Commit Graph

122508 Commits

Author SHA1 Message Date
Matt Jacob
1977cbd6cf turn some WARNs for unknown events into INFOs 2006-03-04 21:46:34 +00:00
David Malone
42ae38e9ec Create a mac_bsdextended_check_vp function that takes a cred, a
vnode and a mode and checks if a given access mode is permitted.
This centralises the mac_bsdextended_enabled check and the GETATTR
calls and makes the implementation of the mac policy methods simple.

This should make it easier for us to match vnodes on more complex
attributes than just uid and gid in the future, but for now there
should be no functional change.

Approved/Reviewed by:	rwatson, trhodes
MFC after:	1 month
2006-03-04 20:47:19 +00:00
Pawel Jakub Dawidek
99c889fc7d We need to check if file system size is equal to provider's size, because
sysinstall(8) still bogusly puts first partition at offset 0 instead of 16,
so glabel/ufs will find file system on slice instead of partition.

Before sysinstall is fixed, we must keep this code, which means that we
wont't be able to detect UFS file systems created with 'newfs -s ...'.

PS. bsdlabel(8) creates partitions properly.

MFC after:	3 days
2006-03-04 19:41:54 +00:00
Robert Watson
7a0f8e4631 Delete file from FreeBSD vendor branch of OpenBSM that has been removed
from the TrustedBSD OpenBSM distribution.

Obtained from:	TrustedBSD Project
2006-03-04 17:14:22 +00:00
Robert Watson
69c89e437b Count drops when the first of two pipe mallocs fails.
Obtained from:	TrustedBSD Project
2006-03-04 17:09:17 +00:00
Robert Watson
54205da01b Update src/sys/security/audit for OpenBSM 1.0 alpha 5:
- Include audit_internal.h to get definition of internal audit record
  structures, as it's no longer in audit.h.  Forward declare au_record
  in audit_private.h as not all audit_private.h consumers care about
  it.

- Remove __APPLE__ compatibility bits that are subsumed by configure
  for user space.

- Don't expose in6_addr internals (non-portable, but also cleaner
  looking).

- Avoid nested include of audit.h in audit_private.h.

Obtained from:	TrustedBSD Project
2006-03-04 17:00:55 +00:00
Robert Watson
70ea026a2b Update src/sys/bsm for OpenBSM 1.0 alpha 5 changes:
- Add new comments.
- Move private data structures from public audit.h to audit_internal.h to
  avoid exposing queue.h macros to undesiring consumers.

Obtained from:	TrustedBSD Project
2006-03-04 16:54:21 +00:00
Robert Watson
fd5763909d Update FreeBSD import instructions for OpenBSM based on the new autoconf
and automake OpenBSM world order.

Obtained from:	TrustedBSD Project
2006-03-04 16:50:04 +00:00
Robert Watson
6d585cab13 Add generated config.h for FreeBSD.
Obtained from:	TrustedBSD Project
2006-03-04 16:49:24 +00:00
Robert Watson
aed7487172 Remove files deleted in the OpenBSM distribution from the OpenBSM
vendor branch.

Obtained from:	TrustedBSD Project
2006-03-04 16:48:36 +00:00
Robert Watson
4c936f2998 This commit was generated by cvs2svn to compensate for changes in r156283,
which included commits to RCS files with non-trunk default branches.
2006-03-04 16:45:52 +00:00
Robert Watson
3b97a967e1 Vendor branch import of TrustedBSD OpenBSM 1.0 alpha 5:
- Update install notes to indicate /etc files are to be installed manually.
- On systems without LOG_SECURITY, use LOG_AUTH.
- Convert to autoconf/automake in order to move to a more portable (not
  BSD-specific) build infrastructure, and more easy conditional building of
  components.  Currently, the primary feature loss is that automake does
  not have native support for manual symlinks.  This will be addressed in a
  future OpenBSM release.
- Add compat/queue.h, to be used on systems dated BSD queue macro libraries
  (as found on Linux).
- Rename CHANGELOG to HISTORY, as our change log doesn't follow some of the
  existing conventions for a CHANGELOG.
- Some private data structures moved from audit.h to audit_internal.h to
  prevent inappropriate use by applications and name space pollution.
- Improved detection and use of endian macros using autoconf.
- Avoid non-portable use of struct in6_addr, which is largely opaque.
- Avoid leaking BSD kernel socket related token code to user space in
  bsm_token.c.
- Teach System V IPC calls to look for Linux naming variations for certain
  struct ipc_perm fields.
- Test for audit system calls, and if not present, don't build
  bsm_wrappers.c, bsm_notify.c, audit(8), and auditd(8), which rely on
  those system calls.
- au_close() is not implemented on systems that don't have audit system
  calls, but au_close_buffer() is.
- Work around missing BSDisms in bsm_wrapper.c.
- Fix nested includes so including libbsm.h in an application on Linux
  picks up the necessary definitions.

Obtained from:	TrustedBSD Project
2006-03-04 16:45:52 +00:00
Robert Watson
e0f5d997de Reduce number of spaces for full name by four, and reduce padding
after tty entry by one space in order to provide extra spaces for
the tty entry.  As a result, full pts names are now visible (up
to 999 pts's anyway):

Before:
Login            Name                 TTY  Idle  Login  Time   Office  Phone
robert           Robert Watson       *v0   3:55  Fri    02:54
robert           Robert Watson        p0     19  Sat    11:01
robert           Robert Watson        pts        Sat    14:55

After:

Login            Name             TTY      Idle  Login  Time   Office  Phone
robert           Robert Watson   *v0       5:08  Fri    02:54
robert           Robert Watson    p0          8  Sat    11:01
robert           Robert Watson    pts/5          Sat    14:55

MFC after:	1 week
2006-03-04 16:13:16 +00:00
Wojciech A. Koszek
0a0eb0e8db crypto.ko depends on zlib.
Submitted by:	Ben Kelly <bkelly at vadev.org>
Approved by:	rwatson
Point hat to:	me
MFC after:	1 day
2006-03-04 15:50:46 +00:00
Giorgos Keramidas
ef608a6008 Use intmax_t' instead of plain int' for pid_t casts.
Useful tips from:	ru, bde
Approved by:		pjd
MFC after:		3 days
2006-03-04 15:20:28 +00:00
Robert Watson
5a8199e142 Add OpenBSM and src/sys/security/audit to the maintainer list. 2006-03-04 14:24:32 +00:00
Pawel Jakub Dawidek
bd92a261fe Fix evil examples - first partition should start at offset 16.
MFC after:	3 days
2006-03-04 12:09:50 +00:00
SUZUKI Shinsuke
2c112cdc6d fixed a bug that an MLD report is not advertised when group-specific MLD query is received.
PR:	kern/93526
Obtained from:	KAME
MFC after:	1 day
2006-03-04 09:17:11 +00:00
Yoshihiro Takahashi
ed40c5a34d MFi386: revision 1.1220. 2006-03-04 07:31:58 +00:00
Poul-Henning Kamp
fccfcfba00 Add missing cast. 2006-03-04 06:07:26 +00:00
Poul-Henning Kamp
5b51d1de62 More detailed logging if timestepwarnings are enabled. 2006-03-04 06:06:43 +00:00
Tom Rhodes
6de681c6e6 Instead of just hinting at available octets, list some.
Mention that the setting of securelevel may affect one's ability to alter flags.
Xref security.7.
Bump doc date.
2006-03-04 02:38:40 +00:00
David Xu
6348ace8d1 Use a thread pool to process notification if sigev_notify_attributes
is default and caller does not require dedicated thread. timer needs
a dedicated thread to maintain overrun count correctly in notification
context. mqueue and aio can use thread pool to do notification
concurrently, the thread pool has lifecycle control, some threads will
exit if they have idled for a while.
2006-03-04 00:18:19 +00:00
Paul Saab
6308f39da8 use strlcpy in cvtstatfs and copy_statfs instead of bcopy to ensure
the copied strings are properly terminated.

bzero the statfs32 struct in copy_statfs.
2006-03-04 00:09:09 +00:00
David Xu
c402cadc1c save sigev_node pointer. 2006-03-04 00:08:24 +00:00
Paul Saab
45d48bdad5 Fix bug in malloc_uninit():
Releasing items from the mt_zone can not be done by a simple
uma_zfree() call since mt_zone is allocated with the UMA_ZONE_MALLOC
flag. Use uma_zfree_arg instead and supply the slab.

This bug caused panics in low memory situations on unloading kernel
modules containing MALLOC_DEFINE(..) statements.

Submitted by:	ups
2006-03-03 22:36:52 +00:00
Yaroslav Tykhiy
375ce6798f Take the functionality contained in the former "options TDFX_LINUX"
into a separate module.  Accordingly, convert the option into a device
named similarly.

Note for MFC: Perhaps the option should stay in RELENG_6 for POLA reasons.

Suggested by:	scottl
Reviewed by:	cokane
MFC after:	5 days
2006-03-03 21:37:38 +00:00
Wojciech A. Koszek
98213e5c70 Print "clear" and "dump" only once.
Reviewed by:	pjd
Approved by:	cognet (mentor)
MFC after:	3 days
2006-03-03 21:35:57 +00:00
Maxime Henrion
b0b13d1534 Don't build csup if NO_CRYPT or NO_OPENSSL is defined, since we depend
on those.

Reported by:	marius
2006-03-03 21:12:05 +00:00
Maxime Henrion
1bf308c1ea Cast the pointer to void * before casting it back to struct type * in
STAILQ_LAST.  This quiets a warning from GCC about increased required
alignment for the cast.

Idea from:      cognet
2006-03-03 18:54:33 +00:00
Alexander Leidinger
fb0a379774 - use a more common style to print memory sizes
- add some more cache sizes (2nd and 3rd level) [1]

Submitted by:	HATANOU Tomomi <hatanou@infolab.ne.jp> [1]
PR:		91328 [1]
2006-03-03 18:54:05 +00:00
Maxime Henrion
765b207771 This commit was generated by cvs2svn to compensate for changes in r156251,
which included commits to RCS files with non-trunk default branches.
2006-03-03 18:45:12 +00:00
Maxime Henrion
91be0d8ce3 Import today's csup sources to get the warning fix for queue.h. We
probably want to do something similar in sys/queue.h; it's bad to have
STAILQ_LAST() generate GCC warnings.
2006-03-03 18:45:12 +00:00
Yaroslav Tykhiy
9d5eafc196 Fix the decaying MODULES_WITH_WORLD again by adding a missing opt_*.h to SRCS. 2006-03-03 18:42:09 +00:00
Warner Losh
8dfbd03d30 Move XBOX option to options. While it is only valid on i386,
syscons_isa is shared with other machines.
2006-03-03 18:09:37 +00:00
Christian S.J. Peron
de572b371b Unbreak byte counters when network interfaces are in monitor mode by
re-organizing the monitor return logic. We perform interface monitoring
checks after we have determined if the CRC is still on the packet, if
it is, m_adj() is called which will adjust the packet length. This
ensures that we are not including CRC lengths in the byte counters for
each packet.

Discussed with:	andre, glebius
2006-03-03 17:21:08 +00:00
Maxime Henrion
1f6fe9ace7 Connect csup the build! 2006-03-03 14:55:43 +00:00
Maxime Henrion
2ed4c88a7d - Don't put the .h in SRCS.
- Use LDADD += -lpthread and DPADD += ${LIBPTHREAD} instead of -pthread.
- s/-I${.CURDIR}/-I./ to fix make obj.

Submitted by:	ru
2006-03-03 14:54:47 +00:00
Rink Springer
5fa7c51ff6 Committed the xbox syscons(8)-able console driver.
Reviewed by:    arch@ (no comments)
Approved by:    imp (mentor)
2006-03-03 14:52:57 +00:00
Jesus R. Camou
68dac191af Sync with actual code.
PR:		docs/87681
Noticed by:	Andreas Kohn <andreas@syndrom23.de>
Reviewed by:	brooks
Approved by:	trhodes (mentor)
MFC after:	3 days
2006-03-03 13:58:43 +00:00
Gleb Smirnoff
f051cb85e8 Correctly switch IFCAP_VLAN_HWTAGGING on and off.
Reported & tested by:	Peter Blok <pblok bsd4all.org>
2006-03-03 12:32:51 +00:00
Gleb Smirnoff
e2779391fa - Do not leak read lock in IP_FW_TABLE_GETSIZE case of ipfw_ctl().
- Acquire read (not write) lock in case of IP_FW_TABLE_LIST.

In collaboration with:	ru
2006-03-03 12:10:59 +00:00
Andrew Thompson
0908a232a3 Document the monitor mode and explain how it can be used. 2006-03-03 09:32:25 +00:00
Andrew Thompson
158a726c96 Since we are using random ethernet addresses for the bridge, it is possible
that we might have address collisions, so make sure that this hardware address
isn't already in use on another bridge.

Submitted by:	csjp
MFC after:	1 month
2006-03-03 09:12:21 +00:00
Paul Saab
6815739e00 Don't truncate f_mntfromname & f_mntonname to 16 characters when
translating statfs into ostatfs.  This allows 4.x binaries making
statfs calls to work on 6.x.
2006-03-03 07:20:54 +00:00
Matt Jacob
c1504bc00d micro fix from justin 2006-03-03 07:04:43 +00:00
Christian S.J. Peron
6f75ef188b Slightly re-worked bpf(4) code associated with bridging: if we have a
destination interface as a member of our bridge or this is a unicast packet,
push it through the bpf(4) machinery.

For broadcast or multicast packets, don't bother with the bpf(4) because it will
be re-injected into ether_input. We do this before we pass the packets through
the pfil(9) framework, as it is possible that pfil(9) will drop the packet or
possibly modify it, making it very difficult to debug firewall issues on the
bridge.

Further, implemented IFF_MONITOR for bridge interfaces. This does much the same
thing that it does for regular network interfaces: it pushes the packet to any
bpf(4) peers and then returns. This bypasses all of the bridge machinery,
saving mutex acquisitions, list traversals, and other operations performed by
the bridging code.

This change to the bridging code is useful in situations where individuals use a
bridge to multiplex RX/TX signals from two interfaces, as is required by some
network taps for de-multiplexing links and transmitting the RX/TX signals
out through two separate interfaces. This behaviour is quite common for network
taps monitoring links, especially for certain manufacturers.

Reviewed by:	thompsa
MFC after:	1 month
Sponsored by:	Seccuris Labs
2006-03-03 05:58:18 +00:00
Scott Long
a7f12baaca iir works on PAE now. 2006-03-03 04:30:18 +00:00
Maxime Henrion
dd78bf1a6a Add make glue for building csup. Not yet connected to the build. 2006-03-03 04:28:13 +00:00
Maxime Henrion
bb215397ee Initial import of csup. 2006-03-03 04:11:29 +00:00