process that caused the clone event to take place for the device driver
creating the device. This allows cloned device drivers to adapt the
device node based on security aspects of the process, such as the uid,
gid, and MAC label.
- Add a cred reference to struct cdev, so that when a device node is
instantiated as a vnode, the cloning credential can be exposed to
MAC.
- Add make_dev_cred(), a version of make_dev() that additionally
accepts the credential to stick in the struct cdev. Implement it and
make_dev() in terms of a back-end make_dev_credv().
- Add a new event handler, dev_clone_cred, which can be registered to
receive the credential instead of dev_clone, if desired.
- Modify the MAC entry point mac_create_devfs_device() to accept an
optional credential pointer (may be NULL), so that MAC policies can
inspect and act on the label or other elements of the credential
when initializing the skeleton device protections.
- Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(),
so that the pty clone credential is exposed to the MAC Framework.
While currently primarily focussed on MAC policies, this change is also
a prerequisite for changes to allow ptys to be instantiated with the UID
of the process looking up the pty. This requires further changes to the
pty driver -- in particular, to immediately recycle pty nodes on last
close so that the credential-related state can be recreated on next
lookup.
Submitted by: Andrew Reisse <andrew.reisse@sparta.com>
Obtained from: TrustedBSD Project
Sponsored by: SPAWAR, SPARTA
MFC after: 1 week
MFC note: Merge to 6.x, but not 5.x for ABI reasons
o Add two new ioctl's KBADDKBD and KBRELKBD. These are used to add and remove
keyboard to (and from) kbdmux(4) keyboard multiplexer;
o Introduce new kbd_find_keyboard2() function. It does exactly the same job
as kbd_find_keyboard() function except it allows to specify starting index.
This function can be used to iterate over keyboards array;
o Re-implement kbd_find_keyboard() as call to kbd_find_keyboard2() with starting
index of zero;
o Make sure syscons(4) passed KBADDKBD and KBRELKBD ioctl's onto currently
active keyboard.
These changes should not have any visible effect.
MFC after: 1 week
syscalls.master for the master list and the Alpha/OSF1 compat ABI to be
consistent with all the other compat ABIs where 'make sysent' already
works.
MFC after: 3 days
we can only bridge interfaces with the same value it meant that all members had
to be set at ETHERMTU as well.
Allow the first member to be added to define the MTU for the bridge, the check
still applies to all additional members.
Print an informative message if the MTU is incorrect [1]
Requested by: Niki Denev [1]
Approved by: mlaier (mentor)
MFC after: 3 days
from this socket
* Enable non-blocking I/O on devd.pipe to keep clients from wedging devd.
If a write(2) on devd.pipe would block, the client in question will be
removed [1]
Requested by: rwatson [1]
Approved by: imp
1) An unquoted space is always a separator, even when not "in_arg".
2) When a new destination buffer must be allocated during variable
substitution, only copy data from the active buffer to the new
one when we *are* "in_arg".
These were noticed when testing variable-substitution of variables
which have null values, and are not inside quoted strings...
MFC plans: after a few days, and re@ approval...
- Make sure timer0_max_count is set to a correct value in the lapic case.
- Revert i8254_restore() to explicitly reprogram timer 0 rather than
calling set_timer_freq() to do it. set_timer_freq() only reprograms
the counter if the max count changes which it never does on resume. This
unbreaks suspend/resume for several people.
Tested by: marks, others
Reviewed by: bde
MFC after: 3 days
in the PCI config registers) that are > 15 as $PIR can only route PCI
interrupts to ISA IRQs which are limited to the 0 to 15 range.
- Remove an extra word from a printf.
Reported by: othermark atkin901 at yahoo dot com
MFC after: 3 days
since it calls into VFS and VM. This makes the freebsd32_mmap() routine
MP safe and the extra Giants here can be revisited later.
Glanced at by: marcel
MFC after: 3 days
o Use pf more consistantly for pccard_function.
o Make sure we quote the strings properly (maybe this function belongs in
subr_bus.c)
o Tweak a comment to be more accurate after code changed.
and combine the old xe_pccard_{probe,attach} into one routine _attach.
Create a lookup function to lookup items in the table. Eliminate the
check for network cards, since many modems were eliminated by it.
Tweak a few printfs as well.
This gets many of my older cards working again CEM2, CEM28, CEM36,
etc.
support for them can really be added. Eliminate the check for network
card, because many of the cards in the commented out section are combo
cards and report themselves as either multifunction or modem. They
will be added back as I obtain hardware and test them more fully.
few other cards need. This firmware was obtained from the Linux
pcmica-cs project, but Ositech Communications, Inc has been kind
enough to grant permission to change the license to a pure BSDL type.
enabling of interrupts inside of trap(). Fix a typo in a comment.
Revert rev 1.113 of "sys/i386/i386/exception.s" as it is no longer
needed.
Reviewed by: bde
MFC after: 3 days
- It is acceptable to call free(3) when the given pointer itself
is NULL, so we do not need to determine NULL before passing
a pointer to free(3)
- Handle failure of malloc(3)
MT6/5 Candidate
Submitted by: Dan Lukes <dan at obluda cz>
PR: bin/83352
This involves having passwd bits available so that seteuid("_dhcp") work,
and creating /var/empty so that chroot(_VAR_EMPTY) works. My gut feeling
is that the better solution is to make privsep and chroot optional in
dhclient, but this works well for now and is low-risk.
Approved by: re
it about the lease file location and not invoking it with the (non-existant)
'-r' option. Releasing leases works vastly different now, so this isn't
needed.
Submitted by: sam
Approved by: re
