the config file. This fixes the breakage caused by the recent change
in the behavior of device_add_child for ata (which shows soren's
reservations were well founded).
Submitted by: OGAWA Takaya <t-ogawa@triaez.kaisei.org>
really be moved elsewhere: p_candebug() encapsulates the security
policy decision, whereas the P_INEXEC check has to do with "correctness"
regarding race conditions, rather than security policy.
Example: even if no security protections were enforced (the "uids are
advisory" model), removing P_INEXEC could result in incorrect operation
due to races on credential evaluation and modification during execve().
Obtained from: TrustedBSD Project
o Reorder and synchronize #include's, including moving "opt_cap.h" to
above system includes.
o Introduce #ifdef'd kern.security.capabilities sysctl tree, including
kern.security.capabilities.enabled, which defaults to 0.
The rest of the file remains stubs for the time being.
Obtained from: TrustedBSD Project
o POSIX.1e capabilities authorize overriding of VEXEC for VDIR based
on CAP_DAC_READ_SEARCH, but of !VDIR based on CAP_DAC_EXECUTE. Add
appropriate conditionals to vaccess() to take that into account.
o Synchronization cap_check_xxx() -> cap_check() change.
Obtained from: TrustedBSD Project
- Introduce cap_check_td() to reflect suser_td()
- Introduce non-portable cap_from_text2_np(), which converts a
text-form capability to an internal form relative to an existing
capability, and non-portable cap_to_text2_np(), which accepts
a flag argument specifying more about the text output format.
- Introduce CTT_* flags controlling the behavior of
cap_to_text2_np().
Submitted by: tmm
Obtained from: TrustedBSD Project
If zero bytes are allocated, return pointer to the middle of page-zero
(which is protected) so that the program will crash if it dereferences
this illgotten pointer.
Inspired & Urged by: Theo de Raadt <deraadt@cvs.openbsd.org>
When we truncate the msgbuf size because the last chunk is too small,
correctly terminate the phys_avail[] array - the VM system tests
the *end* for zero, not the start. This leads the VM startup to
attempt to recreate a duplicate set of pages for all physical memory.
XXX the msgbuf handling is suspiciously different on i386 vs
alpha/ia64...
o Add reference to TrustedBSD Project in license header.
o Update dated comments, including comment in extattr.h claiming that
no file systems support extended attributes.
o Improve comment consistency.
credential selection, rather than reference via a thread or process
pointer. This is part of a gradual migration to suser() accepting
a struct ucred instead of a struct proc, simplifying the reference
and locking semantics of suser().
Obtained from: TrustedBSD Project
refuses to start if it does not find a matching entry for the terminal
type.
My impression is that this is a problem in the shell, because
at least on PicoBSD images, the shell itself coredumps.
Anyways, this is the quickest fix i can come up with.
- Now that apm loadable module can inform its existence to other kernel
components (e.g. i386/isa/clock.c:startrtclock()'s TCS hack).
- Exchange priority of SI_SUB_CPU and SI_SUB_KLD for above purpose.
- Add simple arbitration mechanism for APM vs. ACPI. This prevents
the kernel enables both of them.
- Remove obsolete `#ifdef DEV_APM' related code.
- Add abstracted interface for Powermanagement operations. Public apm(4)
functions, such as apm_suspend(), should be replaced new interfaces.
Currently only power_pm_suspend (successor of apm_suspend) is implemented.
Reviewed by: peter, arch@ and audit@
- if nsswitch.conf exists, host.conf is auto-generated for compatibility
with legacy applications and libraries.
- if host.conf exists but nsswitch.conf does not, nsswitch.conf is auto-
generated as usual.
