#
2b3f93ea |
| 13-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed.
Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
show more ...
|
Revision tags: v6.4.0, v6.4.0rc1, v6.5.0, v6.2.2, v6.2.1, v6.2.0, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2, v5.8.1, v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3, v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2, v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1, v5.2.0, v5.3.0, v5.2.0rc, v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1 |
|
#
3b9ff503 |
| 22-Sep-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
inet/inet6: Randomize local port
Due to avoid lock intruction, this also improves connect(2) performance a bit.
|
Revision tags: v4.8.1 |
|
#
860b6b42 |
| 20-Jun-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
loopback: Use ifclone APIs to create loopback interfaces.
This paves way for multiple FIB support.
|
#
16db446e |
| 12-Apr-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
inpcb: Don't rely on ncpus2 for local port allocation.
|
Revision tags: v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0, v4.4.3, v4.4.2 |
|
#
0723a285 |
| 07-Dec-2015 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
inpcb: Split portinfo token into tokens for porthash head
And use pooled token for porthash head. This avoids another 10K/s ~20K/s contention during local port selection.
|
Revision tags: v4.4.1 |
|
#
327bf46d |
| 04-Dec-2015 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
inpcb: Push porthash token down a bit and use atomic op to update lastport
This paves the way to use pooled token for porthash list head.
Even just with this commit, porthash token contention is re
inpcb: Push porthash token down a bit and use atomic op to update lastport
This paves the way to use pooled token for porthash list head.
Even just with this commit, porthash token contention is reduced by 20K/s on 12core/24threads system when running tools/kq_connect_client.
show more ...
|
Revision tags: v4.4.0, v4.5.0, v4.4.0rc |
|
#
cb3deea5 |
| 13-Aug-2015 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
inet6: Change scope to zone and use in6_clearscope() whenever possible
Obtained-from: KAME via FreeBSD
|
Revision tags: v4.2.4 |
|
#
1af953ac |
| 05-Aug-2015 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
inet6: Cosmetic clean up
No functional changes.
Obtained-from: KAME via FreeBSD
|
Revision tags: v4.3.1, v4.2.3, v4.2.1, v4.2.0, v4.0.6, v4.3.0, v4.2.0rc |
|
#
74ceb998 |
| 28-Mar-2015 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Adjustments for CERT VU#711516
Note that IPV6 route advertisements are disabled by default, so these adjustments have no real security implications if you haven't enabled it. And, generall
kernel - Adjustments for CERT VU#711516
Note that IPV6 route advertisements are disabled by default, so these adjustments have no real security implications if you haven't enabled it. And, generally speaking, enabling IPV6 route advertisements is a really bad idea anyway and these adjustments only address one small part of the problem.
* Allowing RTR packets via net.inet6.ip6.accept_rtadv is not advised even with this adjustment.
* Add a sysctl to put a lower limit on the IPV6 hop limit received via RTR packets when allowed, default is 39. sysctl net.inet6.ip6.minhlim.
show more ...
|
Revision tags: v4.0.5, v4.0.4, v4.0.3, v4.0.2, v4.0.1, v4.0.0, v4.0.0rc3, v4.0.0rc2, v4.0.0rc, v4.1.0, v3.8.2, v3.8.1, v3.6.3, v3.8.0, v3.8.0rc2, v3.9.0, v3.8.0rc, v3.6.2 |
|
#
8fa831cf |
| 05-Apr-2014 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
in6pcb: in6_pcbsetport -> in6_pcbsetlport; no functional changes
|
#
5588b5cd |
| 05-Apr-2014 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
inpcb: Add macros to get/release/assert port token
|
#
2524c225 |
| 25-Mar-2014 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
inpcb/in6pcb: Split port token
The original single local port space is devided into ncpus2 local port space groups. We denote local port space group as PG(N), N=[0, ncpus2).
Property of PG(N): - P
inpcb/in6pcb: Split port token
The original single local port space is devided into ncpus2 local port space groups. We denote local port space group as PG(N), N=[0, ncpus2).
Property of PG(N): - PG(N) only contains local ports matching following condition: (host_order(port) & ncpus2_mask) == N - PG(N) is protected by its own token.
On explicit local port bind(2) path and accept(2) path, PG(N) is selected by using the local port already available (accept(2)) or supplied (bind(2)): N = host_order(port) & ncpus2_mask
On implicit local port selection path (bind(2) and connect(2)), PG(N) is selected and used in the following way: N = mycpuid; N1 = N; again: if (find free port in PG(N)) { DONE; } else { N = (N + 1) & ncpus2_mask; if (N != N1) goto again; FAILED; }
PG(N) is now recorded in inpcb struct, so when inpcb is destroyed, we know which port space group it should use.
On i7-3770 w/ Intel 82599ES, using tools/kq_connect_client: Port token contention rate on each hyperthread is reduced from 120K/s to 40K/s. Admittedly the contention rate is still high but it is much better than before.
Now the major source of port token contention is the contention between implicit local port select path and inpcb destroy path. There may be a way to choose local port which could hash the inpcb to the current CPU; this needs more investigation.
show more ...
|
#
6b048a7c |
| 23-Mar-2014 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
inpcb: Group port related fields into inpcbportinfo
Prepare for port token splitting.
|
#
05e43c26 |
| 16-Mar-2014 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
inpcb/in6pcb: in_pcbinsporthash() never fails
|
#
8d976fd7 |
| 16-Mar-2014 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
in6pcb: Properly hold port token for in6_pcbbind() and in6_pcbsetport()
|
Revision tags: v3.6.1 |
|
#
cfd79120 |
| 25-Jan-2014 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
jails/netinet6: Only select jailed ips for outgoing
Outgoing IP address selection for jailed processes using ipv6 was broken and selected the first ip6 address available. Now the code checks whether
jails/netinet6: Only select jailed ips for outgoing
Outgoing IP address selection for jailed processes using ipv6 was broken and selected the first ip6 address available. Now the code checks whether an ip6 is available to the jail in in6_ifawithascope.
show more ...
|
Revision tags: v3.6.0, v3.7.1, v3.6.0rc, v3.7.0, v3.4.3 |
|
#
dc71b7ab |
| 31-May-2013 |
Justin C. Sherrill <justin@shiningsilence.com> |
Correct BSD License clause numbering from 1-2-4 to 1-2-3.
Apparently everyone's doing it: http://svnweb.freebsd.org/base?view=revision&revision=251069
Submitted-by: "Eitan Adler" <lists at eitanadl
Correct BSD License clause numbering from 1-2-4 to 1-2-3.
Apparently everyone's doing it: http://svnweb.freebsd.org/base?view=revision&revision=251069
Submitted-by: "Eitan Adler" <lists at eitanadler.com>
show more ...
|
Revision tags: v3.4.2 |
|
#
2702099d |
| 06-May-2013 |
Justin C. Sherrill <justin@shiningsilence.com> |
Remove advertising clause from all that isn't contrib or userland bin.
By: Eitan Adler <lists@eitanadler.com>
|
Revision tags: v3.4.0, v3.4.1, v3.4.0rc, v3.5.0, v3.2.2, v3.2.1, v3.2.0, v3.3.0, v3.0.3, v3.0.2, v3.0.1, v3.1.0, v3.0.0 |
|
#
4090d6ff |
| 03-Jan-2012 |
Sascha Wildner <saw@online.de> |
kernel: Use NULL for pointers.
|
#
86d7f5d3 |
| 26-Nov-2011 |
John Marino <draco@marino.st> |
Initial import of binutils 2.22 on the new vendor branch
Future versions of binutils will also reside on this branch rather than continuing to create new binutils branches for each new version.
|
Revision tags: v2.12.0, v2.13.0, v2.10.1, v2.11.0, v2.10.0, v2.9.1, v2.8.2, v2.8.1, v2.8.0, v2.9.0, v2.6.3, v2.7.3, v2.6.2, v2.7.2, v2.7.1, v2.6.1, v2.7.0, v2.6.0, v2.5.1, v2.4.1, v2.5.0, v2.4.0, v2.3.2, v2.3.1, v2.2.1, v2.2.0, v2.3.0 |
|
#
0ac8345c |
| 29-Dec-2008 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
Include necessary header file for SYSCTL_NODE
|
#
02809d29 |
| 26-Dec-2008 |
Peter Avalos <pavalos@theshell.com> |
Add the management part of address selection policy described in RFC 3484.
Obtained-from: KAME via FreeBSD Reviewed-by: sephe & hasso
|
#
895c1f85 |
| 15-Dec-2008 |
Michael Neumann <mneumann@ntecs.de> |
suser_* to priv_* conversion
|
Revision tags: v2.1.1, v2.0.1 |
|
#
3e4150ef |
| 29-Dec-2006 |
Victor Balada Diaz <victor@dragonflybsd.org> |
Made jails IPv6 aware and support more than one IP address.
Based-on: Pawel Jakub Dawidek mijail patches. Reviewed-by: Simon 'corecode' Schubert, Thomas E. Spanjaard, et al.
|
#
bde3511a |
| 24-Oct-2006 |
Jeffrey Hsu <hsu@dragonflybsd.org> |
Cosmetic changes.
|