d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9283578946
freebsd-nq/sys
History
Robert Watson 9283578946 Instrument sysarch() MD privileged I/O access interfaces with a MAC 
check, mac_check_sysarch_ioperm(), permitting MAC security policy
modules to control access to these interfaces.  Currently, they
protect access to IOPL on i386, and setting HAE on Alpha.
Additional checks might be required on other platforms to prevent
bypass of kernel security protections by unauthorized processes.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-03-06 04:47:47 +00:00
..
alpha Instrument sysarch() MD privileged I/O access interfaces with a MAC 2003-03-06 04:47:47 +00:00
amd64 Instrument sysarch() MD privileged I/O access interfaces with a MAC 2003-03-06 04:47:47 +00:00
arm MB_LEN_MAX is not MD, move it to the MI limits.h. 2002-12-22 06:38:45 +00:00
boot Document the tunable kern.ipc.nsfbufs in help.common and loader.8. Small 2003-03-04 23:46:29 +00:00
cam Make nokqfilter() return the correct return value. 2003-03-03 16:24:47 +00:00
coda VOP_PATHCONF returns a register_t, not an int. Noticed by phk. 2003-03-05 22:30:02 +00:00
compat Clean up whitespace and remove register keyword. 2003-03-03 09:17:12 +00:00
conf Remove ENABLE_VFS_IOOPT. It is a long unfinished work-in-progress. 2003-03-06 03:41:02 +00:00
contrib Update netisr handling; Each SWI now registers its queue, and all queue 2003-03-04 23:19:55 +00:00
crypto Remove some unnecessary casts. 2003-01-25 22:41:22 +00:00
ddb Change the process flags P_KSES to be P_THREADED. 2003-02-27 02:05:19 +00:00
dev Finish driving a stake through the heart of netns and the associated 2003-03-05 19:24:24 +00:00
fs VOP_PATHCONF returns a register_t, not an int. Noticed by phk. 2003-03-05 22:30:02 +00:00
geom Initialize the second buffer for mirroring to point to itself and not its 2003-03-04 10:15:19 +00:00
gnu - Add a new 'flags' parameter to getblk(). 2003-03-04 00:04:44 +00:00
i4b Update netisr handling; Each SWI now registers its queue, and all queue 2003-03-04 23:19:55 +00:00
i386 Instrument sysarch() MD privileged I/O access interfaces with a MAC 2003-03-06 04:47:47 +00:00
ia64 Fix threaded applications on ia64 that are linked dynamicly. We did 2003-03-05 04:39:24 +00:00
isa Gigacommit to improve device-driver source compatibility between 2003-03-03 12:15:54 +00:00
isofs/cd9660 Finish cleanup of vprint() which was begun with changing v_tag to a string. 2003-03-03 19:15:40 +00:00
kern Instrument sysarch() MD privileged I/O access interfaces with a MAC 2003-03-06 04:47:47 +00:00
libkern Further GC of M_STRING, missed previously. 2003-02-26 01:00:29 +00:00
modules Finish driving a stake through the heart of netns and the associated 2003-03-05 19:24:24 +00:00
net Finish driving a stake through the heart of netns and the associated 2003-03-05 19:24:24 +00:00
netatalk Update netisr handling; Each SWI now registers its queue, and all queue 2003-03-04 23:19:55 +00:00
netatm Update netisr handling; Each SWI now registers its queue, and all queue 2003-03-04 23:19:55 +00:00
netgraph Fix a use-after-free bug that could cause multi-link fragment reassembly to 2003-03-05 23:12:59 +00:00
netinet Finish driving a stake through the heart of netns and the associated 2003-03-05 19:24:24 +00:00
netinet6 Update netisr handling; Each SWI now registers its queue, and all queue 2003-03-04 23:19:55 +00:00
netipsec Update netisr handling; Each SWI now registers its queue, and all queue 2003-03-04 23:19:55 +00:00
netipx Update netisr handling; Each SWI now registers its queue, and all queue 2003-03-04 23:19:55 +00:00
netkey Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
netnatm Update netisr handling; Each SWI now registers its queue, and all queue 2003-03-04 23:19:55 +00:00
netncp Gigacommit to improve device-driver source compatibility between 2003-03-03 12:15:54 +00:00
netsmb Finish driving a stake through the heart of netns and the associated 2003-03-05 19:24:24 +00:00
nfs Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
nfsclient - Add a new 'flags' parameter to getblk(). 2003-03-04 00:04:44 +00:00
nfsserver More low-hanging fruit: kill caddr_t in calls to wakeup(9) / [mt]sleep(9). 2003-03-02 16:54:40 +00:00
opencrypto Gigacommit to improve device-driver source compatibility between 2003-03-03 12:15:54 +00:00
pc98 Make nokqfilter() return the correct return value. 2003-03-03 16:24:47 +00:00
pccard Gigacommit to improve device-driver source compatibility between 2003-03-03 12:15:54 +00:00
pci Fix bug introduced in 1.130. For the < MHLEN case, we should 2003-03-04 20:19:26 +00:00
posix4 Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
powerpc Replace calls to WITNESS_SLEEP() and witness_list() with equivalent calls 2003-03-04 21:03:05 +00:00
rpc
security Instrument sysarch() MD privileged I/O access interfaces with a MAC 2003-03-06 04:47:47 +00:00
sparc64 Replace calls to WITNESS_SLEEP() and witness_list() with equivalent calls 2003-03-04 21:03:05 +00:00
sys Instrument sysarch() MD privileged I/O access interfaces with a MAC 2003-03-06 04:47:47 +00:00
tools Remove miidevs.h and generate it from miidevs at compile time. 2003-01-19 02:59:34 +00:00
ufs Remove ENABLE_VFS_IOOPT. It is a long unfinished work-in-progress. 2003-03-06 03:41:02 +00:00
vm Remove ENABLE_VFS_IOOPT. It is a long unfinished work-in-progress. 2003-03-06 03:41:02 +00:00
Makefile