range on them, leaving process credentials as the only kernel
objects with label ranges in the Biba and MLS policies. We
weren't using the range in any access control decisions, so this
lets us garbage collect effectively unused code.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
collapse the two cases more cleanly: rather than wrapping an access
check around open, simply provide the open implementation for the
access vector entry. No functional change.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
we just break out some of the tests better. Minor change in that
we now better support incremental update of labels.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
in_pcbconnect() called in_pcbconnect_setup(). This version performs
all of the functions of in_pcbconnect() except for the final
committing of changes to the PCB. In the case of an EADDRINUSE error
it can also provide to the caller the PCB of the duplicate connection,
avoiding an extra in_pcblookup_hash() lookup in tcp_connect().
This change will allow the "temporary connect" hack in udp_output()
to be removed and is part of the preparation for adding the
IP_SENDSRCADDR control message.
Discussed on: -net
Approved by: re
which may surprise developers coming from Solaris, or other platforms
which have a similar interface, but slightly different rules.
Reviewed by: jhb, ru
and save/restore during a context switch.
The USER_SR could be overwritten when the current thread was switched
out with a faulting copyin/copyout.
Approved by: Benno
memory while mapping a virtual address to a physical address.
This allows us to work with virtual addresses for page tables,
provided it doesn't cause infinite recursion. Currently all
page tables are direct mapped.
instead of the default biba/high, mls/low, making it easier to use
ptys with these policies. This isn't the final solution, but does
help.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
to bring in the new MAC label management API. With the new API
revision, we have only policy-agnostic code in libc and the base
kernel.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
We are seeing "/usr/libexec/ld-elf.so.1: groff: too few PT_LOAD segments",
however it appears that there really is only one PT_LOAD segment in the groff
binary. It is unclear if `rtld' or `ld' is at fault here -- but using an
RELENG_4 `ld' binary allows one to build a working dynamic groff binary.
Submitted by: gallatin
pointer to a dumperinfo instead of di. A brainfart, surely. This
bug went unnoticed for all this time because the pointer is only
used by buf_write() when it can write a completely filled buffer
to the dump device. This depends on the number of memory chunks
that needs to be dumped. This has apparently been low enough that
it has never happened up until this point.
contents. The code was subtracting two unsigned ints, stored the
result in a log and expected it to be the same as of a signed
subtraction; this does only work on platforms where int and long
have the same size (due to overflows).
Instead, cast to long before the subtraction; the numbers are
guaranteed to be small enough so that there will be no overflows
because of that.
