they may be statically linked into the kernel. Note that statically
linked modules, unlike dynamically linked modules, get INVARIANTS,
so if there are INVARIANTS failures, you'll bump into them rather
than not. Add the options to NOTES.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
MAC labels are set if MAC is enabled and configured for the user
logging in.
Note that lukemftpd is not considered a supported application when
MAC is enabled, as it does not use the standard system interfaces for
managing user contexts; if lukemftpd is used with labeled MAC policies,
it will not properly give up privileges when switching to the user
account.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
# or any login.conf resource limits or features; use it only if this is
# appropriate for your environment. If you require these features, use
# the regular FreeBSD ftpd below.
Discourage users from using lukemftpd if they rely any of these standard
FreeBSD features that are fully supported by our native ftpd. There
may be other features that are not yet supported that I have not yet
discovered.
linking.
* Fix disorder in the SEE ALSO sections of aio_*(2).
* Remove unnecessary cross-references from the SEE ALSO sections of
aio_*(2); config(8), kldload(8) and kldunload(8) are cross-referenced
from aio(4).
* Remove the KERNEL OPTIONS sections from aio_*(2), now that these
pages cross-reference aio(4), which contains suitable kernel linking
reference material.
Add code to free KSEs and KSEGRPs on exit.
Sort KSE prototypes in proc.h.
Add the missing kse_exit() syscall.
ksetest now does not leak KSEs and KSEGRPS.
Submitted by: (parts) davidxu
extra function calls. Refactor uma_zalloc_internal into seperate functions
for finding the most appropriate slab, filling buckets, allocating single
items, and pulling items off of slabs. This makes the code significantly
cleaner.
- This also fixes the "Returning an empty bucket." panic that a few people
have seen.
Tested On: alpha, x86
pages are 4KB.
o As a second order fix, don't assume we have enough space
after the bootinfo block left in a page to hold the memory
map.
o A third order fix as that we removed the assumption that a
bootinfo block fits in a single 8KB page.
PR: ia64/39415
submitted by: Espen Skoglund <esk@ira.uka.de>
held. This avoids a lock order reversal when destroying zones.
Unfortunately, this also means that the free checks are not done before
the destructor is called.
Reported by: phk
data that will be modified. And do the appropriate thing now and free the
v->name buffer along with other relinquished memory.
XXX There is duplication here of destroying a Var, which is probably bogus,
and probably missed in a few places.
more efficient. The problem with the previous implementation was that it
calculated the length of the first argument ("big") with wcslen() when
it was not necessary.
to the primary local IP address when doing a TCP connect(). The
tcp_connect() code was relying on in_pcbconnect (actually in_pcbladdr)
modifying the passed-in sockaddr, and I failed to notice this in
the recent change that added in_pcbconnect_setup(). As a result,
tcp_connect() was ending up using the unmodified sockaddr address
instead of the munged version.
There are two cases to handle: if in_pcbconnect_setup() succeeds,
then the PCB has already been updated with the correct destination
address as we pass it pointers to inp_faddr and inp_fport directly.
If in_pcbconnect_setup() fails due to an existing but dead connection,
then copy the destination address from the old connection.
object to retrieve label information on, rather than directly
consuming the fts-provided paths (none of which are quite right).
This is based on the similar readlink() code, and may contain
the same bugs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
to be passed. Point this out in a warning notice, which will eventually
go away, sometime between now and -RELEASE.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
than the LOMAC-specific interfaces for listing MAC labels. This permits
ls to view MAC labels in a manner similar to getfmac, when ls is used
with the -l argument. Next generation LOMAC will use the MAC Framework
so should "just" work with this and other policies. Not the prettiest
code in the world, but then, neither is ls(1).
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
the LOMAC-specific interface (which is being deprecated). The
revised LOMAC using the MAC framework will export levels listable
using this mechanism.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
This policy can be loaded dynamically, and assigns each process a
partition number, as well as permitting processes to operate outside
the partition. Processes contained in a partition can only "see"
processes inside the same partition, so it's a little like jail.
The partition of a user can be set using the label mechanisms in
login.conf. This sample policy is a good starting point for developers
wanting to learn about how to produce labeled policies, as it labels
only one kernel object, the process credential.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
This policy can be loaded dynamically, and assigns each process a
partition number, as well as permitting processes to operate outside
the partition. Processes contained in a partition can only "see"
processes inside the same partition, so it's a little like jail.
The partition of a user can be set using the label mechanisms in
login.conf. This sample policy is a good starting point for developers
wanting to learn about how to produce labeled policies, as it labels
only one kernel object, the process credential.
PR:
Submitted by:
Reviewed by:
Approved by:
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
might help on the systems it could possibly be used as a bandaid for. In
fact, the only thing it's useful for is instrumenting free(3) calls, and in
that capacity, it's better served as a local patch, than a public wrapper.
regarding 802.1 MAC and Mandatory Access Control (MAC). Some
potential for confusion remains further in other areas of the
system regarding Message Authentication Codes (MAC).
Requested by: wollman
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
