#
2b3f93ea |
| 13-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed.
Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
show more ...
|
Revision tags: v6.4.0, v6.4.0rc1, v6.5.0, v6.2.2, v6.2.1, v6.2.0, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2, v5.8.1, v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3 |
|
#
805c8e8e |
| 20-Oct-2019 |
zrj <rimvydas.jasinskas@gmail.com> |
kernel: Remove explicit dependencies on <sys/malloc.h> in headers.
All except <net/if_var.h> for now, it needs decoupling in drm first. * Include <sys/malloc.h> in foo.c if they have kmalloc()/kfr
kernel: Remove explicit dependencies on <sys/malloc.h> in headers.
All except <net/if_var.h> for now, it needs decoupling in drm first. * Include <sys/malloc.h> in foo.c if they have kmalloc()/kfree() calls. * Consistently check if MALLOC_DECLARE was declared before. * <sys/mountctl.h>: include <sys/thread.h> for _KERNEL_STRUCTURES too since the "struct journal" embeds "struct thread". * <sys/tty.h>: Only two kernel sources makes use of M_TTYS. * <sys/socketvar2.h>: Make it kernel only header.
show more ...
|
#
febebf83 |
| 20-Oct-2019 |
zrj <rimvydas.jasinskas@gmail.com> |
kernel: Minor whitespace cleanup in few sources (part 2).
Separated from next.
|
#
8aeffa9f |
| 16-Aug-2019 |
Roy Marples <roy@marples.name> |
route: Add support for route(4) message filtering.
This saves waking up listeners for messages they have no interest in. It also helps to reduce the chance of a receive buffer overflow.
Taken-from:
route: Add support for route(4) message filtering.
This saves waking up listeners for messages they have no interest in. It also helps to reduce the chance of a receive buffer overflow.
Taken-from: OpenBSD Reviewd-by: sephe
show more ...
|
#
aef87d48 |
| 14-Aug-2019 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
net/raw: Assert all APIs are called from netisr0.
Remove the raw pcb list lock, since thread serialization is used.
|
#
6622ec18 |
| 13-Aug-2019 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Fix SMP races in raw socket code
* The raw socket code was not properly dealing with SMP races in attach/detach verses receive processing. Replace the token with a lockmgr lock.
The
kernel - Fix SMP races in raw socket code
* The raw socket code was not properly dealing with SMP races in attach/detach verses receive processing. Replace the token with a lockmgr lock.
These issues never really caused an issue because raw sockets just aren't used very often, but they still need to be dealt with.
* SMP performance is not super-critical in this case so I just use a normal lock and keep it simple.
show more ...
|
Revision tags: v5.6.2 |
|
#
7eaeff3d |
| 07-Aug-2019 |
Roy Marples <roy@marples.name> |
socket: introduce SO_RERROR to detect receive buffer overflow
kernel receive buffers are initially of a limited size and generally the network protocols that use them don't care if a packet gets los
socket: introduce SO_RERROR to detect receive buffer overflow
kernel receive buffers are initially of a limited size and generally the network protocols that use them don't care if a packet gets lost.
However some users do care about lost messages even if not baked into the protocol - such as consumers of route(4) to track state.
POSIX states that read(2) can return an error of ENOBUFS so return this error code when an overflow is detected. Guard this with socket option SO_RERROR so that existing applications which do not care can carry on not caring by default.
Taken-from: NetBSD Reviewed-by: sephe
show more ...
|
Revision tags: v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2, v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1, v5.2.0, v5.3.0, v5.2.0rc |
|
#
8197aac2 |
| 31-Jan-2018 |
zrj <rimvydas.jasinskas@gmail.com> |
kernel: Avoid empty macros.
Suppresses last 11 -Wempty-body warnings.
|
Revision tags: v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1, v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0, v4.4.3, v4.4.2, v4.4.1, v4.4.0, v4.5.0, v4.4.0rc, v4.2.4, v4.3.1, v4.2.3, v4.2.1, v4.2.0, v4.0.6, v4.3.0, v4.2.0rc, v4.0.5, v4.0.4 |
|
#
b5523eac |
| 19-Feb-2015 |
Sascha Wildner <saw@online.de> |
kernel: Move us to using M_NOWAIT and M_WAITOK for mbuf functions.
The main reason is that our having to use the MB_WAIT and MB_DONTWAIT flags was a recurring issue when porting drivers from FreeBSD
kernel: Move us to using M_NOWAIT and M_WAITOK for mbuf functions.
The main reason is that our having to use the MB_WAIT and MB_DONTWAIT flags was a recurring issue when porting drivers from FreeBSD because it tended to get forgotten and the code would compile anyway with the wrong constants. And since MB_WAIT and MB_DONTWAIT ended up as ocflags for an objcache_get() or objcache_reclaimlist call (which use M_WAITOK and M_NOWAIT), it was just one big converting back and forth with some sanitization in between.
This commit allows M_* again for the mbuf functions and keeps the sanitizing as it was before: when M_WAITOK is among the passed flags, objcache functions will be called with M_WAITOK and when it is absent, they will be called with M_NOWAIT. All other flags are scrubbed by the MB_OCFLAG() macro which does the same as the former MBTOM().
Approved-by: dillon
show more ...
|
Revision tags: v4.0.3, v4.0.2, v4.0.1, v4.0.0, v4.0.0rc3, v4.0.0rc2, v4.0.0rc, v4.1.0, v3.8.2, v3.8.1, v3.6.3, v3.8.0, v3.8.0rc2, v3.9.0, v3.8.0rc, v3.6.2, v3.6.1, v3.6.0, v3.7.1, v3.6.0rc, v3.7.0, v3.4.3 |
|
#
dc71b7ab |
| 31-May-2013 |
Justin C. Sherrill <justin@shiningsilence.com> |
Correct BSD License clause numbering from 1-2-4 to 1-2-3.
Apparently everyone's doing it: http://svnweb.freebsd.org/base?view=revision&revision=251069
Submitted-by: "Eitan Adler" <lists at eitanadl
Correct BSD License clause numbering from 1-2-4 to 1-2-3.
Apparently everyone's doing it: http://svnweb.freebsd.org/base?view=revision&revision=251069
Submitted-by: "Eitan Adler" <lists at eitanadler.com>
show more ...
|
Revision tags: v3.4.2 |
|
#
2702099d |
| 06-May-2013 |
Justin C. Sherrill <justin@shiningsilence.com> |
Remove advertising clause from all that isn't contrib or userland bin.
By: Eitan Adler <lists@eitanadler.com>
|
Revision tags: v3.4.0, v3.4.1, v3.4.0rc, v3.5.0, v3.2.2, v3.2.1, v3.2.0, v3.3.0, v3.0.3, v3.0.2, v3.0.1, v3.1.0, v3.0.0 |
|
#
86d7f5d3 |
| 26-Nov-2011 |
John Marino <draco@marino.st> |
Initial import of binutils 2.22 on the new vendor branch
Future versions of binutils will also reside on this branch rather than continuing to create new binutils branches for each new version.
|
Revision tags: v2.12.0, v2.13.0, v2.10.1, v2.11.0, v2.10.0, v2.9.1, v2.8.2, v2.8.1, v2.8.0, v2.9.0, v2.6.3, v2.7.3, v2.6.2, v2.7.2, v2.7.1, v2.6.1, v2.7.0, v2.6.0, v2.5.1, v2.4.1, v2.5.0, v2.4.0, v2.3.2, v2.3.1, v2.2.1 |
|
#
60233e58 |
| 05-Apr-2009 |
Sascha Wildner <saw@online.de> |
Generally use NULL instead of explicitly casting 0 to some pointer type.
|
Revision tags: v2.2.0, v2.3.0 |
|
#
d16fa201 |
| 31-Jan-2009 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
rtsock: Fix !SO_USELOOPBACK support in route_output()
Old BSD code assumes that rts_input() is synchronous, so clear/set sp_family could be used to skip the current rawcb. However, our rts_input()
rtsock: Fix !SO_USELOOPBACK support in route_output()
Old BSD code assumes that rts_input() is synchronous, so clear/set sp_family could be used to skip the current rawcb. However, our rts_input() is asynchronous, thus the clear/set sp_family trick no longer takes any effect.
Reimplement the rawcb skipping in the following way: - Record the address of rawcb to be skipped in netmsg. - Extend raw_input() interface to accept a 'skip' argument. At the beginning of the rawcb list iteration, check the address of the current rawcb against the 'skip'.
show more ...
|
#
895c1f85 |
| 15-Dec-2008 |
Michael Neumann <mneumann@ntecs.de> |
suser_* to priv_* conversion
|
Revision tags: v2.1.1, v2.0.1 |
|
#
47db7f9b |
| 24-Jun-2007 |
Matthew Dillon <dillon@dragonflybsd.org> |
Fix rts_input() which is the only procedure which calls raw_input(). As with other packet input routines, the mbuf must be demuxed and forwarded to the correct protocol thread so it can be cpu-local
Fix rts_input() which is the only procedure which calls raw_input(). As with other packet input routines, the mbuf must be demuxed and forwarded to the correct protocol thread so it can be cpu-localized for processing.
This allow anyone, including interrupt code, to write to the routing socket.
Reported-by: "Sepherosa Ziehau" <sepherosa@gmail.com>
show more ...
|
#
6d49aa6f |
| 22-Apr-2007 |
Matthew Dillon <dillon@dragonflybsd.org> |
Give the sockbuf structure its own header file and supporting source file. Move all sockbuf-specific functions from kern/uipc_socket2.c into the new kern/uipc_sockbuf.c and move all the sockbuf-speci
Give the sockbuf structure its own header file and supporting source file. Move all sockbuf-specific functions from kern/uipc_socket2.c into the new kern/uipc_sockbuf.c and move all the sockbuf-specific structures from sys/socketvar.h to sys/sockbuf.h.
Change the sockbuf structure to only contain those fields required to properly management a chain of mbufs. Create a signalsockbuf structure to hold the remaining fields (e.g. selinfo, mbmax, etc).
Change the so_rcv and so_snd structures in the struct socket from a sockbuf to a signalsockbuf.
Remove the recently added sorecv_direct structure which was being used to provide a direct mbuf path to consumers for socket I/O. Use the newly revamped sockbuf base structure instead. This gives mbuf consumers direct access to the sockbuf API functions for use outside of a struct socket. This will also allow new API functions to be added to the sockbuf interface to ease the job of parsing data out of chained mbufs.
show more ...
|
#
fa5e758c |
| 21-Apr-2007 |
Matthew Dillon <dillon@dragonflybsd.org> |
Convert all pr_usrreqs structure initializations to the .name = data format.
|
#
3bf25ce1 |
| 14-Jan-2006 |
Sascha Wildner <swildner@dragonflybsd.org> |
* Remove (void) casts for discarded return values.
* Put function types on separate lines.
* Ansify function definitions.
In-collaboration-with: Alexey Slynko <slynko@tronet.ru>
|
#
590b8cd4 |
| 26-Jan-2005 |
Jeffrey Hsu <hsu@dragonflybsd.org> |
Code cleanup. Refactor some functions. Push some globals into local scope.
|
#
0c3c561c |
| 06-Jan-2005 |
Jeffrey Hsu <hsu@dragonflybsd.org> |
Cosmetic cleanups.
|
#
f23061d4 |
| 21-Dec-2004 |
Jeffrey Hsu <hsu@dragonflybsd.org> |
Clean up the routing and networking code before I parallelize routing.
|
#
cfa2ba21 |
| 06-Jun-2004 |
Matthew Dillon <dillon@dragonflybsd.org> |
Remove the canwait argument to dup_sockaddr(). Callers of dup_sockaddr() all assume that it just works, so it really has to work. Since interrupts are now threads we can use M_INTWAIT. While it is
Remove the canwait argument to dup_sockaddr(). Callers of dup_sockaddr() all assume that it just works, so it really has to work. Since interrupts are now threads we can use M_INTWAIT. While it is possible that a memory deadlock issue exists here (e.g. if swapping over NFS), it isn't likely in this case.
show more ...
|
#
47e78ae8 |
| 06-Mar-2004 |
Jeffrey Hsu <hsu@dragonflybsd.org> |
Eliminate the use of curproc in route_output() by passing down the process id it needs.
|
#
e4700d00 |
| 05-Mar-2004 |
Jeffrey Hsu <hsu@dragonflybsd.org> |
Once we distribute socket protocol processing requests to different processors, we no longer have a process context to refer to, so eliminate the use of curproc in soreserve() by passing the sockbuf
Once we distribute socket protocol processing requests to different processors, we no longer have a process context to refer to, so eliminate the use of curproc in soreserve() by passing the sockbuf resource limit all the down from the system call code to sbreserve().
Eliminate the use of curproc in unp_attach() by passing down the fields it needs from the proc structure. Define a pru_attach_info structure to hold the information the attach usrreq function requires.
The thread argument to in_pcballoc() is unused, so we don't need to pass a thread structure down to in_pcballoc().
show more ...
|