6 Commits

Author SHA1 Message Date
Robert Watson
a9d2f8d84f Second-to-last commit implementing Capsicum capabilities in the FreeBSD
kernel for FreeBSD 9.0:

Add a new capability mask argument to fget(9) and friends, allowing system
call code to declare what capabilities are required when an integer file
descriptor is converted into an in-kernel struct file *.  With options
CAPABILITIES compiled into the kernel, this enforces capability
protection; without, this change is effectively a no-op.

Some cases require special handling, such as mmap(2), which must preserve
information about the maximum rights at the time of mapping in the memory
map so that they can later be enforced in mprotect(2) -- this is done by
narrowing the rights in the existing max_protection field used for similar
purposes with file permissions.

In namei(9), we assert that the code is not reached from within capability
mode, as we're not yet ready to enforce namespace capabilities there.
This will follow in a later commit.

Update two capability names: CAP_EVENT and CAP_KEVENT become
CAP_POST_KEVENT and CAP_POLL_KEVENT to more accurately indicate what they
represent.

Approved by:	re (bz)
Submitted by:	jonathan
Sponsored by:	Google Inc
2011-08-11 12:30:23 +00:00
Warner Losh
00b4e54ae7 We no longer need to use d_thread_t, migrate to struct thread *. 2009-05-20 17:29:21 +00:00
Doug Ambrisko
d279e43442 Make amr_linux work as a module by avoiding calling amr_linux_ioctl_int
from the amr_linux.  This simplifies the amr_linux shim and puts the
smarts into amr.c.

I tested this with 2 amr controllers in one box.  It seems to work
okay with them.
2006-05-03 16:45:15 +00:00
Doug Ambrisko
bc971e44ed Reduce the Linux ioctl range to what is needed. I didn't know what
I was doing when I first set the range up.
2006-04-14 16:13:28 +00:00
John Baldwin
44a4a80962 Check the return value of copyin() and return an error if it fails.
Coverity ID:	839
Found by:	Coverity Prevent
MFC after:	1 week
Reviewed by:	ps, scottl
2006-02-23 18:05:38 +00:00
Doug Ambrisko
084500bc13 Add in the Linux IOCTL shim and create the megadev0 device so
Linux LSI MegaRaid tools can run on FreeBSD until Linux emulation.

Add in the Linux IOCTL shim and create the megadev0 device so
Linux LSI MegaRaid tools can run on FreeBSD until Linux emulation.

Add glue to build the modules but don't tie it into the build
yet until I test it from the CVS repo. via the mirror on an
amd64 machine.

Tie this into the Linux32 emulation on amd64 so the tools can
run on amd64 kernel.

Cleaned up by:	ps (amr_linux.c)
2006-01-24 21:13:50 +00:00