see if the header was included at some point.After r
kernel: Remove unused *.h files from SRCS in kernel module Makefiles.They were found by checking the preprocessed code of the filesin SRCS to see if the header was included at some point.After removal, the preprocessed source of a build with the oldMakefiles was compared against one with the changes (for variouskernel configurations and when building just from /usr/src) toverify that the commit leads to no functional change.
usb4bsd: Cleanup pass1.* Uniformly use #if 0 to deactivate code instead of C comments.* Move MODULE macros after struct declarations.
usb4bsd: Cleanup pass0.* Adjust indentation, whitespace and typos.
kernel/usb4bsd: Unbreak building with USB_DEBUG in the config.
usb - Update bus/u4b* Update bus/u4b from FreeBSD to commit 3121e258c76aa, 10 March 2015, with the following commit message: Lock softc before clearing bits.* Some bits not updated. Som
usb - Update bus/u4b* Update bus/u4b from FreeBSD to commit 3121e258c76aa, 10 March 2015, with the following commit message: Lock softc before clearing bits.* Some bits not updated. Some changes around the MSI handling work differently in DFly so I punted on that. And the serial/tty in FreeBSD is a bit different, particular this 'pps' stuff.* Numerous bits of code currently conditionalized out use ABI features from FreeBSD, particularly RWTUN, which we do not yet have. Currently non-critical, we can fix these as the related code gets used (if the related code gets used).Reviewed-by: Markus Pfeiffer
kernel/usb4bsd: Change a pointer back to NULL.
FWIW, port and hook in the urio(4) storage driver.Taken-from: FreeBSD
kernel: Use NULL for pointers in DRIVER_MODULE().
u4b - Fix panic on certain cell phone connections* Remove incorrect unlock in ucom_close().* Add missing usb_callout_stop() to umass_cam_detach_sim(), fixes issue with umass if the mass-storage
u4b - Fix panic on certain cell phone connections* Remove incorrect unlock in ucom_close().* Add missing usb_callout_stop() to umass_cam_detach_sim(), fixes issue with umass if the mass-storage device quickly connects and disconnects from the bus.Reported-by: Rolinh
usb4bsd: Fix some SCSI handling in umassSet the sense data on probe.
kernel/usb4bsd: Add usbdevs.h to a few Makefile which need it.
Re-add the cam rescan yet again. I shouldn't delete this every time I merge.
Sync umass driver with FreeBSD
usb4bsd: re-add function for rescanning the SCSI bus after attach
usb4bsd: Synchronise with FreeBSD r254159
kernel/usb4bsd: Switch to generating usbdevs{,_data}.h during the build.Taken-from: FreeBSD
usb4bsd: Fix EHCIThis is a part of the sync with FreeBSD svn r242385
usb4bsd: Fix scsi sense handling in umass
Use C99 __func__ instead of __FUNCTION__.
kernel/u4b: sc is NULL here, so don't dereference it.
kernel: Use DEVMETHOD_END in the drivers.
12