d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-nq/sys
History
Robert Watson 96fcc75fdf Add initial support for Capsicum's Capability Mode to the FreeBSD kernel, 
compiled conditionally on options CAPABILITIES:

Add a new credential flag, CRED_FLAG_CAPMODE, which indicates that a
subject (typically a process) is in capability mode.

Add two new system calls, cap_enter(2) and cap_getmode(2), which allow
setting and querying (but never clearing) the flag.

Export the capability mode flag via process information sysctls.

Sponsored by:	Google, Inc.
Reviewed by:	anderson
Discussed with:	benl, kris, pjd
Obtained from:	Capsicum Project
MFC after:	3 months
2011-03-01 13:23:37 +00:00
..
amd64
Fix typos - remove duplicate "the".
2011-02-21 09:01:34 +00:00
arm
Add a real dependency on the microcode.
2011-02-25 09:07:17 +00:00
boot
Remove duplicate "in".
2011-03-01 11:47:51 +00:00
bsm
Add ECAPMODE, "Not permitted in capability mode", a new kernel errno
2011-03-01 13:14:28 +00:00
cam
Missed a file in r219056: add disk description for da(4).
2011-02-26 23:30:32 +00:00
cddl
Use proper lock in assertion.
2011-02-28 05:45:31 +00:00
compat
Add initial support for Capsicum's Capability Mode to the FreeBSD kernel,
2011-03-01 13:23:37 +00:00
conf
Add initial support for Capsicum's Capability Mode to the FreeBSD kernel,
2011-03-01 13:23:37 +00:00
contrib
Merge ACPICA 20110211.
2011-02-12 01:03:15 +00:00
crypto
Make private functions static.
2011-02-21 16:21:43 +00:00
ddb
Modify kdb_trap() so that it re-calls the dbbe_trap function as long as
2011-02-18 22:25:11 +00:00
dev
Make sure changing ownership of RX descriptor to be done as last
2011-02-28 20:37:48 +00:00
fs
Add some FEATURE macros for various features (AUDIT/CAM/IPC/KTR/MAC/NFS/NTP/
2011-02-25 10:11:01 +00:00
gdb
Modify kdb_trap() so that it re-calls the dbbe_trap function as long as
2011-02-18 22:25:11 +00:00
geom
Add the disk ident and a human-meaningful description (here, the disk model
2011-02-26 14:58:54 +00:00
gnu
Fix typos - remove duplicate "the".
2011-02-21 09:01:34 +00:00
i386
Fix whitespace nit.
2011-02-22 14:58:14 +00:00
ia64
Remove pmap fields that are either unused or not fully implemented.
2011-02-17 15:36:29 +00:00
isa
kern
Add initial support for Capsicum's Capability Mode to the FreeBSD kernel,
2011-03-01 13:23:37 +00:00
kgssapi
libkern
Fix typos - remove duplicate "is".
2011-02-23 09:22:33 +00:00
mips
Increase NKPT in case of n32 and n64 to support more physical memory.
2011-03-01 04:21:56 +00:00
modules
Finally... Import the latest open-source ZFS version - (SPA) 28.
2011-02-27 19:41:40 +00:00
net
Fix typos - remove duplicate "the".
2011-02-21 09:01:34 +00:00
net80211
Fix typos - remove duplicate "is".
2011-02-23 09:22:33 +00:00
netatalk
netgraph
Add XMIT_FAILOVER transmit algorithm to ng_one2many node. Packets are
2011-03-01 13:10:56 +00:00
netinet
Adds a new Congestion Control that helps reduce
2011-03-01 00:37:46 +00:00
netinet6
Fix typos - remove duplicate "the".
2011-02-21 09:01:34 +00:00
netipsec
Fixed IPsec's HMAC_SHA256-512 support to be RFC4868 compliant.
2011-02-18 09:40:13 +00:00
netipx
netnatm
netncp
netsmb
Change some variables from int to size_t. This is more accurate since
2011-01-08 23:06:54 +00:00
nfs
Modify the experimental NFSv4 server so that it posts a SIGUSR2
2011-01-14 23:30:35 +00:00
nfsclient
Add some FEATURE macros for various features (AUDIT/CAM/IPC/KTR/MAC/NFS/NTP/
2011-02-25 10:11:01 +00:00
nfsserver
Add some FEATURE macros for various features (AUDIT/CAM/IPC/KTR/MAC/NFS/NTP/
2011-02-25 10:11:01 +00:00
nlm
sysctl(9) cleanup checkpoint: amd64 GENERIC builds cleanly.
2011-01-12 19:54:19 +00:00
opencrypto
fixed size of AH_ALEN_MAX, which is 64 bytes for SHA-512.
2011-02-25 09:29:32 +00:00
pc98
Fix typos - remove duplicate "the".
2011-02-21 09:01:34 +00:00
pci
Add initial support for RTL8401E PCIe Fast Ethernet.
2011-02-16 21:59:42 +00:00
powerpc
Turn off default generation of userland dot symbols on powerpc64 now that
2011-02-18 21:44:53 +00:00
rpc
Mfp4 CH=177274,177280,177284-177285,177297,177324-177325
2011-02-16 21:29:13 +00:00
security
Add ECAPMODE, "Not permitted in capability mode", a new kernel errno
2011-03-01 13:14:28 +00:00
sparc64
Resurrect ofw_pci_if.m from r178578.
2011-02-21 21:13:18 +00:00
sun4v
Remove pmap fields that are either unused or not fully implemented.
2011-02-17 15:36:29 +00:00
sys
Add initial support for Capsicum's Capability Mode to the FreeBSD kernel,
2011-03-01 13:23:37 +00:00
teken
Use proper bounds checking on VPA.
2010-12-05 10:15:23 +00:00
tools
ufs
v_mountedhere is a member of the union. Check that the vnodes have
2011-02-19 07:47:25 +00:00
vm
Change the return type of vmspace_swap_count to a long to match the other
2011-03-01 11:04:30 +00:00
x86
Set C1 "I/O then Halt" capability bit for Intel EIST. Some broken BIOSes
2011-02-25 23:14:24 +00:00
xdr
xen
Fix a few more SYSCTL_PROC() that were missing a CTLFLAG type specifier.
2011-01-19 00:57:58 +00:00
Makefile
Add lex and yacc sources to things cscope'd.
2010-11-21 03:58:11 +00:00