Commit Graph

127185 Commits

Author SHA1 Message Date
Robert Watson
5bf75b12ba Update config.h for OpenBSM 1.0 alpha 11 import: strlcat is now detected
by configure.
2006-09-21 07:14:41 +00:00
Robert Watson
2a62e5451b Resolve conflicts from OpenBSM 1.0 alpha 11 vendor import: we have locally
added $FreeBSD$ to /etc configuration files to assist mergemaster.
2006-09-21 07:12:33 +00:00
Robert Watson
bb97b41819 Vendor import of OpenBSM 1.0 alpha 11, with the following change history
notes since the last import:

OpenBSM 1.0 alpha 11

- Reclassify certain read/write operations as having no class rather than the
  fr/fw class; our default classes audit intent (open) not operations (read,
  write).
- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads
  and writes of sysctls as separate events.  Add additional kernel
  environment and jail events for FreeBSD.
- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER
  (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued
  by the kernel audit implementation) so that they can be distinguished.
- Disable rate limiting of rotate requests; as the kernel doesn't retransmit
  a dropped request, the log file will otherwise grow indefinitely if the
  trigger is dropped.
- Improve auditd debugging output.
- Fix a number of threading related bugs in audit_control file reading
  routines.
- Add APIs au_poltostr() and au_strtopol() to convert between text
  representations of audit_control policy flags and the flags passed to
  auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY).
- Add API getacpol() to return the 'policy:' entry from audit_control, an
  extension to the Solaris file format to allow specification of policy
  persistent flags.
- Update audump to print the audit_control policy field.
- Update auditd to read the audit_control policy field and set the kernel
  policy to match it when configuring/reconfiguring.  Remove the -s and -h
  arguments as these policies are now set via the configuration file.  If a
  policy line is not found in the configuration file, continue with the
  current default of setting AUDIT_CNT.
- Fix bugs in the parsing of large execve(2) arguments and environmental
  variable tokens; increase maximum parsed argument and variable count.
- configure now detects strlcat(), used by policy-related functions.
- Reference token and record sample files added to test tree.

Obtained from:	TrustedBSD Project
2006-09-21 07:07:33 +00:00
Robert Watson
55b15aaa25 This commit was generated by cvs2svn to compensate for changes in r162503,
which included commits to RCS files with non-trunk default branches.
2006-09-21 07:07:33 +00:00
David Xu
ecc313475b Regenerate. 2006-09-21 04:50:38 +00:00
David Xu
47bd78d24d sync with master. 2006-09-21 04:49:36 +00:00
David Xu
d31279c4e7 remove thr_getscheduler, thr_setscheduler, thr_setschedparam,
add rtprio_thread.
2006-09-21 04:22:46 +00:00
David Xu
e6747c7ce1 use rtprio_thread system call to get or set thread priority. 2006-09-21 04:21:30 +00:00
David Xu
cca0a557dd Regenerate. 2006-09-21 04:19:48 +00:00
David Xu
73fa3e5b88 Replace system call thr_getscheduler, thr_setscheduler, thr_setschedparam
with rtprio_thread, while rtprio system call is for process only, the new
system call rtprio_thread is responsible for LWP.
2006-09-21 04:18:46 +00:00
Alexander Kabaev
7614e6f347 Bump __FreeBSD_cc_version in case someone cares for differences between
GCC 3.4.4 and GCC 3.4.6 on -current.
2006-09-21 03:27:07 +00:00
Maksim Yevmenkin
89facd824a Get rid of extra const to pacify new GCC4 warnings.
Submitted by:	kan
MFC after:	1 week
2006-09-21 02:41:04 +00:00
Maksim Yevmenkin
831a4264af Use socklen_t instead of int32_t where appropriate to pacify new GCC4
warnings.

Submitted by:	kan
MFC after:	1 week
2006-09-21 02:32:28 +00:00
Alexander Kabaev
f340c84ebe Pass "-Wtraditional -Wno-system-headers" to compiler as two separate
arguments. GCC4 was unhappy with them combined, while GCC 3.4 did
not care.
2006-09-21 02:05:38 +00:00
Alexander Kabaev
62d9c4f594 Do not use int where socklen_t is expected. 2006-09-21 02:01:46 +00:00
Alexander Kabaev
9a4194814d Silence GCC4 signed/unsigned pointer mismatch warning. 2006-09-21 01:48:47 +00:00
Brooks Davis
6da9aa1452 Introduce a new method ipv6if which attemptes to figure out if an
interface is an IPv6 interface.

Use this method to decide if we should attempt to configure an interface
with an IPv6 address in pccard_ether.  The mechanism pccard_ether uses
to do this is unsuited to the task because it assumes the list of
interfaces it is passed is the full list of IPv6 interfaces and makes
decissions based on that.  This is at least a step in the right
direction and is probably about as much as we can MFC safely.

PR:		conf/103428
MFC after:	3 days
2006-09-21 01:44:52 +00:00
Alexander Kabaev
53d588be85 Do not use int where socklen_t is expected. 2006-09-21 01:41:03 +00:00
Alexander Kabaev
fa034a084b Use __builtin_offsetof for GCC 4.1. 2006-09-21 01:38:58 +00:00
Alexander Kabaev
d9cb97ff9d Use __builtin_va_start instead of __builtin_stdarg_start. GCC4 obsoletes
the former and  __builtin_va_start was present in all GCC version 3.1 and
later.
2006-09-21 01:37:02 +00:00
Alexander Kabaev
63ed5a7e06 Silence GCC4 warning.
strlen, strcmp live in <string.h> not <string.h>.
2006-09-21 01:30:04 +00:00
Julian Elischer
1474f88f74 In the spirit of nanoBSD and PicoBSD, add TinyBSD.
Submitted by jmeloatfreebsdbrasil,com-br
(Jean Milanez Melo)
As PicoBSD becomes slightly less useful, TinyBSD fills the gap below nanoBSD.
2006-09-20 22:24:20 +00:00
Christian S.J. Peron
df464e4361 Based on The Open Group Base Specifications Issue 6 IEEE Std 1003.1, our
current implementation of df(1) is does not properly format the output under
certain conditions. Right now -kP and -Pk are not the same thing. Further,
when we set the BLOCKSIZE environment variable, we use "1k" instead of "1024",
making the header display incorrectly.

To quote the specification:

"When both the -k and -P options are specified, the following header line
 shall be written (in the POSIX locale):

"Filesystem 1024-blocks Used Available Capacity Mounted on\n"

- If -P has been specified, check to make sure that -k has not already been
  specified, if so, simply break instead of clobbering the previous blocksize
- Use 1024 instead of 1k to make the header POSIX compliant

Reported by:	Andriy Gapon
Discussed with:	bde, ru
MFC after:	1 week
2006-09-20 20:55:02 +00:00
Wojciech A. Koszek
dec10b39fd Correct 'interrupt interrupt' -> 'interrupt' in the comment.
Requested by:	jhb
Approved by:	cognet (mentor)
2006-09-20 20:52:11 +00:00
Brooks Davis
cea6851cd0 Flushing all IPv4 routes when an interface is removed or unconfigured
makes no sense.  Remove the undocumented removable_route_flush feature
from pccard_ether.

X-MFC after:	never
2006-09-20 19:48:31 +00:00
Brooks Davis
0e409e4b42 Search the list of up interfaces provided by "ifconfig -ul" instead of
greping for UP in "ifconfig $ifn".  This eliminates a dependancy on
/usr.
2006-09-20 19:45:30 +00:00
Alexander Leidinger
6dc4e81071 style(9)
While I'm here add a MFC reminder, I forgot it in the previous commit.

Noticed by:	ssouhlal
MFC after:	1 week
2006-09-20 19:27:11 +00:00
Doug Ambrisko
796ddce11d Add a new 'bce_mgmt_init_locked' function to enable the minimal parts
of the chip to let ASF/IPMI firmware to respond to IPMI after attaching
and when the chip is down.  David looked at it but could really say
what they right minimal config. stuff would be.  It's not documented.
I figured this out via trial and error.

Reviewed by:	davidch
2006-09-20 18:55:16 +00:00
Doug Ambrisko
a1adc445ed Allow hw.mfi.event_locale/hw.mfi.event_class to be set via loader.
If an event doesn't match the criteria then don't print it.  Some
events are not saved in the log (<0 class events).
2006-09-20 18:49:35 +00:00
Alexander Leidinger
a312f6a30a Bring the i386 linux mmap code more into line with how linux (2.4.x)
behaves. This fixes a lot of test which failed before. For amd64 there
are still some problems, but without any testers which apply patches
and run some predefines tests we can't do more ATM.

Submitted by:	Marcin Cieslak <saper@SYSTEM.PL> (minor fixups by myself)
Tested with:	LTP
2006-09-20 17:24:20 +00:00
Andre Oppermann
6b92a00668 In setifcap() only set/unset those capabilities the interface actually
supports.
2006-09-20 15:38:37 +00:00
Robert Watson
f50c4fd817 Remove MAC_DEBUG + MPRINTF debugging from System V IPC. This no longer
appears to be serving a useful purpose, as it was used during initial
development of MAC support for System V IPC.

MFC after:	1 month
Obtained from:	TrustedBSD Project
Suggested by:	Christopher dot Vance at SPARTA dot com
2006-09-20 13:40:00 +00:00
Robert Watson
738f14d4b1 Remove MAC_DEBUG label counters, which were used to debug leaks and
other problems while labels were first being added to various kernel
objects.  They have outlived their usefulness.

MFC after:	1 month
Suggested by:	Christopher dot Vance at SPARTA dot com
Obtained from:	TrustedBSD Project
2006-09-20 13:33:41 +00:00
Robert Watson
04f11621df Rather than allocating all buffer memory for the completed BSM record
when allocating the record in the first place, allocate the final buffer
when closing the BSM record.  At that point, more size information is
available, so a sufficiently large buffer can be allocated.

This allows the kernel to generate audit records in excess of
MAXAUDITDATA bytes, but is consistent with Solaris's behavior.  This only
comes up when auditing command line arguments, in which case we presume
the administrator really does want the data as they have specified the
policy flag to gather them.

Obtained from:	TrustedBSD Project
MFC after:	3 days
2006-09-20 13:23:40 +00:00
Robert Watson
1db97bc63b Add missing white space in au_to_exec_{args,env}().
MFC after:	 3 days
2006-09-20 13:14:47 +00:00
Wojciech A. Koszek
60e15662e1 Export tcps_rcvmemdrop available in 'struct tcpstat' with netstat(1).
Requested by:	Tomasz Pilat <tomasz.pilat (at) axelspringer.pl>
Approved by:	andre
2006-09-20 12:29:12 +00:00
Wojciech A. Koszek
6a535c2e4a Fix 'interrupt interrupt' -> 'interrupt' in the comment.
Approved by:	cognet (mentor)
2006-09-20 12:23:33 +00:00
Wojciech A. Koszek
6e6dfbf26e Don't forget to set internal error message in kvm_nlist().
Approved by:	cognet (mentor)
2006-09-20 12:09:21 +00:00
Ruslan Ermilov
8ad58ac6ee Revert back to always using *(int *)arg for now. While this
is incorrect, and causes endianness bugs on 64-bit big-endian
machines (sparc64), it's the best choice for now, as many of
these IOCTLs are used inside the kernel, and bogusly pass an
argument as "int *" which results in unaligned access panics
on sparc64 when attempting to dereference them via *(intptr_t *).

(Several of us are working on a real fix, which is uneasy.)
2006-09-20 11:43:36 +00:00
Konstantin Belousov
28de2218ec Fix the glitch introduced in rev. 1.93. In softdep_sync_metadata(),
switch by worklist type contains two for() loops, for D_INDIRDEP and
D_PAGEDEP. On error, these loops are exited by break, where the switch
actually shall be leaved. Use goto instead of break to reach the error
handling code.

Reported by:	Peter Holm
Reviewed by:	tegge
Approved by:	pjd (mentor)
MFC after:	2 weeks
2006-09-20 07:49:28 +00:00
Pawel Jakub Dawidek
783deec19e There is no need to set 'sp' to NULL anymore. 2006-09-20 07:27:05 +00:00
Scott Long
78e36c279b Change some variable names and update some comments to help clarify some
confusing issues.
2006-09-20 06:58:02 +00:00
John-Mark Gurney
b70c1daf97 spell PCIS_CRYPTO_ENTERTAIN properly...
MFC after:	3 days
2006-09-20 06:47:14 +00:00
Tor Egge
4e59868e08 Copy stat information from mount structure before it can change identity. 2006-09-20 00:32:07 +00:00
Tor Egge
60b0b1aa18 Don't try to obtain a reference to a nonexisting (NULL) mount structure in
default VOP_GETWRITEMOUNT().
2006-09-20 00:27:02 +00:00
Ian Dowse
6508a1ecdc Add missing parentheses to fix a segmentation fault that is easily
reproducable with `jot -s " " 400 1 | column -t'. The bug was present
in the the original CSRG 'column -t' added in 1989.
2006-09-19 22:11:43 +00:00
Martin Blapp
d7b167b57b Fix races between tty.c and sessrele() / doenterpgrp() / leavepgrp(). The tty
code is still under giant lock, but the session/pgrp release code just used
proctree_locks. This explains why moving the proctree_lock in sys/kern/tty.c
rev. 1.258 did fix the panics in our SMP systems.

This should also fix some race panics with revoked ttys.

Reviewed by:	jhb
MFC after:	1 week
2006-09-19 19:25:11 +00:00
Jung-uk Kim
da7bf2bb26 Clean up white spaces and fix style(9). 2006-09-19 16:48:08 +00:00
Simon L. B. Nielsen
789cb6fc6a Correct multiple vulnerabilities in gzip(1).
Security:	FreeBSD-SA-06:21.gzip
2006-09-19 14:06:20 +00:00
Konstantin Belousov
f37e633887 Fix the bug in rev. 1.232. If vfs_suser returned false, coveredvp shall be
unlocked only if it really exists.

Found with:	Coverity Prevent(tm)
CID:	1535
Approved by:	pjd (mentor)
2006-09-19 14:04:12 +00:00