permit users and groups to bind ports for TCP or UDP, and is intended
to be combined with the recently committed support for
net.inet.ip.portrange.reservedhigh. The policy is twiddled using
sysctl(8). To use this module, you will need to compile in MAC
support, and probably set reservedhigh to 0, then twiddle
security.mac.portacl.rules to set things as desired. This policy
module only restricts ports explicitly bound using bind(), not
implicitly bound ports where the port number is selected by the
IP stack. It appears to work properly in my local configuration,
but needs more broad testing.
A sample policy might be:
# sysctl security.mac.portacl.rules="uid:425:tcp:80,uid:425:tcp:79"
This permits uid 425 to bind TCP sockets to ports 79 and 80. Currently
no distinction is made for incoming vs. outgoing ports with TCP,
although that would probably be easy to add.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
for the agp module, and add agp to the list of modules to compile for alpha.
Add an alpha_mb() to agp_flush_cache for alpha -- it's not correct but may
improve the situation, and it's what linux and NetBSD do.
Interface (SMAPI) BIOS, which is present on some IBM
Thinkpad models (560, 600, 770 to name a few.)
The SMAPI BIOS provides access to System Information,
System Configuration, and Power Management.
module dependency system rely on linker behaviour that is machine dependent
and not part of the elf spec, and only work by accident on other platforms.
Approved by: re
the supported platforms. We build it into GENERIC, and it is currently
listed on the supported module list for drivers.conf on i386, which
breaks the release build. This may fix the release build for RC1 on
i386.
Conspiracy of: re
is a compiler tool and needs to be compiled by the host compiler. I've
tested this in i386->sparc cross-build, 4.7->current upgrade, normal
buildkernel target, and normal /sys/i386/compile/GENERIC configurations.
Submitted by: ru
This policy can be loaded dynamically, and assigns each process a
partition number, as well as permitting processes to operate outside
the partition. Processes contained in a partition can only "see"
processes inside the same partition, so it's a little like jail.
The partition of a user can be set using the label mechanisms in
login.conf. This sample policy is a good starting point for developers
wanting to learn about how to produce labeled policies, as it labels
only one kernel object, the process credential.
PR:
Submitted by:
Reviewed by:
Approved by:
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
- Add detach support to the driver so that you can kldunload the module.
Note that currently rc_detach() fails to detach a unit if any of its
child devices are open, thus a kldunload will fail if any of the tty
devices are currently open.
- sys/i386/isa/ic/cd180.h was moved to sys/dev/ic/cd180.h as part of
this change.
Requested by: rwatson
Tested by: rwatson
