Commit Graph

78311 Commits

Author SHA1 Message Date
rwatson
c328272c1f Introduce support for Mandatory Access Control and extensible
kernel access control.

Label BPF descriptor objects, permitting security features to be
maintained on those objects.  bd_label will be used to authorize
data flow from network interfaces to user processes.  BPF
labels are protected using the same synchronization model as other
mutable data in the BPF descriptor.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:03:29 +00:00
rwatson
6a39ed41ad Introduce support for Mandatory Access Control and extensible
kernel access control.

Replace 'void *' with 'struct mac *' now that mac.h is in the base
tree.  The current POSIX.1e-derived userland MAC interface is
schedule for replacement, but will act as a functional placeholder
until the replacement is done.  These system calls allow userland
processes to get and set labels on both the current process, as well
as file system objects and file descriptor backed objects.
2002-07-30 22:43:20 +00:00
rwatson
7a3580a0f5 Introduce support for Mandatory Access Control and extensible kernel
access control.

Label socket IPC objects, permitting security features to be maintained
at the granularity of the socket.  Two labels are stored for each
socket: the label of the socket itself, and a cached peer label
permitting interogation of the remote endpoint.  Since socket locking
is not yet present in the base tree, these objects are not locked,
but are assumed to follow the same semantics as other modifiable
entries in the socket structure.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:39:28 +00:00
rwatson
8b1351b992 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label pipe IPC objects, permitting security information to be
maintained at the granularity of the pipe object.  The label is
shared between the two pipe endpoints in the style of the
pipe mutex, and is maintained using similar conventions.  The
label is protected by the pipe mutex.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:33:28 +00:00
imp
74bf9e55ce Fix path to other files.<arch> files.
Fix disordering of libkern/crc32.c entry.

MFC after: 1 day
2002-07-30 22:28:43 +00:00
rwatson
13322e6ac4 Introduce support for Mandatory Access Control and extensible kernel
access control.

Label process credentials, permitting security information to be
maintained at the granularity of processes and cached credential
objects.  cr_label follows the semantics of other entries in struct
ucred: when a credential is exclusively referenced, it may be
modified.  Otherwise, it must be treated as immutable.  As with
other interesting entries in struct ucred, failing to use the
documented credential management APIs (such as crcopy, crdup, ...)
can result in data corruption or incorrect behavior.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:28:28 +00:00
rwatson
30b8dc37ec Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label file system mount points, permitting security information to be
maintained at the granularity of the file system.  Two labels are
currently maintained: a security label for the mount itself, and
a default label for objects in the file system (in particular, for
file systems not supporting per-vnode labeling directly).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:22:35 +00:00
rwatson
4afe0a78dd Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the operating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Introduce two node vnode operations required to support MAC.  First,
VOP_REFRESHLABEL(), which will be invoked by callers requiring that
vp->v_label be sufficiently "fresh" for access control purposes.
Second, VOP_SETLABEL(), which be invoked by callers requiring that
the passed label contents be updated.  The file system is responsible
for updating v_label if appropriate in coordination with the MAC
framework, as well as committing to disk.  File systems that are
not MAC-aware need not implement these VOPs, as the MAC framework
will default to maintaining a single label for all vnodes based
on the label on the file system mount point.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:15:09 +00:00
rwatson
f781aacf3f Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label vnodes, permitting security information to maintained at the
granularity of the individual file, directory (et al).  This data is
protected by the vnode lock and may be read only when holding a shared
lock, or modified only when holding an exclusive lock.  Label
information may be considered either the primary copy, or a cached
copy.  Individual file systems or kernel services may use the
VCACHEDLABEL flag for accounting purposes to determine which it is.
New VOPs will be introduced to refresh this label on demand, or to
set the label value.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:08:12 +00:00
rwatson
b9347f6261 Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label mbuf's with packet header data, permitting in-flight datagrams
to be labeled in the TrustedBSD MAC implementation.  Add a questionable
recursive #include of sys/mac.h to maintain the current API for
applications and kernel code including mbuf.h to get 'struct mbuf'
definition.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:03:57 +00:00
fenner
fe68025772 Call bpf_mtap() on output, to catch outgoing packets for e.g. tcpdump . 2002-07-30 21:47:14 +00:00
rwatson
187184514a Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

kern_mac.c contains the body of the MAC framework.  Kernel and
user APIs defined in mac.h are implemented here, providing a front end
to loaded security modules.  This code implements a module registration
service, state (label) management, security configuration and policy
composition.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 21:36:05 +00:00
rwatson
ea685975fd Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Include files to declare MAC userland interface (mac.h), MAC subsystem
entry points (mac.h), and MAC policy entry points (mac_policy.h).  These
files define the interface between the kernel and the MAC framework,
and between the MAC framework and each registered policy module.  These
APIs and ABIs may not be assumed to be stable until following FreeBSD
5.1-RELEASE.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 21:32:34 +00:00
blackend
edc7f10bfd Correct URLs to Handbook & FAQ's pages
MFC after:	1 week
2002-07-30 21:14:15 +00:00
julian
d7d6c140bb Don't need to hold schedlock specifically for stop() ans it calls wakeup()
that locks it anyhow.

Reviewed by: jhb@freebsd.org
2002-07-30 21:13:48 +00:00
bmilekic
af5b6c25ed Make reference counting for mbuf clusters [only] work like in RELENG_4.
While I don't think this is the best solution, it certainly is the
fastest and in trying to find bottlenecks in network related code
I want this out of the way, so that I don't have to think about it.
What this means, for mbuf clusters anyway is:
- one less malloc() to do for every cluster allocation (replaced with
  a relatively quick calculation + assignment)
- no more free() in the cluster free case (replaced with empty space) :-)

This can offer a substantial throughput improvement, but it may not for
all cases.  Particularly noticable for larger buffer sends/recvs.
See http://people.freebsd.org/~bmilekic/code/measure2.txt for a rough
idea.
2002-07-30 21:06:27 +00:00
blackend
a0a3052c0d Correct links to Handbook's pages, old URLs does not work anymore.
MFC after:	1 week
2002-07-30 21:04:26 +00:00
phk
72be14e0c2 Remove some additional paranoia which Kirk forgot to remove from his
UFS2 commit.

These bits in essence made any instance of "softupdates expected
corrution", (ie blocks marked allocated but not referenced by an
inode etc) result in a exit value for fsck_ffs of 2.

2 is part of the magic and appearantly undocumented protocol between
fsck_FOO and fsck and means "dump into single user mode ASAP.

Sponsored by:	DARPA & NAI Labs.
2002-07-30 20:49:29 +00:00
alc
f8e32ffafc o Replace vm_page_sleep_busy() with vm_page_sleep_if_busy()
in vfs_busy_pages().
2002-07-30 20:41:10 +00:00
julian
9a6aebed85 Remove code that removes thread from sleep queue before
adding it to a condvar wait.
We do not have asleep() any more so this can not happen.
2002-07-30 20:34:30 +00:00
fanf
c12174d890 Fix some bugs in in-place editing:
(1) errors from freopen were not reported correctly
(2) large files were not handled correctly
(3) read-only files broke things

MFC after:	1 week
2002-07-30 19:42:18 +00:00
iwasaki
ad8c79e8d3 Resolve conflicts arising from the ACPI CA 20020725 import. 2002-07-30 19:35:32 +00:00
iwasaki
06df2724f2 This commit was generated by cvs2svn to compensate for changes in r100966,
which included commits to RCS files with non-trunk default branches.
2002-07-30 19:33:39 +00:00
iwasaki
3f86517f16 Vendor import of the Intel ACPI CA 20020725 drop. 2002-07-30 19:33:39 +00:00
alc
5c6803c203 o In do_sendfile(), replace vm_page_sleep_busy() by vm_page_sleep_if_busy()
and extend the scope of the page queues lock to cover all accesses
   to the page's flags and busy fields.
2002-07-30 18:51:07 +00:00
rwatson
845dffbf88 When referencing nd_cnp after namei(), always pass SAVENAME into
NDINIT() operation flags.

Submitted by:	green
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 18:48:25 +00:00
rwatson
c6b66c2691 Make M_COPY_PKTHDR() macro into a wrapper for a m_copy_pkthdr()
function.  This permits conditionally compiled extensions to the
packet header copying semantic, such as extensions to copy MAC
labels.

Reviewed by:	bmilekic
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 18:28:58 +00:00
joe
d1d4ff684b Commit a version of the uvisor driver for connecting Handspring
Visors via USB.

Submitted by:	Chia-liang Kao <clkao@clkao.org>
2002-07-30 17:44:28 +00:00
jhb
acfd6b7cdb If we get 0xffff back when reading the status register, assume the card
has gone away instead of spinning in the interrupt handler.  This stops
my machine from hanging when I eject a rl(4)-based cardbus card.

Reviewed by:	imp
2002-07-30 17:31:42 +00:00
rwatson
7b283587ff Regen. 2002-07-30 16:52:22 +00:00
rwatson
a5d49aad22 Introduce a mac_policy() system call that will provide MAC policies
with a general purpose front end entry point for user applications
to invoke.  The MAC framework will route the system call to the
appropriate policy by name.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 16:50:25 +00:00
sobomax
5a31624be8 Add support for controlling line1 mixer device, which on some cards represents
onboard FM tuner.

MFC after:	2 weeks
2002-07-30 16:24:00 +00:00
nectar
233d03aeb0 For processes which are set-user-ID or set-group-ID, the kernel performs a few
special actions for safety.  One of these is to make sure that file descriptors
0..2 are in use, by opening /dev/null for those that are not already open.
Another is to close any file descriptors 0..2 that reference procfs.  However,
these checks were made out of order, so that it was still possible for a
set-user-ID or set-group-ID process to be started with some of the file
descriptors 0..2 unused.

Submitted by:	Georgi Guninski <guninski@guninski.com>
2002-07-30 15:38:29 +00:00
nectar
6ee4fd55b3 Update list of installed manual pages after regenerating them. 2002-07-30 14:47:24 +00:00
nectar
6a48d41b10 This commit was generated by cvs2svn to compensate for changes in r100946,
which included commits to RCS files with non-trunk default branches.
2002-07-30 14:34:51 +00:00
nectar
3b5892151d Import the regenerated OpenSSL man pages after import of OpenSSL 0.9.6e. 2002-07-30 14:34:51 +00:00
blackend
6e6fb7c7e1 Correct links to Handbook's pages:
http://www.freebsd.org/handbook/mirrors.html is not working anymore,
http://www.freebsd.org/doc/handbook/mirrors.html is the new link

MFC after:	1 week
2002-07-30 14:08:16 +00:00
tjr
ba1a9e1f8e Ignore leading semicolons on commands; required by SUSv3.
Obtained from:	NetBSD (kleink, Aymeric Vincent)
2002-07-30 14:07:30 +00:00
nectar
7625856522 Resolve conflicts after import of OpenSSL 0.9.6e. 2002-07-30 13:58:53 +00:00
nectar
68c2a105ef This commit was generated by cvs2svn to compensate for changes in r100936,
which included commits to RCS files with non-trunk default branches.
2002-07-30 13:38:06 +00:00
nectar
a894923e6e Import of OpenSSL 0.9.6e. 2002-07-30 13:38:06 +00:00
phk
5a34f587ca Warning cleanup.
Format changes by peter
2002-07-30 13:01:25 +00:00
nectar
31ebfad899 This man page has not been referenced by anything for a while,
and is not part of the OpenSSL distribution.  Remove it.
2002-07-30 12:54:03 +00:00
nectar
908efc6947 Update to match reality (i.e. reference libcrypto headers and
libraries, not the no-longer-existent libdes).
2002-07-30 12:53:15 +00:00
nectar
1647add569 Remove many obsolete files. The majority of these are simply no
longer included as part of the OpenSSL distribution.  However, a few
we just don't need and are explicitly excluded in FREEBSD-Xlist.
2002-07-30 12:51:09 +00:00
nectar
44289c2856 Resolve conflicts after import of OpenSSL 0.9.6d. 2002-07-30 12:46:49 +00:00
nectar
dc925dcd93 Import of OpenSSL 0.9.6d. 2002-07-30 12:44:15 +00:00
nectar
56c6c7c27b This commit was generated by cvs2svn to compensate for changes in r100928,
which included commits to RCS files with non-trunk default branches.
2002-07-30 12:44:15 +00:00
nectar
988b2d91c3 Update list of files to remove prior to import of OpenSSL 0.9.6d 2002-07-30 12:38:41 +00:00
phk
b9ebc84981 Fix braino in last commit. 2002-07-30 12:02:41 +00:00