Commit Graph

65127 Commits

Author SHA1 Message Date
Brooks Davis
efacde1bcc The number of ccd(4) devices is no longer set at compile time so stop
trying to do it in the examples and config files.
2001-09-26 22:41:02 +00:00
Brooks Davis
2862fc7a49 Call securelevel_gt with a credential. Also, s/p/td->td_proc/.
Submitted by:	LINT
2001-09-26 22:02:01 +00:00
Brooks Davis
49c024e373 Include sys/proc.h for the definition of securelevel_ge().
Submitted by:	LINT
2001-09-26 21:53:20 +00:00
David E. O'Brien
7d437141ba Unconditionally use basename.c source vs. only doing this if the libc we
are linking against does not have basename().  There is a buffer overflow
bug in lib/libc/gen/basename.c rev 1.1.  There is no way for us to test
what revision of basename() we have in libc, thus this change.

Requested by:	ru
2001-09-26 20:51:51 +00:00
Robert Watson
57358f1e93 o Re-enable support of system file flags in jail() by adding back the
PRISON_ROOT to the suser_xxx() check.  Since securelevels may now
  be raised in specific jails, use of system flags can still be
  restricted in jail(), but in a more configurable way.
o Users of jail() expecting system flags (such as schg) to restrict
  jail()'s should be sure to set the securelevel appropriately in
  jail()'s.
o This fixes activities involving automated system flag removal in
  jail(), including installkernel and friends.

Obtained from:	TrustedBSD Project
2001-09-26 20:44:41 +00:00
Robert Watson
87fce2bb96 o When performing a securelevel check as part of securelevel_ge() or
securelevel_gt(), determine first if a local securelevel exists --
  if so, perform the check based on imax(local, global).  Otherwise,
  simply use the global value.
o Note: even though local securelevels might lag below the global one,
  if the global value is updated to higher than local values, maximum
  will still be used, making the global dominant even if there is local
  lag.

Obtained from:	TrustedBSD Project
2001-09-26 20:41:48 +00:00
Robert Watson
8a528812a0 o Modify kern.securelevel MIB entry to return a local securelevel, if
one is present in the current jail, otherwise, to return the global
  securelevel.
o If the securelevel is being updated, require that it be greater than
  the maximum of local and global, if a local securelevel exists,
  otherwise, just maximum of the global.  If there is a local
  securelevel, update the local one instead of the global one.
o Note: this does allow local securelevels to lag behind the global one
  as long as the local one is not updated following a global increase.

Obtained from:	TrustedBSD Project
2001-09-26 20:39:48 +00:00
Robert Watson
567931c8f6 o Initialize per-jail securelevel from global securelevel as part of
jail creation.

Obtained from:	TrustedBSD Project
2001-09-26 20:37:15 +00:00
Robert Watson
bda63e26d8 o Introduce pr_securelevel, which holds a per-jail securelevel.
Obtained from:	TrustedBSD Project
2001-09-26 20:36:08 +00:00
Robert Watson
6748bcc51e o Modify ufs_setattr() so that it uses securelevel_gt() instead of
direct variable access.

Obtained from:	TrustedBSD Project
2001-09-26 20:31:37 +00:00
Robert Watson
8c5d4fe829 o Modify access control checks in mmap() to use securelevel_gt() instead
of direct variable access.

Obtained from:	TrustedBSD Project
2001-09-26 20:29:39 +00:00
Robert Watson
3026f29e34 o securelevel_gt() patches came from pre-KSE alpha -- this revision
fixes the compile and uses td->td_proc instead of p.

Obtained from:	TrustedBSD Project
2001-09-26 20:27:23 +00:00
Robert Watson
e8a340cd9a o Modify pc98 syscons code to use securelevel_gt() instead of
direct variable checks.  (Yet another API to perform direct hardware I/O).

Obtained from:	TrustedBSD Project
2001-09-26 20:26:32 +00:00
Robert Watson
b9c6f21493 o Modify the access control checks for the ia64 /dev/mem (and friends)
to use securelevel_gt() instead of direct variable checks.

Obtained from:	TrustedBSD Project
2001-09-26 20:24:23 +00:00
Jeroen Ruigrok van der Werven
54045486e0 Add ERRORS section.
Mention thread safety and async-cancel safety status [not].
Add standards compliancy references.
Note strtol() is preferred over atoi().

MFC after:	2 weeks
2001-09-26 20:22:44 +00:00
Robert Watson
41c42188c8 o Modify access control checks in linux_iopl() to use securelevel_gt()
rather than direct variable checks.  (Yet another API to perform
  direct hardware I/O.)

Obtained from:	TrustedBSD Project
2001-09-26 20:22:38 +00:00
Robert Watson
ce3a32b6da o Modify pcvt ioctl() security checks to use securelevel_gt() instead
of direct securelevel variable checks.  (Yet another API to perform
  direct hardware I/O using KDENABIO.)

Obtained from:	TrustedBSD Project
2001-09-26 20:21:28 +00:00
Robert Watson
9997f52470 o Modify spigot_open() to use securelevel_gt() instead of direct
securelevel variable checks.

Obtained from:	TrustedBSD Project
2001-09-26 20:20:05 +00:00
Robert Watson
f86cf763ef o Modify generic specfs device open access control checks to use
securelevel_ge() instead of direct securelevel variable checks.

Obtained from:	TrustedBSD Project
2001-09-26 20:18:26 +00:00
Robert Watson
8c7cc7234e o Modify syscons ioctl securelevel checks to use securelevel_gt() (oh look,
yet another API to do direct hardware I/O access.)

Obtained from:	TrustedBSD Project
2001-09-26 20:17:15 +00:00
Robert Watson
19f1565901 o Modify open() and close() for /dev/random to use securelevel_gt() instead
of direct securelevel variable checks.

Obtained from:	TrustedBSD Project
2001-09-26 20:15:42 +00:00
Robert Watson
8002488bd9 o Modify access control code for /dev/pci device to use securelevel_gt()
instead of direct securelevel variable test.

Obtained from:	TrustedBSD Project
2001-09-26 20:14:03 +00:00
Robert Watson
f7312ca2a9 o Modify access control code for the CAM SCSI pass-through device to
use securelevel_gt() instead of direct securelevel variable test.

Obtained from:	TrustedBSD Project
2001-09-26 20:13:16 +00:00
Jeroen Ruigrok van der Werven
5578cfa2fa Be explicit about the POSIX version it conforms to [in this case 1990].
Put the error comment under the more appropriate ERRORS section.
2001-09-26 20:10:10 +00:00
Robert Watson
330e78897a o Modify i386_set_ioperm() to use securelevel_gt() instead of
direct securelevel variable checks.

Obtained from:	TrustedBSD Project
2001-09-26 20:08:15 +00:00
Robert Watson
1851c8fd41 o Modify device open access control for /dev/mem and friends to use
securelevel_gt() instead of direct securelevel variable checks.

Obtained from:	TrustedBSD Project
2001-09-26 20:08:02 +00:00
Robert Watson
785f9ffca3 o Modify IPFW and DUMMYNET administrative setsockopt() calls to use
securelevel_gt() to check the securelevel, rather than direct access
  to the securelevel variable.

Obtained from:	TrustedBSD Project
2001-09-26 19:58:29 +00:00
Robert Watson
d501d04b9e o Modify static settime() to accept the proc * for the process requesting
a time change, and callers so that they provide td->td_proc.
o Modify settime() to use securevel_gt() for securelevel checking.

Obtained from:	TrustedBSD Project
2001-09-26 19:53:57 +00:00
Robert Watson
c2f413af19 o Modify sysctl access control check to use securelevel_gt(), and
clarify sysctl access control logic.

Obtained from:	TrustedBSD Project
2001-09-26 19:51:25 +00:00
Jeroen Ruigrok van der Werven
99e8131545 Change standards compliancy order so that C and POSIX are grouped. 2001-09-26 19:42:39 +00:00
Matthew Dillon
46cad5761c Enable vmiodirenable by default. Remove incorrect comment from sysctl.conf.
MFC after:	1 week
2001-09-26 19:35:04 +00:00
Guido van Rooij
775b007440 Redo patch in 1.22 such that the header printing is reset when the
process gets a SIGCONT

Reviewed by:	kris@freebs.org
MFC after:	2 weeks
2001-09-26 19:35:03 +00:00
Doug Rabson
fa129a40db Tidy up and fix a runtime warning. 2001-09-26 16:15:20 +00:00
Ruslan Ermilov
43e09ab2db WARNSify. 2001-09-26 11:34:14 +00:00
Ruslan Ermilov
1b00c916a1 The "cat - -" feature was broken by the last commit.
Restore the code that avoided closing and reopening
stdin.  This is also required by POSIX.  As a bonus,
enable multiple stdin reads with the -benstv flags,
by resetting the EOF condition on stdin.
2001-09-26 11:32:23 +00:00
Matthew Dillon
3418ebebfe Make uio_yield() a global. Call uio_yield() between chunks
in vn_rdwr_inchunks(), allowing other processes to gain an exclusive
lock on the vnode.  Specifically: directory scanning, to avoid a race to the
root directory, and multiple child processes coring simultaniously so they
can figure out that some other core'ing child has an exclusive adv lock and
just exit instead.

This completely fixes performance problems when large programs core.  You
can have hundreds of copies (forked children) of the same binary core all
at once and not notice.

MFC after:	3 days
2001-09-26 06:54:32 +00:00
Poul-Henning Kamp
c36b0a4edb Give people a chance to do things before fsck is run.
MFC after:	2 weeks
2001-09-26 06:17:25 +00:00
David E. O'Brien
364f9ab989 Run rc.devfs a little bit earlier.
Many people like to use generic devices in rc.syscons, etc..
So rc.devfs needs to run before those rc files.

Requested by:	Jos Backus <josb@cncdsl.com>
2001-09-26 06:01:40 +00:00
Marcel Moolenaar
b18013f823 The arg parameter is passed by value in Linux, but not in FreeBSD.
We still have to account for a copyin. Make sure the copyin will
succeed by passing the FreeBSD syscall a pointer to userspace,
albeit one that's automagically mapped into kernel space.

Reported by: mr, Mitsuru IWASAKI <iwasaki@jp.FreeBSD.org>
Tested by: Mitsuru IWASAKI <iwasaki@jp.FreeBSD.org>
2001-09-26 05:39:59 +00:00
Paul Saab
88b1d98f31 Lock the vnode while truncating the corefile. This fixes a panic
with softupdates dangling deps.

Submitted by:	peter
MFC:		ASAP :)
2001-09-26 01:24:07 +00:00
Brooks Davis
9efaa0ae62 Add a standard hack in the spirit of PCI_ENABLE_IO_MODES to allow systems
with weird PCI-PCI bridge configurations to work.  Defining
PCI_ALLOW_UNSUPPORTED_IO_RANGE causes the sanity checks to pass even
with out of range values.

Reviewed by:	msmith
2001-09-26 01:11:33 +00:00
Bill Fenner
bd5b9e17b0 Fix (typo? pasteo?): panic("ffs_mountroot..." -> panic("ntfs_mountroot...") 2001-09-26 00:36:33 +00:00
Peter Wemm
4d7552180d Make this 'make obj' safe 2001-09-26 00:13:08 +00:00
John Baldwin
21377ce065 Remove superflous parens after de-macroizing. 2001-09-26 00:05:18 +00:00
John Baldwin
6b12d30f28 Include sys/ktr.h before sys/_lock.h to ensure LOCK_DEBUG is set to its
proper value.
2001-09-25 23:52:30 +00:00
John Baldwin
9ba567a07c Move the definition of LOCK_DEBUG from sys/lock.h to sys/_lock.h. 2001-09-25 23:51:54 +00:00
Scott Long
a3484cc54c Clarify how to determine the firmware version.
Submitted by:	Anders Andersson <anders@codefactory.se>
MFC after:	3 days
2001-09-25 22:33:53 +00:00
Robert Watson
75bc5b3f22 o So, when <dd> e-mailed me and said that the comment was inverted
for securelevel_ge() and securelevel_gt(), I was a little surprised,
  but fixed it.  Turns out that it was the code that was inverted, during
  a whitespace cleanup in my commit tree.  This commit inverts the
  checks, and restores the comment.
2001-09-25 21:08:33 +00:00
Ian Dowse
3f48bf186f RFC2132 is not clear about whether the "Maximum DHCP Message Size"
refers to the size of the whole ethernet packet, just the DHCP
message within the UDP payload, or something else. bootpd interpreted
it as a maximum UDP payload size, so it could end up sending
fragmented packets to clients (such as some versions of Etherboot)
that used different interpretations of the maximum message size.

Switch to the most conservative interpretation: ensure that the
ethernet packet containing the response is no larger than the
specified maximum message size. This matches the behaviour of
the ISC dhcpd.

MFC after:	1 week
2001-09-25 21:02:10 +00:00
Ian Dowse
2510719736 The -A option (beep when packets are dropped) didn't work quite
right; after a single packet was dropped it beeped after every
transmission.

Change its implementation to only output a bell when there is an
increase in the maximum value of the number of packets that were
sent but not yet received. This has the benefit that even for very
long round-trip times, ping -A will do roughly the right thing
after a few inital false-positives.

Reviewed by:	ru
2001-09-25 20:22:33 +00:00