kern_prot, which cleans up some namespace issues
o Don't need a special handler to limit un-setting, as suser is used to
protect suser_permitted, making it one-way by definition.
Suggested by: bde
returning anything but EPERM.
o suser is enabled by default; once disabled, cannot be reenabled
o To be used in alternative security models where uid0 does not connote
additional privileges
o Should be noted that uid0 still has some additional powers as it
owns many important files and executables, so suffers from the same
fundamental security flaws as securelevels. This is fixed with
MAC integrity protection code (in progress)
o Not safe for consumption unless you are *really* sure you don't want
things like shutdown to work, et al :-)
Obtained from: TrustedBSD Project
needed to add into ether_input) and finally sorting IFF_RUNNING through
whole driver.
As part of the IFF_RUNNING stuff, we've added an extra flag so callers
can request that runq routines should check IFF_RUNNING before executing.
Remove BPF taps as this is now done by ether_input.
Resurrect multicast code, moving the multicast list stuff to the runq
routine.
Dump ray_promisc_user as all flag changes are now handled by ray_init, and
add a couple of checks to ray_promisc.
In uppparams_user, allow changes before the card is running (need to
fix some breakage with _download here later). In addition, don't
assume that the current n/w parameters are valid - they are only valid
in the runq.
Fix a nasty flag bug - runq_add cleared all the flags on the last command!
Remove the hacks for setting the memory flags - problems were down
to buggy versions of pccardd. For some reason pccardd only dtrt with
the "right" debug_level.
if an FFS partition returns EOPNOTSUPP, as it just means extended
attributes weren't enabled on that partition. Prevents spurious
warning per-partition at shutdown.
TCP/IP (v4) sockets, and routing sockets. Previously, interaction
with IPv6 was not well-defined, and might be inappropriate for some
environments. Similarly, sysctl MIB entries providing interface
information also give out only addresses from those protocol domains.
For the time being, this functionality is enabled by default, and
toggleable using the sysctl variable jail.socket_unixiproute_only.
In the future, protocol domains will be able to determine whether or
not they are ``jail aware''.
o Further limitations on process use of getpriority() and setpriority()
by jailed processes. Addresses problem described in kern/17878.
Reviewed by: phk, jmg
apparently-intended micro-optimization ("testb" is equivalent and smaller)
and added a style bug (the size suffix for "testl" was missing).
linux-2.3.35 already had the correct fix.
a mbuf, it may return without setting any timers. If no more data is
scheduled to be transmitted (this was a FIN) the system will sit in
LAST_ACK state forever.
Thus, when mbuf allocation fails, set the retransmit timer if neither
the retransmit or persist timer is already pending.
Problem discovered by: Mike Silbersack (silby@silby.com)
Pushed for a fix by: Bosko Milekic <bmilekic@dsuper.net>
Reviewed by: jayanth
Symbol values are now represented using array sizes (4 arrays per symbol
so that 16-bit machines can represent 64-bit values) instead of being raw
binary values.
Reviewed by: marcel
problems when fetch(1) was passed `-o -'. The rationale of this change
is that applications attempting to change underlying vnodes for /dev/fd
nodes are improperly written and the use of this interface should not
ever have been encouraged. Proper alternatives are fchmod, fchown and
others.
PR: 18952
- Remove stale, unused fdescnode->fd_link structure member.
not gone yet.
format_config: print correct text when a volume has a preferred plex.
This is still broken, but not quite as badly.
Reported-by: Phil Regnauld <regnauld@ftf.net>
Change a rather silly comment.
routines from foo_watchdog() because foo_watchdog() is called at
interrupt context, and that's a no-no due to the way the USB stack
is currently set up.
What we do now is call the TX end of frame handler manually to clear
the completed transmission, then check the send queue and send off
any frames that are pending.
Also turned off the interrupt pipe stuff in if_aue, since it appears
to tickle a bug in the USB stack that I haven't found yet.
motherboards that use YMF740's. It has a strange subvendor and subdevice
ID and requires a disturbingly long delay after the ac97 codec init.
Cameron hasn't had this driver tested on another 740 yet, so we don't know
if this is a quirk of all 740's, or if its just something about the codec
that Intel used.
Further experimentation showed that some Dell 2450 machines with the
prevention kludge installed still got T_RESERVED traps. CPU interrupt
vector 0x7A was observed to be triggered. This might have been the
bitwise OR of two different vectors sent from each of the IOAPICs at
the same time.
IOAPIC #0: 0x68 --> irq 8: RTC timer interrupt
IOAPIC #1: 0x32 --> irq 18: scsi host adapter or network interface
----
0x7a --> T_RESERVED
Both IOAPICs had ID 0.
Appendix B.3 in the MP spec indicates that the operating system is
responsible for assigning unique IDs to the IOAPICs.
The enclosed patch programs the IOAPIC IDs according to the IOAPIC
entries in the MP table.
Submitted by: tegge
