#
1829d5da |
| 12-Mar-2009 |
Warner Losh <imp@FreeBSD.org> |
Update the projects tree to a newer FreeBSD current.
|
#
095b4d26 |
| 09-Mar-2009 |
Christian S.J. Peron <csjp@FreeBSD.org> |
Mark the bsdextended rules sysctl as being mpsafe.
Discussed with: rwatson
|
#
9162f64b |
| 10-Jan-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Rather than having MAC policies explicitly declare what object types they label, derive that information implicitly from the set of label initializers in their policy operations set. This avoids a p
Rather than having MAC policies explicitly declare what object types they label, derive that information implicitly from the set of label initializers in their policy operations set. This avoids a possible class of programmer errors, while retaining the structure that allows us to avoid allocating labels for objects that don't need them. As before, we regenerate a global mask of labeled objects each time a policy is loaded or unloaded, stored in mac_labeled.
Discussed with: csjp Suggested by: Jacques Vidrine <nectar at apple.com> Obtained from: TrustedBSD Project Sponsored by: Apple, Inc.
show more ...
|
Revision tags: release/7.1.0_cvs, release/7.1.0 |
|
#
e57c2b13 |
| 04-Dec-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
integrate from head@185615
|
#
413628a7 |
| 29-Nov-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
MFp4: Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple addresses per jail. In addtion to IPv4, IPv6 is supported as well. Due to
MFp4: Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple addresses per jail. In addtion to IPv4, IPv6 is supported as well. Due to updated checks it is even possible to have jails without an IP address at all, which basically gives one a chroot with restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name in addition to the hostname. The jail name cannot be changed from within a jail and is considered to be used for management purposes or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit systems to manage jails. Also backward compatibility was preserved where possible: for jail v1 syscalls, as well as with user space management utilities.
Both jail as well as prison version were updated for the new features. A gap was intentionally left as the intermediate versions had been used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to: - Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches and Olivier Houchard (cognet) for initial single-IPv6 patches. - Jeff Roberson (jeff) and Randall Stewart (rrs) for their help, ideas and review on cpuset and SCTP support. - Robert Watson (rwatson) for lots and lots of help, discussions, suggestions and review of most of the patch at various stages. - John Baldwin (jhb) for his help. - Simon L. Nielsen (simon) as early adopter testing changes on cluster machines as well as all the testers and people who provided feedback the last months on freebsd-jail and other channels. - My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above) MFC after: 3 months (this is just so that I get the mail) X-MFC Before: 7.2-RELEASE if possible
show more ...
|
Revision tags: release/6.4.0_cvs, release/6.4.0 |
|
#
a1b9471a |
| 30-Oct-2008 |
Robert Watson <rwatson@FreeBSD.org> |
The V* flags passed using an accmode_t to the access() and open() access control checks in mac_bsdextended are not in the same namespace as the MBI_ flags used in ugidfw policies, so add an explicit
The V* flags passed using an accmode_t to the access() and open() access control checks in mac_bsdextended are not in the same namespace as the MBI_ flags used in ugidfw policies, so add an explicit conversion routine to get from one to the other.
Obtained from: TrustedBSD Project
show more ...
|
#
168a6ae7 |
| 27-Oct-2008 |
Robert Watson <rwatson@FreeBSD.org> |
When the mac_bsdextended policy is unloaded, free rule memory.
Obtained from: TrustedBSD Project MFC after: 3 days
|
#
34f6230e |
| 27-Oct-2008 |
Robert Watson <rwatson@FreeBSD.org> |
Break mac_bsdextended.c out into multiple .c files, with the base access control logic and policy registration remaining in that file, and access control checks broken out into other files by class o
Break mac_bsdextended.c out into multiple .c files, with the base access control logic and policy registration remaining in that file, and access control checks broken out into other files by class of check.
Obtained from: TrustedBSD Project
show more ...
|
#
e11e3f18 |
| 23-Oct-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Fix a number of style issues in the MALLOC / FREE commit. I've tried to be careful not to fix anything that was already broken; the NFSv4 code is particularly bad in this respect.
|
#
1ede983c |
| 23-Oct-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Retire the MALLOC and FREE macros. They are an abomination unto style(9).
MFC after: 3 months
|
#
cecd8edb |
| 17-Sep-2008 |
Attilio Rao <attilio@FreeBSD.org> |
Remove the suser(9) interface from the kernel. It has been replaced from years by the priv_check(9) interface and just very few places are left. Note that compatibility stub with older FreeBSD versio
Remove the suser(9) interface from the kernel. It has been replaced from years by the priv_check(9) interface and just very few places are left. Note that compatibility stub with older FreeBSD version (all above the 8 limit though) are left in order to reduce diffs against old versions. It is responsibility of the maintainers for any module, if they think it is the case, to axe out such cases.
This patch breaks KPI so __FreeBSD_version will be bumped into a later commit.
This patch needs to be credited 50-50 with rwatson@ as he found time to explain me how the priv_check() works in detail and to review patches.
Tested by: Giovanni Trematerra <giovanni dot trematerra at gmail dot com> Reviewed by: rwatson
show more ...
|
#
dfa7fd1d |
| 10-Sep-2008 |
Edward Tomasz Napierala <trasz@FreeBSD.org> |
Remove VSVTX, VSGID and VSUID. This should be a no-op, as VSVTX == S_ISVTX, VSGID == S_ISGID and VSUID == S_ISUID.
Approved by: rwatson (mentor)
|
#
0359a12e |
| 28-Aug-2008 |
Attilio Rao <attilio@FreeBSD.org> |
Decontextualize the couplet VOP_GETATTR / VOP_SETATTR as the passed thread was always curthread and totally unuseful.
Tested by: Giovanni Trematerra <giovanni dot trematerra at gmail dot com>
|
#
6356dba0 |
| 23-Aug-2008 |
Robert Watson <rwatson@FreeBSD.org> |
Introduce two related changes to the TrustedBSD MAC Framework:
(1) Abstract interpreter vnode labeling in execve(2) and mac_execve(2) so that the general exec code isn't aware of the details of
Introduce two related changes to the TrustedBSD MAC Framework:
(1) Abstract interpreter vnode labeling in execve(2) and mac_execve(2) so that the general exec code isn't aware of the details of allocating, copying, and freeing labels, rather, simply passes in a void pointer to start and stop functions that will be used by the framework. This change will be MFC'd.
(2) Introduce a new flags field to the MAC_POLICY_SET(9) interface allowing policies to declare which types of objects require label allocation, initialization, and destruction, and define a set of flags covering various supported object types (MPC_OBJECT_PROC, MPC_OBJECT_VNODE, MPC_OBJECT_INPCB, ...). This change reduces the overhead of compiling the MAC Framework into the kernel if policies aren't loaded, or if policies require labels on only a small number or even no object types. Each time a policy is loaded or unloaded, we recalculate a mask of labeled object types across all policies present in the system. Eliminate MAC_ALWAYS_LABEL_MBUF option as it is no longer required.
MFC after: 1 week ((1) only) Reviewed by: csjp Obtained from: TrustedBSD Project Sponsored by: Apple, Inc.
show more ...
|
#
80794edc |
| 31-Jul-2008 |
Robert Watson <rwatson@FreeBSD.org> |
In mac_bsdextended's auditctl and acct policy access control checks, return success if the passed vnode pointer is NULL (rather than panicking). This can occur if either audit or accounting are disa
In mac_bsdextended's auditctl and acct policy access control checks, return success if the passed vnode pointer is NULL (rather than panicking). This can occur if either audit or accounting are disabled while the policy is running.
Since the swapoff control has no real relevance to this policy, which is concerned about intent to write rather than water under the bridge, remove it.
PR: kern/126100 Reported by: Alan Amesbury <amesbury at umn dot edu> MFC after: 3 days
show more ...
|
Revision tags: release/7.0.0_cvs, release/7.0.0, release/6.3.0_cvs, release/6.3.0 |
|
#
eb320b0e |
| 29-Oct-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Resort TrustedBSD MAC Framework policy entry point implementations and declarations to match the object, operation sort order in the framework itself.
Obtained from: TrustedBSD Project
|
#
3f1a7a90 |
| 25-Oct-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Consistently name functions for mac_<policy> as <policy>_whatever rather than mac_<policy>_whatever, as this shortens the names and makes the code a bit easier to read.
When dealing with label struc
Consistently name functions for mac_<policy> as <policy>_whatever rather than mac_<policy>_whatever, as this shortens the names and makes the code a bit easier to read.
When dealing with label structures, name variables 'mb', 'ml', 'mm rather than the longer 'mac_biba', 'mac_lomac', and 'mac_mls', likewise making the code a little easier to read.
Obtained from: TrustedBSD Project
show more ...
|
#
30d239bc |
| 24-Oct-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Merge first in a series of TrustedBSD MAC Framework KPI changes from Mac OS X Leopard--rationalize naming for entry points to the following general forms:
mac_<object>_<method/action> mac_<objec
Merge first in a series of TrustedBSD MAC Framework KPI changes from Mac OS X Leopard--rationalize naming for entry points to the following general forms:
mac_<object>_<method/action> mac_<object>_check_<method/action>
The previous naming scheme was inconsistent and mostly reversed from the new scheme. Also, make object types more consistent and remove spaces from object types that contain multiple parts ("posix_sem" -> "posixsem") to make mechanical parsing easier. Introduce a new "netinet" object type for certain IPv4/IPv6-related methods. Also simplify, slightly, some entry point names.
All MAC policy modules will need to be recompiled, and modules not updates as part of this commit will need to be modified to conform to the new KPI.
Sponsored by: SPARTA (original patches against Mac OS X) Obtained from: TrustedBSD Project, Apple Computer
show more ...
|
#
45e0f3d6 |
| 10-Sep-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Rename mac_check_vnode_delete() MAC Framework and MAC Policy entry point to mac_check_vnode_unlink(), reflecting UNIX naming conventions.
This is the first of several commits to synchronize the MAC
Rename mac_check_vnode_delete() MAC Framework and MAC Policy entry point to mac_check_vnode_unlink(), reflecting UNIX naming conventions.
This is the first of several commits to synchronize the MAC Framework in FreeBSD 7.0 with the MAC Framework as it will appear in Mac OS X Leopard.
Reveiwed by: csjp, Samy Bahra <sbahra at gwu dot edu> Submitted by: Jacques Vidrine <nectar at apple dot com> Obtained from: Apple Computer, Inc. Sponsored by: SPARTA, SPAWAR Approved by: re (bmah)
show more ...
|
#
458f818f |
| 05-Jul-2007 |
Robert Watson <rwatson@FreeBSD.org> |
In preparation for 7.0 privilege cleanup, clean up style:
- Sort copyrights by date. - Re-wrap, and in some cases, fix comments. - Fix tabbing, white space, remove extra blank lines. - Remove commen
In preparation for 7.0 privilege cleanup, clean up style:
- Sort copyrights by date. - Re-wrap, and in some cases, fix comments. - Fix tabbing, white space, remove extra blank lines. - Remove commented out debugging printfs.
Approved by: re (kensmith)
show more ...
|
#
c2259ba4 |
| 14-Jun-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Include priv.h to pick up suser(9) definitions, missed in an earlier commit.
Warnings spotted by: kris
|
#
78007886 |
| 23-Apr-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Apply variable name normalization to MAC policies: adopt global conventions for the naming of variables associated with specific data structures.
Obtained from: TrustedBSD Project
|
#
18717f69 |
| 22-Apr-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Allow MAC policy modules to control access to audit configuration system calls. Add MAC Framework entry points and MAC policy entry points for audit(), auditctl(), auditon(), setaudit(), aud setauid
Allow MAC policy modules to control access to audit configuration system calls. Add MAC Framework entry points and MAC policy entry points for audit(), auditctl(), auditon(), setaudit(), aud setauid().
MAC Framework entry points are only added for audit system calls where additional argument context may be useful for policy decision-making; other audit system calls without arguments may be controlled via the priv(9) entry points.
Update various policy modules to implement audit-related checks, and in some cases, other missing system-related checks.
Obtained from: TrustedBSD Project Sponsored by: SPARTA, Inc.
show more ...
|
#
7405fcc3 |
| 23-Feb-2007 |
Robert Watson <rwatson@FreeBSD.org> |
More unnecessary include reduction.
|
#
d24c76d1 |
| 20-Feb-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Move mapping of MBI_APPEND to MBI_WRITE from inside the rule loop in mac_bsdextended_check() to before the loop, as it needs to happen only once.
MFC after: 1 week
|