#
d745c852 |
| 07-Nov-2011 |
Ed Schouten <ed@FreeBSD.org> |
Mark MALLOC_DEFINEs static that have no corresponding MALLOC_DECLAREs.
This means that their use is restricted to a single C file.
|
Revision tags: vendor/tzdata/tzdata2011n, vendor/tzdata/tzdata2011m, vendor/clang/clang-r142614, vendor/llvm/llvm-r142614, vendor/tzdata/tzdata2011l, zfs-0.6.0-rc6, vendor/heimdal/1.5.1, vendor/com_err/1.5.1, vendor/file/5.09, vendor/heimdal/1.5, vendor/openssh/5.9p1, vendor/acpica/20110922, vendor/openresolv/3.4.4, vendor/bind9/9.8.1, vendor/one-true-awk/20110810, vendor/one-true-awk/20110807, vendor/bind9/9.4-ESV-R5, vendor/bind9/9.6-ESV-R5, vendor/clang/clang-r135360, vendor/llvm/llvm-r135360, vendor/pciids/pciids-20110716, vendor/bind9/9.8.0-P4, vendor/dialog/1.1-20110707, zfs-0.6.0-rc5, vendor/bind9/9.6-ESV-R4-P3, vendor/tzdata/tzdata2011h, vendor/acpica/20110623, vendor/tnftp/20100108, vendor/sendmail/8.14.5, vendor/clang/clang-r132879, vendor/llvm/llvm-r132879, vendor/less/v444, vendor/compiler-rt/compiler-rt-r132478, vendor/acpica/20110527, vendor/bind9/9.4-ESV-R4-P1, vendor/bind9/9.6-ESV-R4-P1, vendor/netcat/4.9, vendor/less/v443, vendor/one-true-awk/20110506, zfs-0.6.0-rc4, vendor/openssh/5.8p2, vendor/v4l/2.6.17, vendor/tre/0.8.0, vendor/one-true-awk/20110501, vendor/clang/clang-r130700, vendor/llvm/llvm-r130700, vendor/ncurses/5.9-20110405, vendor/ncurses/5.8-20110226, vendor/tzdata/tzdata2011g, vendor/dialog/1.1-20110302, vendor/acpica/20110413, vendor/tzdata/tzdata2011f, zfs-0.6.0-rc3, vendor/pciids/pciids-20110407, vendor/NetBSD/libedit/2010-08-04, vendor/tzdata/tzdata2011e, vendor/NetBSD/libedit/2010-06-01, vendor/NetBSD/libedit/2007-01-12, vendor/NetBSD/libedit/2006-03-23, vendor/NetBSD/libedit/2005-11-09, vendor/NetBSD/libedit/2005-08-02, vendor/NetBSD/libedit/2001-09-29, vendor/NetBSD/libedit/1997-06-25, vendor/openresolv/3.4.1, vendor/compiler-rt/compiler-rt-r127823, vendor/acpica/20110316, vendor/tzdata/tzdata2011d, zfs-0.6.0-rc2, vendor/gdtoa/20110304, vendor/tzdata/tzdata2011c, vendor/tzdata/tzdata2011b, vendor/clang/clang-r126547, vendor/llvm/llvm-r126547, vendor/xz/5.0.1, vendor/clang/clang-r126079, vendor/llvm/llvm-r126079, zfs-0.6.0-rc1, vendor/openssh/5.8p1, vendor/openssh/5.7p1, release/7.4.0_cvs, release/8.2.0_cvs, release/7.4.0, release/8.2.0, vendor/acpica/20110211, vendor/bind9/9.6.3, vendor/tzdata/tzdata2011a, vendor/acpica/20110112, vendor/dialog/1.1-20100428, vendor/acpica/20101209, vendor/bind9/9.4-ESV-R4, vendor/bind9/9.6-ESV-R3, vendor/openssl/0.9.8q, vendor/octeon-sdk/2.0.0, vendor/openssl/0.9.8p, zfs-0.5.2, vendor/xz/5.0.0, vendor/openssh/5.6p1, vendor/bind9/9.4-ESV-R3, vendor/tzdata/tzdata2010o, vendor/binutils/binutils-master-20070703-075419, vendor/bind9/9.6-ESV-R2, vendor/wpa/0.7.3, vendor/tcpdump/4.1.1, vendor/libpcap/1.1.1, vendor/tzcode/tzcode2010n, vendor/compiler-rt/compiler-rt-r117047, vendor/binutils/binutils-2_17-branch-20070807-000013, vendor/binutils/binutils-2_15-branch-20050608-153448, vendor/netcat/4.8, vendor/binutils/binutils-2_15-branch-20040523-044032, vendor/acpica/20101013, vendor/xz/20101010, vendor/ee/1.5.2, vendor/ee/1.5.1, vendor/clang/clang-2.8, vendor/llvm/llvm-2.8, vendor/bzip2/1.0.6, vendor/tzcode/tzcode2010m, vendor/tzdata/tzdata2010m, vendor/clang/clang-r114020, vendor/llvm/llvm-r114020, vendor/clang/clang-r108428, vendor/llvm/llvm-r108428, vendor/acpica/20100915, zfs-0.5.1, vendor/tzcode/tzcode2010l, vendor/tzdata/tzdata2010l, vendor/acpica/20100806, vendor/opensolaris/20100802, vendor/tzdata/tzdata2010k, vendor/octeon-sdk/1.9.0, release/8.1.0_cvs, release/8.1.0, vendor/clang/clang-r108243, vendor/llvm/llvm-r108243, vendor/acpica/20100702, vendor/wpa/0.6.10 |
|
#
d5a42fa4 |
| 31-May-2010 |
Robert Watson <rwatson@FreeBSD.org> |
Merge r204581 from head to stable/8:
Update device-labeling logic for Biba, LOMAC, and MLS to recognize new-style pts devices when various policy ptys_equal flags are enabled.
Submitted by: E
Merge r204581 from head to stable/8:
Update device-labeling logic for Biba, LOMAC, and MLS to recognize new-style pts devices when various policy ptys_equal flags are enabled.
Submitted by: Estella Mystagic <estella at mystagic.com>
Approved by: re (kib)
show more ...
|
Revision tags: vendor/acpica/20100528, vendor/clang/clang-r104832, vendor/llvm/llvm-r104832, vendor/bind9/9.4-ESV-R2, vendor/bind9/9.6.2-P2, vendor/tzdata/tzdata2010j, vendor/xz/20100412, vendor/acpica/20100428, vendor/openssh/5.5p1, vendor/testfloat/2a, vendor/zlib/1.2.5, vendor/tzdata/tzdata2010i, vendor/zlib/1.2.4.3, vendor/tzdata/tzdata2010h, vendor/acpica/20100331, vendor/openssl/0.9.8n, vendor/zlib/1.2.4.1, vendor/bind9/9.4-ESV-R1 |
|
#
285438bf |
| 27-Mar-2010 |
Edward Tomasz Napierala <trasz@FreeBSD.org> |
MFC r201438:
Make mac_lomac(4) able to interpret NFSv4 access bits.
Reviewed by: rwatson
|
Revision tags: vendor/netcat/4.7, vendor/tzcode/tzcode2010f, vendor/tzdata/tzdata2010f, release/7.3.0_cvs, release/7.3.0, vendor/bind9/9.6.2-P1, vendor/zlib/1.2.4, vendor/tzdata/tzdata2010e, vendor/openssh/5.4p1, vendor/acpica/20100304, vendor/bind9/9.6.2 |
|
#
9663e343 |
| 02-Mar-2010 |
Robert Watson <rwatson@FreeBSD.org> |
Update device-labeling logic for Biba, LOMAC, and MLS to recognize new-style pts devices when various policy ptys_equal flags are enabled.
Submitted by: Estella Mystagic <estella at mystagic.com> MF
Update device-labeling logic for Biba, LOMAC, and MLS to recognize new-style pts devices when various policy ptys_equal flags are enabled.
Submitted by: Estella Mystagic <estella at mystagic.com> MFC after: 1 week
show more ...
|
Revision tags: vendor/tzcode/tzcode2010c, vendor/tzdata/tzdata2010c, vendor/openssl/0.9.8m, vendor/dtc/dtc-d75b33af, vendor/dtc/1.2.0, vendor/tzcode/tzcode2010a, vendor/bind9/9.4-ESV, vendor/tzdata/tzdata2010b, vendor/sendmail/8.14.4, vendor/bind9/9.6.1-P3, vendor/acpica/20100121, vendor/netcat/4.6, vendor/tzdata/tzdata2010a, vendor/one-true-awk/20091126 |
|
#
3a597bfc |
| 03-Jan-2010 |
Edward Tomasz Napierala <trasz@FreeBSD.org> |
Make mac_lomac(4) able to interpret NFSv4 access bits.
Reviewed by: rwatson
|
Revision tags: vendor/tzdata/tzdata2009u, vendor/tzdata/tzdata2009t, vendor/tzcode/tzcode2009t, vendor/acpica/20091214, vendor/ntp/4.2.4p8, vendor/bind9/9.4.3-P4, vendor/bind9/9.6.1-P2, release/8.0.0_cvs, release/8.0.0, vendor/tzdata/tzdata2009s, vendor/acpica/20091112, vendor/tzcode/tzcode2009r, vendor/tzdata/tzdata2009r, vendor/clang/clang-r86025, vendor/llvm/llvm-r86025, vendor/tzcode/tzcode2009q, vendor/tzdata/tzdata2009q, vendor/tzdata/tzdata2009p, vendor/clang/clang-r84949, vendor/llvm/llvm-r84949, vendor/tzdata/tzdata2009o, vendor/llvm/llvm-r84176, vendor/clang/clang-r84175, vendor/clang/clang-r84119, vendor/llvm/llvm-r84119, vendor/acpica/20091013, vendor/openssh/5.3p1, vendor/tzdata/tzdata2009n, vendor/x86emu/4.6, vendor/tzdata/tzdata2009m, vendor/acpica/20090903, vendor/openssl/0.9.8k-dtls-fixes, vendor/pf-sys/4.5.002, vendor/pf/4.5, vendor/tzdata/tzdata2009l, vendor/openbsm/1.1-P-2, vendor/acpica/20090730, vendor/bind9/9.4.3-P3, vendor/bind9/9.6.1-P1, vendor/less/v436, vendor/tzcode/tzcode2009k, vendor/tzdata/tzdata2009k, vendor/openbsm/1.1-P-1, vendor/tcsh/6.17.00, vendor/clang/clang-r74788, vendor/llvm/llvm-r74788, vendor/clang/clang-r74383, vendor/llvm/llvm-r74383, vendor/acpica/20090625, vendor/bind9/9.6.1 |
|
#
3364c323 |
| 23-Jun-2009 |
Konstantin Belousov <kib@FreeBSD.org> |
Implement global and per-uid accounting of the anonymous memory. Add rlimit RLIMIT_SWAP that limits the amount of swap that may be reserved for the uid.
The accounting information (charge) is associ
Implement global and per-uid accounting of the anonymous memory. Add rlimit RLIMIT_SWAP that limits the amount of swap that may be reserved for the uid.
The accounting information (charge) is associated with either map entry, or vm object backing the entry, assuming the object is the first one in the shadow chain and entry does not require COW. Charge is moved from entry to object on allocation of the object, e.g. during the mmap, assuming the object is allocated, or on the first page fault on the entry. It moves back to the entry on forks due to COW setup.
The per-entry granularity of accounting makes the charge process fair for processes that change uid during lifetime, and decrements charge for proper uid when region is unmapped.
The interface of vm_pager_allocate(9) is extended by adding struct ucred *, that is used to charge appropriate uid when allocation if performed by kernel, e.g. md(4).
Several syscalls, among them is fork(2), may now return ENOMEM when global or per-uid limits are enforced.
In collaboration with: pho Reviewed by: alc Approved by: re (kensmith)
show more ...
|
Revision tags: vendor/clang/clang-r73984, vendor/llvm/llvm-r73984, vendor/clang/clang-r73954, vendor/llvm/llvm-r73954, vendor/clang/clang-r73879, vendor/llvm/llvm-r73879 |
|
#
fbbbf5d1 |
| 20-Jun-2009 |
Ed Schouten <ed@FreeBSD.org> |
Chase the removal of PRIV_TTY_PRISON in the mac(9) modules.
Reported by: kib Pointy hat to: me
|
Revision tags: vendor/tzdata/tzdata2009j, vendor/opensolaris/20080410b, vendor/clang/clang-r73340, vendor/llvm/llvm-r73340, vendor/tzcode/tzcode2009i, vendor/tzdata/tzdata2009i, vendor/clang/clang-r73070, vendor/llvm/llvm-r73070, vendor/openssl/0.9.8k, vendor/clang/clang-r73021, vendor/llvm/llvm-r73021, vendor/clang/clang-r72995, vendor/llvm/llvm-r72995, vendor/clang/clang-r72805, vendor/llvm/llvm-r72805 |
|
#
3de40469 |
| 03-Jun-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Continue work to optimize performance of "options MAC" when no MAC policy modules are loaded by avoiding mbuf label lookups when policies aren't loaded, pushing further socket locking into MAC policy
Continue work to optimize performance of "options MAC" when no MAC policy modules are loaded by avoiding mbuf label lookups when policies aren't loaded, pushing further socket locking into MAC policy modules, and avoiding locking MAC ifnet locks when no policies are loaded:
- Check mac_policies_count before looking for mbuf MAC label m_tags in MAC Framework entry points. We will still pay label lookup costs if MAC policies are present but don't require labels (typically a single mbuf header field read, but perhaps further indirection if IPSEC or other m_tag consumers are in use).
- Further push socket locking for socket-related access control checks and events into MAC policies from the MAC Framework, so that sockets are only locked if a policy specifically requires a lock to protect a label. This resolves lock order issues during sonewconn() and also in local domain socket cross-connect where multiple socket locks could not be held at once for the purposes of propagatig MAC labels across multiple sockets. Eliminate mac_policy_count check in some entry points where it no longer avoids locking.
- Add mac_policy_count checking in some entry points relating to network interfaces that otherwise lock a global MAC ifnet lock used to protect ifnet labels.
Obtained from: TrustedBSD Project
show more ...
|
Revision tags: vendor/clang/clang-r72770, vendor/llvm/llvm-r72770, vendor/clang/clang-r72732, vendor/llvm/llvm-r72732, vendor/acpica/20090521, vendor/acpica/20070320resync, vendor/bind9/9.6.1rc1, vendor/netcat/4.5, vendor/tzcode/tzcode2009h, vendor/tzdata/tzdata2009h, vendor/ee/1.5.0, vendor/ee/1.4.7, vendor/ee/1.4.6, vendor/ee/1.4.5a, vendor/ee/1.4.4, vendor/ee/1.4.3, vendor/ee/1.4.2, vendor/top/3.8b1, vendor/tzcode/tzcode2009e, vendor/file/5.03, vendor/less/v429, vendor/binutils/2.15-r191844-obrien, vendor/file/5.00, release/7.2.0_cvs, release/7.2.0, vendor/tzdata/tzdata2009g, vendor/openbsm/1.1, vendor/tzdata/tzdata2009f, vendor/tzdata/tzdata2009e, vendor/tzdata/tzdata2009d, vendor/bind9/9.4.3-P2, vendor/libpcap/1.0.0, vendor/tcpdump/4.0.0, vendor/tzdata/tzdata2009c |
|
#
fefd0ac8 |
| 08-Mar-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Remove 'uio' argument from MAC Framework and MAC policy entry points for extended attribute get/set; in the case of get an uninitialized user buffer was passed before the EA was retrieved, making it
Remove 'uio' argument from MAC Framework and MAC policy entry points for extended attribute get/set; in the case of get an uninitialized user buffer was passed before the EA was retrieved, making it of relatively little use; the latter was simply unused by any policies.
Obtained from: TrustedBSD Project Sponsored by: Google, Inc.
show more ...
|
Revision tags: vendor/openbsm/1.1-BETA-1, vendor/wpa/0.6.8, vendor/openssh/5.2p1, vendor/tzdata/tzdata2009b, vendor/gdtoa/20081205, vendor/tzdata/tzdata2009a, vendor/wpa_supplicant/0.5.11, vendor/wpa_supplicant/0.5.10, vendor/openbsm/1.1-ALPHA-5 |
|
#
9162f64b |
| 10-Jan-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Rather than having MAC policies explicitly declare what object types they label, derive that information implicitly from the set of label initializers in their policy operations set. This avoids a p
Rather than having MAC policies explicitly declare what object types they label, derive that information implicitly from the set of label initializers in their policy operations set. This avoids a possible class of programmer errors, while retaining the structure that allows us to avoid allocating labels for objects that don't need them. As before, we regenerate a global mask of labeled objects each time a policy is loaded or unloaded, stored in mac_labeled.
Discussed with: csjp Suggested by: Jacques Vidrine <nectar at apple.com> Obtained from: TrustedBSD Project Sponsored by: Apple, Inc.
show more ...
|
#
dbdcb994 |
| 10-Jan-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Use MPC_OBJECT_IP6Q to indicate labeling of struct ip6q rather than MPC_OBJECT_IPQ; it was already defined, just not used.
Obtained from: TrustedBSD Project Sponsored by: Apple, Inc.
|
Revision tags: vendor/bind9/9.3.6-P1, vendor/bind9/9.4.3-P1, vendor/file/4.26, release/7.1.0_cvs, release/7.1.0, vendor/openbsm/1.1-ALPHA-4, vendor/bind9/9.4.3, vendor/resolver/9.4.3, vendor/pf-sys/4.4, vendor/pf-sys/4.3, vendor/pf-sys/4.2, vendor/pf/4.4, vendor/pf/4.3, vendor/pf/4.2, release/6.4.0_cvs, release/6.4.0, vendor/openbsm/1.1-ALPHA-2, vendor/ncurses/5.7-20081102 |
|
#
15bc6b2b |
| 28-Oct-2008 |
Edward Tomasz Napierala <trasz@FreeBSD.org> |
Introduce accmode_t. This is required for NFSv4 ACLs - it will be neccessary to add more V* constants, and the variables changed by this patch were often being assigned to mode_t variables, which is
Introduce accmode_t. This is required for NFSv4 ACLs - it will be neccessary to add more V* constants, and the variables changed by this patch were often being assigned to mode_t variables, which is 16 bit.
Approved by: rwatson (mentor)
show more ...
|
#
9215889d |
| 28-Oct-2008 |
Robert Watson <rwatson@FreeBSD.org> |
Rename mac_cred_mmapped_drop_perms(), which revokes access to virtual memory mappings when the MAC label on a process changes, to mac_proc_vm_revoke(),
It now also acquires its own credential refere
Rename mac_cred_mmapped_drop_perms(), which revokes access to virtual memory mappings when the MAC label on a process changes, to mac_proc_vm_revoke(),
It now also acquires its own credential reference directly from the affected process rather than accepting one passed by the the caller, simplifying the API and consumer code.
Obtained from: TrustedBSD Project
show more ...
|
#
212ab0cf |
| 28-Oct-2008 |
Robert Watson <rwatson@FreeBSD.org> |
Rename three MAC entry points from _proc_ to _cred_ to reflect the fact that they operate directly on credentials: mac_proc_create_swapper(), mac_proc_create_init(), and mac_proc_associate_nfsd(). U
Rename three MAC entry points from _proc_ to _cred_ to reflect the fact that they operate directly on credentials: mac_proc_create_swapper(), mac_proc_create_init(), and mac_proc_associate_nfsd(). Update policies.
Obtained from: TrustedBSD Project
show more ...
|
Revision tags: vendor/tzdata/tzdata2008i |
|
#
048e1287 |
| 26-Oct-2008 |
Robert Watson <rwatson@FreeBSD.org> |
Implement MAC policy support for IPv6 fragment reassembly queues, modeled on IPv4 fragment reassembly queue support.
Obtained from: TrustedBSD Project
|
#
1ede983c |
| 23-Oct-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Retire the MALLOC and FREE macros. They are an abomination unto style(9).
MFC after: 3 months
|
#
7fb179ba |
| 17-Oct-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Add a mac_inpcb_check_visible implementation to all MAC policies that handle mac_socket_check_visible.
Reviewed by: rwatson MFC after: 3 months (set timer; decide then)
|
Revision tags: vendor/tzdata/tzdata2008h, vendor/tzdata/tzdata2008g, vendor/netcat/4.4, vendor/openssl/0.9.8i, vendor/tzdata/tzdata2008f, vendor/gdtoa/20080831, vendor/bind9/9.3.5-P2, vendor/bind9/9.4.2-P2 |
|
#
0359a12e |
| 28-Aug-2008 |
Attilio Rao <attilio@FreeBSD.org> |
Decontextualize the couplet VOP_GETATTR / VOP_SETATTR as the passed thread was always curthread and totally unuseful.
Tested by: Giovanni Trematerra <giovanni dot trematerra at gmail dot com>
|
Revision tags: vendor/sendmail/8.14.3, vendor/ath/0.10.5.10 |
|
#
6356dba0 |
| 23-Aug-2008 |
Robert Watson <rwatson@FreeBSD.org> |
Introduce two related changes to the TrustedBSD MAC Framework:
(1) Abstract interpreter vnode labeling in execve(2) and mac_execve(2) so that the general exec code isn't aware of the details of
Introduce two related changes to the TrustedBSD MAC Framework:
(1) Abstract interpreter vnode labeling in execve(2) and mac_execve(2) so that the general exec code isn't aware of the details of allocating, copying, and freeing labels, rather, simply passes in a void pointer to start and stop functions that will be used by the framework. This change will be MFC'd.
(2) Introduce a new flags field to the MAC_POLICY_SET(9) interface allowing policies to declare which types of objects require label allocation, initialization, and destruction, and define a set of flags covering various supported object types (MPC_OBJECT_PROC, MPC_OBJECT_VNODE, MPC_OBJECT_INPCB, ...). This change reduces the overhead of compiling the MAC Framework into the kernel if policies aren't loaded, or if policies require labels on only a small number or even no object types. Each time a policy is loaded or unloaded, we recalculate a mask of labeled object types across all policies present in the system. Eliminate MAC_ALWAYS_LABEL_MBUF option as it is no longer required.
MFC after: 1 week ((1) only) Reviewed by: csjp Obtained from: TrustedBSD Project Sponsored by: Apple, Inc.
show more ...
|
Revision tags: vendor/ntp/4.2.4p5, vendor/tzdata/tzdata2008e, vendor/tzdata/tzdata2008d, vendor/tzdata/tzdata2008c, vendor/pf-sys/4.1.001 |
|
#
95b85ca3 |
| 02-Aug-2008 |
Robert Watson <rwatson@FreeBSD.org> |
Minor style tweaks.
|
Revision tags: vendor/openssh/5.1p1, vendor/openssh/5.0p1, vendor/openssh/4.9p1, vendor/openssh/4.7p1, vendor/openssh/4.6p1, vendor/bind9/9.3.5-P1, vendor/bind9/9.3.5, vendor/bind9/9.4.2-P1, vendor/misc-GNU/cpio/2.8 |
|
#
37f44cb4 |
| 13-Jun-2008 |
Robert Watson <rwatson@FreeBSD.org> |
The TrustedBSD MAC Framework named struct ipq instances 'ipq', which is the same as the global variable defined in ip_input.c. Instead, adopt the name 'q' as found in about 1/2 of uses in ip_input.c
The TrustedBSD MAC Framework named struct ipq instances 'ipq', which is the same as the global variable defined in ip_input.c. Instead, adopt the name 'q' as found in about 1/2 of uses in ip_input.c, preventing a collision on the name. This is non-harmful, but means that search and replace on the global works less well (as in the virtualization work), as well as indexing tools.
MFC after: 1 week Reported by: julian
show more ...
|
Revision tags: vendor/binutils/2.15.20040523, vendor/opensolaris/20080410, vendor/ncurses/5.6-20080503, vendor/expat/2.0.1, vendor/com_err/1.1.0, vendor/heimdal/1.1.0, vendor/opensolaris/20080410a, vendor/gcc/trunk_20080418-SVN134423, vendor/netcat/4.3, vendor/tzdata/tzdata2008b, vendor/bzip2/1.0.5, vendor/misc-GNU/cvs/1.11-20080310, vendor/tcsh/6.15b, vendor/tzdata/tzdata2008a, vendor/bsnmp/syrinx_20080307_bugfix, release/7.0.0_cvs, release/7.0.0, vendor/ncurses/5.6-20080209, vendor/file/4.23-r1.46, vendor/binutils/2.15.cvsrev_1_51, release/6.3.0_cvs, release/6.3.0, vendor/file/4.23, vendor/misc-GNU/cvs/1.11.22, vendor/tzdata/tzdata2007k, vendor/ncurses/5.6-20071222, vendor/openpam/HYDRANGEA, vendor/amd/6.1.5, vendor/tzdata/tzdata2007j, vendor/resolver/9.4.2, vendor/bind9/9.4.2, vendor/less/v416, vendor/less/v415, vendor/libreadline/5.2p3_p7, vendor/sendmail/8.14.2, vendor/tzdata/tzdata2007i, vendor/openbsm/1.0 |
|
#
eb320b0e |
| 29-Oct-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Resort TrustedBSD MAC Framework policy entry point implementations and declarations to match the object, operation sort order in the framework itself.
Obtained from: TrustedBSD Project
|
#
2a9e17ce |
| 28-Oct-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Garbage collect mac_mbuf_create_multicast_encap TrustedBSD MAC Framework entry point, which is no longer required now that we don't support old-style multicast tunnels. This removes the last mbuf ob
Garbage collect mac_mbuf_create_multicast_encap TrustedBSD MAC Framework entry point, which is no longer required now that we don't support old-style multicast tunnels. This removes the last mbuf object class entry point that isn't init/copy/destroy.
Obtained from: TrustedBSD Project
show more ...
|
#
a13e21f7 |
| 28-Oct-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Continue to move from generic network entry points in the TrustedBSD MAC Framework by moving from mac_mbuf_create_netlayer() to more specific entry points for specific network services:
- mac_netine
Continue to move from generic network entry points in the TrustedBSD MAC Framework by moving from mac_mbuf_create_netlayer() to more specific entry points for specific network services:
- mac_netinet_firewall_reply() to be used when replying to in-bound TCP segments in pf and ipfw (etc).
- Rename mac_netinet_icmp_reply() to mac_netinet_icmp_replyinplace() and add mac_netinet_icmp_reply(), reflecting that in some cases we overwrite a label in place, but in others we apply the label to a new mbuf.
Obtained from: TrustedBSD Project
show more ...
|
#
b9b0dac3 |
| 28-Oct-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Move towards more explicit support for various network protocol stacks in the TrustedBSD MAC Framework:
- Add mac_atalk.c and add explicit entry point mac_netatalk_aarp_send() for AARP packet labe
Move towards more explicit support for various network protocol stacks in the TrustedBSD MAC Framework:
- Add mac_atalk.c and add explicit entry point mac_netatalk_aarp_send() for AARP packet labeling, rather than using a generic link layer entry point.
- Add mac_inet6.c and add explicit entry point mac_netinet6_nd6_send() for ND6 packet labeling, rather than using a generic link layer entry point.
- Add expliict entry point mac_netinet_arp_send() for ARP packet labeling, and mac_netinet_igmp_send() for IGMP packet labeling, rather than using a generic link layer entry point.
- Remove previous genering link layer entry point, mac_mbuf_create_linklayer() as it is no longer used.
- Add implementations of new entry points to various policies, largely by replicating the existing link layer entry point for them; remove old link layer entry point implementation.
- Make MAC_IFNET_LOCK(), MAC_IFNET_UNLOCK(), and mac_ifnet_mtx global to the MAC Framework rather than static to mac_net.c as it is now needed outside of mac_net.c.
Obtained from: TrustedBSD Project
show more ...
|