Robert Watson a9d2f8d84f Second-to-last commit implementing Capsicum capabilities in the FreeBSD ... kernel for FreeBSD 9.0: Add a new capability mask argument to fget(9) and friends, allowing system call code to declare what capabilities are required when an integer file descriptor is converted into an in-kernel struct file *. With options CAPABILITIES compiled into the kernel, this enforces capability protection; without, this change is effectively a no-op. Some cases require special handling, such as mmap(2), which must preserve information about the maximum rights at the time of mapping in the memory map so that they can later be enforced in mprotect(2) -- this is done by narrowing the rights in the existing max_protection field used for similar purposes with file permissions. In namei(9), we assert that the code is not reached from within capability mode, as we're not yet ready to enforce namespace capabilities there. This will follow in a later commit. Update two capability names: CAP_EVENT and CAP_KEVENT become CAP_POST_KEVENT and CAP_POLL_KEVENT to more accurately indicate what they represent. Approved by: re (bz) Submitted by: jonathan Sponsored by: Google Inc		2011-08-11 12:30:23 +00:00
..
amd64	Second-to-last commit implementing Capsicum capabilities in the FreeBSD	2011-08-11 12:30:23 +00:00
arm	- Move the PG_UNMANAGED flag from m->flags to m->oflags, renaming the flag	2011-08-09 21:01:36 +00:00
boot	Fix buffer overflow in sys/boot/common/util.c's printf(), when printing	2011-08-08 20:53:04 +00:00
bsm	Add ECAPMODE, "Not permitted in capability mode", a new kernel errno	2011-03-01 13:14:28 +00:00
cam	Higher-priority initialization request can eat request scheduling done from	2011-07-30 21:42:53 +00:00
cddl	Second-to-last commit implementing Capsicum capabilities in the FreeBSD	2011-08-11 12:30:23 +00:00
compat	Second-to-last commit implementing Capsicum capabilities in the FreeBSD	2011-08-11 12:30:23 +00:00
conf	Looks like we're ready for 9.0-BETA1 builds.	2011-07-26 04:00:00 +00:00
contrib	Update packet filter (pf) code to OpenBSD 4.5.	2011-06-28 11:57:25 +00:00
crypto	Fix a bug in the result of manual assembly.	2011-03-02 14:56:58 +00:00
ddb	Fix making kernel dumps from the debugger by creating a command	2011-06-07 01:28:12 +00:00
dev	Second-to-last commit implementing Capsicum capabilities in the FreeBSD	2011-08-11 12:30:23 +00:00
fs	Second-to-last commit implementing Capsicum capabilities in the FreeBSD	2011-08-11 12:30:23 +00:00
gdb	Modify kdb_trap() so that it re-calls the dbbe_trap function as long as	2011-02-18 22:25:11 +00:00
geom	Add some spare fields to the g_class and g_geom structures needed to implement	2011-07-17 20:35:30 +00:00
gnu	Second-to-last commit implementing Capsicum capabilities in the FreeBSD	2011-08-11 12:30:23 +00:00
i386	Second-to-last commit implementing Capsicum capabilities in the FreeBSD	2011-08-11 12:30:23 +00:00
ia64	- Move the PG_UNMANAGED flag from m->flags to m->oflags, renaming the flag	2011-08-09 21:01:36 +00:00
isa	Move VT switching hack for suspend/resume from bus drivers to syscons.c	2011-05-09 18:46:49 +00:00
kern	Second-to-last commit implementing Capsicum capabilities in the FreeBSD	2011-08-11 12:30:23 +00:00
kgssapi	Add a small comment about unloading the kgsappi module.	2011-07-16 08:05:49 +00:00
libkern	Fix typos - remove duplicate "is".	2011-02-23 09:22:33 +00:00
mips	- Move the PG_UNMANAGED flag from m->flags to m->oflags, renaming the flag	2011-08-09 21:01:36 +00:00
modules	Add new USB 3G driver.	2011-07-08 10:58:56 +00:00
net	In rtinit1(), before rtrequest1_fib() is called, info.rti_flags is	2011-08-08 05:25:51 +00:00
net80211	When setting a fixed channel on adapters with 11n support the scan	2011-08-08 16:29:07 +00:00
netatalk
netgraph	Second-to-last commit implementing Capsicum capabilities in the FreeBSD	2011-08-11 12:30:23 +00:00
netinet	If RTF_HOST flag is specified, then we are interested in destination	2011-08-10 06:17:06 +00:00
netinet6	The result of a joint work between rrs@ and myself at the IETF:	2011-08-03 20:21:00 +00:00
netipsec	Update packet filter (pf) code to OpenBSD 4.5.	2011-06-28 11:57:25 +00:00
netipx
netnatm
netncp
netsmb
nfs	Set proper root device name when legacy NFS client is compiled into kernel.	2011-06-29 15:17:29 +00:00
nfsclient	Merge 220876, 220877, and 221537 from the new NFS client to the old:	2011-08-09 15:29:58 +00:00
nfsserver	Second-to-last commit implementing Capsicum capabilities in the FreeBSD	2011-08-11 12:30:23 +00:00
nlm	Add a lock flags argument to the VFS_FHTOVP() file system	2011-05-22 01:07:54 +00:00
ofed	MFC	2011-05-27 16:09:10 +00:00
opencrypto	After the r219999 is merged to stable/8, rename fallocf(9) to falloc(9)	2011-04-01 13:28:34 +00:00
pc98	Change all the sample kernel configurations to use	2011-08-07 20:16:46 +00:00
pci	Add new device id of D-Link DGE-530T Rev. C controller. DGE-503T	2011-07-30 01:06:12 +00:00
powerpc	- Move the PG_UNMANAGED flag from m->flags to m->oflags, renaming the flag	2011-08-09 21:01:36 +00:00
rpc	Fix the kgssapi so that it can be loaded as a module. Currently	2011-06-19 22:08:55 +00:00
security	Second-to-last commit implementing Capsicum capabilities in the FreeBSD	2011-08-11 12:30:23 +00:00
sparc64	- Move the PG_UNMANAGED flag from m->flags to m->oflags, renaming the flag	2011-08-09 21:01:36 +00:00
sys	Second-to-last commit implementing Capsicum capabilities in the FreeBSD	2011-08-11 12:30:23 +00:00
teken	Fix various whitespace inconsistencies in sys/teken.	2011-06-26 18:25:10 +00:00
tools	GNU awk does not output escaped newlines in multi-line printc statements. This	2011-03-31 21:33:33 +00:00
ufs	Second-to-last commit implementing Capsicum capabilities in the FreeBSD	2011-08-11 12:30:23 +00:00
vm	Second-to-last commit implementing Capsicum capabilities in the FreeBSD	2011-08-11 12:30:23 +00:00
x86	Fix build when NEW_PCIB is not defined.	2011-07-16 14:05:34 +00:00
xdr
xen	Monitor and emit events for XenStore changes to XenBus trees	2011-06-11 04:59:01 +00:00
Makefile	Include sys/xen in cscope tag file generation.	2011-06-10 20:51:41 +00:00