but since pc hardware only allows one AT-style keyboard controller, this
doesn't seem particularly urgent. (I do not know what the old sunriver
remote keyboard/mouse/vga cards do, that might be an exception).
little more than a place holder, because nothing actually counted the
number of 'sc' units to compare it against NSC. A bit more work here
is needed so that the scaling of SC_MAX_HISTORY_SIZE and extra_history_size
goes up when more sc units are added. But, it does not appear that we can
have more than one console yet, so it does not seem particularly urgent.
it complains that it can't do it because the filesystem is readonly.
Assume that when the user has a readonly /dev that they don't care if
login can't change the permissions/flags. While this does break a few
things like msgs, we'll assume that the user setting up the read only
system knows what they are doing.
All this change does is to stop the complaint when the file system is
read only. It also adds comments as to why EROFS and EOPNOTSUPP are
ignored.
This allows one to have a read-only / w/o a /dev MFS and have a
relatively warning-free existence. /etc/rc still complains when it
can't chown/chflags/chmod things, but that's easy to ignore/tweak.
Reviewed by: roberto, phk
Sponsored by: Timing Solutions
proc locking when revoking access to mmaps. Instead, perform this
later once we've changed the process label (hold onto a reference
to the new cred so that we don't lose it when we release the
process lock if another thread changes the credential).
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
for mac_check_vnode_{poll,read,stat,write}(). Pass in fp->f_cred
when calling these checks with a struct file available. Otherwise,
pass NOCRED. All currently MAC policies use active_cred, but
could now offer the cached credential semantic used for the base
system security model.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
can offer new services without reserving system call numbers, or
augmented versions of existing services. User code requests a
target policy by name, and specifies the policy-specific API plus
target. This is required in particular for our port of SELinux/FLASK
to the MAC framework since it offers additional security services.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
mac_check_pipe_poll(), mac_check_pipe_read(), mac_check_pipe_stat(),
and mac_check_pipe_write(). This is improves consistency with other
access control entry points and permits security modules to only
control the object methods that they are interested in, avoiding
switch statements.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
mac_check_vnode_poll(), mac_check_vnode_read(), mac_check_vnode_write().
This improves the consistency with other existing vnode checks, and
allows policies to avoid implementing switch statements to determine
what operations they do and do not want to authorize.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
