| #
297f1103 |
| 10-Jun-2012 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Style: move opt_*.h includes in the proper place.
MFC after: 1 month
|
| #
6a068746 |
| 15-May-2012 |
Alexander Motin <mav@FreeBSD.org> |
MFC
|
| #
38f1b189 |
| 26-Apr-2012 |
Peter Grehan <grehan@FreeBSD.org> |
IFC @ r234692
sys/amd64/include/cpufunc.h
sys/amd64/include/fpu.h
sys/amd64/amd64/fpu.c
sys/amd64/vmm/vmm.c
- Add API to allow vmm FPU state init/save/restore.
FP stuff discussed with: kib
|
|
Revision tags: release/8.3.0_cvs, release/8.3.0 |
|
| #
8833b15f |
| 03-Apr-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Merge head r232686 through r233825 into projects/pf/head.
|
| #
62a9fc76 |
| 12-Mar-2012 |
Peter Holm <pho@FreeBSD.org> |
Allways call fdrop().
|
| #
8fa0b743 |
| 23-Jan-2012 |
Xin LI <delphij@FreeBSD.org> |
IFC @230489 (pending review).
|
|
Revision tags: release/9.0.0 |
|
| #
70d8f36a |
| 27-Oct-2011 |
Peter Grehan <grehan@FreeBSD.org> |
IFC @ r226824
|
| #
e141be6f |
| 18-Oct-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Revisit the capability failure trace points. The initial implementation
only logged instances where an operation on a file descriptor required
capabilities which the file descriptor did not have. B
Revisit the capability failure trace points. The initial implementation
only logged instances where an operation on a file descriptor required
capabilities which the file descriptor did not have. By adding a type enum
to struct ktr_cap_fail, we can catch other types of capability failures as
well, such as disallowed system calls or attempts to wrap a file descriptor
with more capabilities than it had to begin with.
show more ...
|
| #
c601ad8e |
| 11-Oct-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Add a new trace point, KTRFAC_CAPFAIL, which traces capability check
failures. It is included in the default set for ktrace(1) and kdump(1).
|
| #
27449604 |
| 01-Oct-2011 |
Alexander Motin <mav@FreeBSD.org> |
MFC
|
| #
8451d0dd |
| 16-Sep-2011 |
Kip Macy <kmacy@FreeBSD.org> |
In order to maximize the re-usability of kernel code in user space this
patch modifies makesyscalls.sh to prefix all of the non-compatibility
calls (e.g. not linux_, freebsd32_) with sys_ and updates
In order to maximize the re-usability of kernel code in user space this
patch modifies makesyscalls.sh to prefix all of the non-compatibility
calls (e.g. not linux_, freebsd32_) with sys_ and updates the kernel
entry points and all places in the code that use them. It also
fixes an additional name space collision between the kernel function
psignal and the libc function of the same name by renaming the kernel
psignal kern_psignal(). By introducing this change now we will ease future
MFCs that change syscalls.
Reviewed by: rwatson
Approved by: re (bz)
show more ...
|
| #
fab4c373 |
| 16-Sep-2011 |
Peter Grehan <grehan@FreeBSD.org> |
IFC @ r225592
sys/dev/bvm/bvm_console.c - move up to the new alt-break order.
|
| #
4ff9eb89 |
| 01-Sep-2011 |
Alexander Motin <mav@FreeBSD.org> |
Integrate from head at r225316.
|
| #
9c00bb91 |
| 16-Aug-2011 |
Konstantin Belousov <kib@FreeBSD.org> |
Add the fo_chown and fo_chmod methods to struct fileops and use them
to implement fchown(2) and fchmod(2) support for several file types
that previously lacked it. Add MAC entries for chown/chmod don
Add the fo_chown and fo_chmod methods to struct fileops and use them
to implement fchown(2) and fchmod(2) support for several file types
that previously lacked it. Add MAC entries for chown/chmod done on
posix shared memory and (old) in-kernel posix semaphores.
Based on the submission by: glebius
Reviewed by: rwatson
Approved by: re (bz)
show more ...
|
| #
cf914969 |
| 15-Aug-2011 |
Justin T. Gibbs <gibbs@FreeBSD.org> |
Integrate FreeBSD/head into projects/zfsd/head as of SVN revision 224870.
|
| #
854d7b9f |
| 13-Aug-2011 |
Robert Watson <rwatson@FreeBSD.org> |
Update use of the FEATURE() macro in sys_capability.c to reflect the move
to two different kernel options for capability mode vs. capabilities.
Approved by: re (bz)
|
| #
73516dbd |
| 13-Aug-2011 |
Robert Watson <rwatson@FreeBSD.org> |
Now that capability support has been committed, update and expand the
comment at the type of sys_capability.c to describe its new contents.
Approved by: re (xxx)
|
| #
69d377fe |
| 13-Aug-2011 |
Jonathan Anderson <jonathan@FreeBSD.org> |
Allow Capsicum capabilities to delegate constrained
access to file system subtrees to sandboxed processes.
- Use of absolute paths and '..' are limited in capability mode.
- Use of absolute paths an
Allow Capsicum capabilities to delegate constrained
access to file system subtrees to sandboxed processes.
- Use of absolute paths and '..' are limited in capability mode.
- Use of absolute paths and '..' are limited when looking up relative
to a capability.
- When a name lookup is performed, identify what operation is to be
performed (such as CAP_MKDIR) as well as check for CAP_LOOKUP.
With these constraints, openat() and friends are now safe in capability
mode, and can then be used by code such as the capability-mode runtime
linker.
Approved by: re (bz), mentor (rwatson)
Sponsored by: Google Inc
show more ...
|
| #
a9d2f8d8 |
| 11-Aug-2011 |
Robert Watson <rwatson@FreeBSD.org> |
Second-to-last commit implementing Capsicum capabilities in the FreeBSD
kernel for FreeBSD 9.0:
Add a new capability mask argument to fget(9) and friends, allowing system
call code to declare what c
Second-to-last commit implementing Capsicum capabilities in the FreeBSD
kernel for FreeBSD 9.0:
Add a new capability mask argument to fget(9) and friends, allowing system
call code to declare what capabilities are required when an integer file
descriptor is converted into an in-kernel struct file *. With options
CAPABILITIES compiled into the kernel, this enforces capability
protection; without, this change is effectively a no-op.
Some cases require special handling, such as mmap(2), which must preserve
information about the maximum rights at the time of mapping in the memory
map so that they can later be enforced in mprotect(2) -- this is done by
narrowing the rights in the existing max_protection field used for similar
purposes with file permissions.
In namei(9), we assert that the code is not reached from within capability
mode, as we're not yet ready to enforce namespace capabilities there.
This will follow in a later commit.
Update two capability names: CAP_EVENT and CAP_KEVENT become
CAP_POST_KEVENT and CAP_POLL_KEVENT to more accurately indicate what they
represent.
Approved by: re (bz)
Submitted by: jonathan
Sponsored by: Google Inc
show more ...
|
| #
7a270867 |
| 22-Jul-2011 |
Jonathan Anderson <jonathan@FreeBSD.org> |
Turn on AUDIT_ARG_RIGHTS() for cap_new(2).
Now that the code is in place to audit capability method rights, start
using it to audit the 'rights' argument to cap_new(2).
Approved by: re (kib), mento
Turn on AUDIT_ARG_RIGHTS() for cap_new(2).
Now that the code is in place to audit capability method rights, start
using it to audit the 'rights' argument to cap_new(2).
Approved by: re (kib), mentor (rwatson)
Sponsored by: Google Inc
show more ...
|
| #
bd2228ab |
| 19-Jul-2011 |
Peter Grehan <grehan@FreeBSD.org> |
IFC @ r224187
|
| #
935205e2 |
| 17-Jul-2011 |
Justin T. Gibbs <gibbs@FreeBSD.org> |
Integrate from Head into ZFSD feature branch as of revision r224141.
|
| #
cfb9df55 |
| 15-Jul-2011 |
Jonathan Anderson <jonathan@FreeBSD.org> |
Add cap_new() and cap_getrights() system calls.
Implement two previously-reserved Capsicum system calls:
- cap_new() creates a capability to wrap an existing file descriptor
- cap_getrights() querie
Add cap_new() and cap_getrights() system calls.
Implement two previously-reserved Capsicum system calls:
- cap_new() creates a capability to wrap an existing file descriptor
- cap_getrights() queries the rights mask of a capability.
Approved by: mentor (rwatson), re (Capsicum blanket)
Sponsored by: Google Inc
show more ...
|
| #
745bae37 |
| 15-Jul-2011 |
Jonathan Anderson <jonathan@FreeBSD.org> |
Add implementation for capabilities.
Code to actually implement Capsicum capabilities, including fileops and
kern_capwrap(), which creates a capability to wrap an existing file
descriptor.
We also
Add implementation for capabilities.
Code to actually implement Capsicum capabilities, including fileops and
kern_capwrap(), which creates a capability to wrap an existing file
descriptor.
We also modify kern_close() and closef() to handle capabilities.
Finally, remove cap_filelist from struct capability, since we don't
actually need it.
Approved by: mentor (rwatson), re (Capsicum blanket)
Sponsored by: Google Inc
show more ...
|
| #
af098ed8 |
| 04-Jul-2011 |
Jonathan Anderson <jonathan@FreeBSD.org> |
Add kernel functions to unwrap capabilities.
cap_funwrap() and cap_funwrap_mmap() unwrap capabilities, exposing the
underlying object. Attempting to unwrap a capability with an inadequate
rights mas
Add kernel functions to unwrap capabilities.
cap_funwrap() and cap_funwrap_mmap() unwrap capabilities, exposing the
underlying object. Attempting to unwrap a capability with an inadequate
rights mask (e.g. calling cap_funwrap(fp, CAP_WRITE | CAP_MMAP, &result)
on a capability whose rights mask is CAP_READ | CAP_MMAP) will result in
ENOTCAPABLE.
Unwrapping a non-capability is effectively a no-op.
These functions will be used by Capsicum-aware versions of _fget(), etc.
Approved by: mentor (rwatson), re (Capsicum blanket)
Sponsored by: Google Inc
show more ...
|