on directories.
o Allow privileged processes in jail() to create inodes with the
setgid bit set even if they are not a member of the group denoted
by the file creation gid. This occurs due to inherited gid's from
parent directories on file creation, allowing a user to create a
file with a gid that is not in the creating process's credentials.
Obtained from: TrustedBSD Project
and UFS file flags. Here's what the comment says, for reference:
Privileged processes in jail() are permitted to modify
arbitrary user flags on files, but are not permitted
to modify system flags.
In other words, privilege does allow a process in jail to modify user
flags for objects that the process does not own, but privilege will
not permit the setting of system flags on the file.
Obtained from: TrustedBSD Project
remove the setuid/setgid bits by virtue of a change to a file with those
bits set, even if the process doesn't own the file, or isn't a group
member of the file's gid.
Obtained from: TrustedBSD Project
safe as suser() no longer sets ASU.
o Note that in some cases, the PRISON_ROOT flag is used even though no
process structure is passed, to indicate that if a process structure
(and hence jail) was available, it would be ok. In the long run,
the jail identifier should probably be moved to ucred, as the uidinfo
information was.
o Some uid 0 checks remain relating to the quota code, which I'll leave
for another day.
Reviewed by: phk, eivind
Obtained from: TrustedBSD Project
other schedsoft*() functions since they have never been used.
Removed confused comment about not needing these functions. The
functions delay scheduling of SWIs until the next hardclock tick.
For devices that only deliver a few characters per interrupt, this
reduces the number of calls to the scheduler by a large factor (about
115 for each sio port at 115200 bps).
the 128-bit sigset_t changes by moving conditionally (rarely) executed
code to the beginning where it is always executed, and since this code
now involves 3 128-bit operations, the pessimization was relatively
large. This change speeds up lmbench's pipe latency benchmark by
3.5%.
Fixed style bugs in CURSIG().
very bloated, first with 128-bit sigset_t's, then with locking in the
SMP case, then with locking in all cases. The space bloat was probably
also time bloat, partly because the fast path through CURSIG() was
pessimized by the sigset_t changes. This change speeds up lmbench's
pipe-based latency benchmark by 4% on a Celeron. <sys/signalvar.h>
had become very polluted to support the bloat.
in favor of the new-style per-vif socket.
this does not affect the behavior of the ISI rsvpd but allows
another rsvp implementation (e.g., KOM rsvp) to take advantage
of the new style for particular sockets while using the old style
for others.
in the future, rsvp supporn should be replaced by more generic
router-alert support.
PR: kern/20984
Submitted by: Martin Karsten <Martin.Karsten@KOM.tu-darmstadt.de>
Reviewed by: kjc
is enabling as all entries are still called with Giant being held.
Maintaining compatability with NetBSD makes what should be very simple
kinda ugly.
Reviewed by: Jason Evans
filesystem lookup() routine if it unlocks parent directory. This flag should
be carefully tracked by filesystems if they want to work properly with nullfs
and other stacked filesystems.
VFS takes advantage of this flag to perform symantically correct usage
of vrele() instead of vput() if parent directory already unlocked.
If filesystem fails to track this flag then previous codepath in VFS left
unchanged.
Convert UFS code to set PDIRUNLOCK flag if necessary. Other filesystmes will
be changed after some period of testing.
Reviewed in general by: mckusick, dillon, adrian
Obtained from: NetBSD
Separate our platform independent hooks from core driver functionality
shared between platforms (FreeBSD and Linux at this time).
Add sequencer workarounds for several chip->chipset interactions.
Correct external SCB corruption problem on aic7895 based cards (3940AUW).
Lots of cleanups resulting from the port to another OS.
used by start to find the kernel. Fix this.
Also, boot would proceed immediately in the absence of a path as
argument. Check first if a kernel has already been loaded, and, if
not, fall back to load kernel&modules behavior.
Some further factorizing. I deem this code to be mostly readable by
now! :-)
Many thanks to: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>
