#
2b3f93ea |
| 13-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed.
Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
show more ...
|
Revision tags: v6.4.0, v6.4.0rc1, v6.5.0, v6.2.2, v6.2.1, v6.2.0, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2, v5.8.1 |
|
#
d147c943 |
| 28-Mar-2020 |
Sascha Wildner <saw@online.de> |
kernel: Remove <sys/mutex.h> from all files that don't need it (2/2).
98% of these were remains from porting from FreeBSD which could have been removed after converting to lockmgr(), etc.
Due to an
kernel: Remove <sys/mutex.h> from all files that don't need it (2/2).
98% of these were remains from porting from FreeBSD which could have been removed after converting to lockmgr(), etc.
Due to an issue in my checking earlier, not everything was cleaned up correctly.
show more ...
|
Revision tags: v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3, v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2, v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1, v5.2.0, v5.3.0, v5.2.0rc, v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1, v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0, v4.4.3, v4.4.2, v4.4.1, v4.4.0, v4.5.0, v4.4.0rc, v4.2.4, v4.3.1, v4.2.3, v4.2.1, v4.2.0, v4.0.6, v4.3.0, v4.2.0rc, v4.0.5, v4.0.4 |
|
#
dc2ab49e |
| 22-Feb-2015 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
kernel/usb4bsd: Apply FreeBSD r277417
Fix returned data for the USB_GET_DEV_PORT_PATH IOCTL in particular the value returned in the "udp_port_level" field.
|
Revision tags: v4.0.3 |
|
#
7810100d |
| 08-Jan-2015 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: Sync with FreeBSD r276791
|
Revision tags: v4.0.2, v4.0.1, v4.0.0, v4.0.0rc3, v4.0.0rc2, v4.0.0rc, v4.1.0, v3.8.2, v3.8.1, v3.6.3, v3.8.0, v3.8.0rc2, v3.9.0, v3.8.0rc, v3.6.2, v3.6.1 |
|
#
8922de18 |
| 06-Jan-2014 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
Sync sys/bus/u4b/* with FreeBSD
|
Revision tags: v3.6.0, v3.7.1, v3.6.0rc, v3.7.0, v3.4.3 |
|
#
57bed822 |
| 11-Aug-2013 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: Synchronise with FreeBSD r254159
|
Revision tags: v3.4.2, v3.4.0, v3.4.1, v3.4.0rc, v3.5.0, v3.2.2, v3.2.1 |
|
#
3a76bbe8 |
| 10-Oct-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Fixes, fixes, fixes.
* Fix a panic when trying to free null pointer in usb_free_device.
* Fix a panic due to wrong assignment of locks.
* Fix kqueue handling.
* Add debug helpers.
Submi
usb4bsd: Fixes, fixes, fixes.
* Fix a panic when trying to free null pointer in usb_free_device.
* Fix a panic due to wrong assignment of locks.
* Fix kqueue handling.
* Add debug helpers.
Submitted-by: Markus Pfeiffer <markus.pfeiffer@morphism.de>
show more ...
|
Revision tags: v3.2.0, v3.3.0 |
|
#
63da4a34 |
| 01-Oct-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Cleanup pass.
* Adjust indentation, whitespace and typos.
* Uniformly use #if 0 to deactivate code instead of C comments.
|
#
722d05c3 |
| 26-Sep-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Perform the usual porting on the controller, storage and core code.
malloc -> kmalloc, printf -> kprintf, locking, and so forth.
Submitted-by: Markus Pfeiffer <markus.pfeiffer@morphism.de>
|
#
12bd3c8b |
| 25-Sep-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Bring in FreeBSD's libusbhid, usbhidctl and USB kernel code.
In order to make it live peacefully along with our old USB code, name all directories with new USB code *u4b* instead of *usb*.
usb4bsd: Bring in FreeBSD's libusbhid, usbhidctl and USB kernel code.
In order to make it live peacefully along with our old USB code, name all directories with new USB code *u4b* instead of *usb*.
This is FreeBSD SVN r231881.
Submitted-by: Markus Pfeiffer <markus.pfeiffer@morphism.de>
show more ...
|