contrib/openbsm (svn merge) and sys/{bsm,security/audit} (manual merge).
- Add OpenBSM contrib tree to include paths for audit(8) and auditd(8).
- Merge support for new tokens, fixes to existing token generation to
audit_bsm_token.c.
- Synchronize bsm includes and definitions.
OpenBSM history for imported revisions below for reference.
MFC after: 1 month
Sponsored by: Apple Inc.
Obtained from: TrustedBSD Project
--
OpenBSM 1.1 alpha 2
- Include files in OpenBSM are now broken out into two parts: library builds
required solely for user space, and system includes, which may also be
required for use in the kernels of systems integrating OpenBSM. Submitted
by Stacey Son.
- Configure option --with-native-includes allows forcing the use of native
include for system includes, rather than the versions bundled with OpenBSM.
This is intended specifically for platforms that ship OpenBSM, have adapted
versions of the system includes in a kernel source tree, and will use the
OpenBSM build infrastructure with an unmodified OpenBSM distribution,
allowing the customized system includes to be used with the OpenBSM build.
Submitted by Stacey Son.
- Various strcpy()'s/strcat()'s have been changed to strlcpy()'s/strlcat()'s
or asprintf(). Added compat/strlcpy.h for Linux.
- Remove compatibility defines for old Darwin token constant names; now only
BSM token names are provided and used.
- Add support for extended header tokens, which contain space for information
on the host generating the record.
- Add support for setting extended host information in the kernel, which is
used for setting host information in extended header tokens. The
audit_control file now supports a "host" parameter which can be used by
auditd to set the information; if not present, the kernel parameters won't
be set and auditd uses unextended headers for records that it generates.
OpenBSM 1.1 alpha 1
- Add option to auditreduce(1) which allows users to invert sense of
matching, such that BSM records that do not match, are selected.
- Fix bug in audit_write() where we commit an incomplete record in the
event there is an error writing the subject token. This was submitted
by Diego Giagio.
- Build support for Mac OS X 10.5.1 submitted by Eric Hall.
- Fix a bug which resulted in host XML attributes not being arguments so
that const strings can be passed as arguments to tokens. This patch was
submitted by Xin LI.
- Modify the -m option so users can select more then one audit event.
- For Mac OS X, added Mach IPC support for audit trigger messages.
- Fixed a bug in getacna() which resulted in a locking problem on Mac OS X.
- Added LOG_PERROR flag to openlog when -d option is used with auditd.
- AUE events added for Mac OS X Leopard system calls.
directly include only the header files needed. This reduces the
unneeded spamming of various headers into lots of files.
For now, this leaves us with very few modules including vnet.h
and thus needing to depend on opt_route.h.
Reviewed by: brooks, gnn, des, zec, imp
Sponsored by: The FreeBSD Foundation
Sgtty is a programming interface that has been replaced by termios over
the years. In June we already removed <sgtty.h>, which exposes the
ioctl()'s that are implemented by this interface. The importance of this
flag is overrated right now.
it does come back it would probably be better if users who were interested
in slip added appropriate lines instead of this being here unconditionally.
Reminded by: tut <at> nhamon <dot> com <dot> ua
does ever come back it's probably best if its log file be something that
gets added if the user decided they want to run slip instead of having
it here unconditionally.
when it sees only received packets. In some cases where a device only
recieves data it mistakenly thinks that its transmitting side is broken
and resets the device.
Obtained from: Chelsio Inc.
MFC after: 3 days
of the boot0.S code, with a number of compile-time selectable options,
the most interesting one being the ability to select PXE booting.
The code is completely compatible with the previous one, and with
the boot0cfg program. Even the actual code is largely unmodified,
with only minor rearrangements or fixes to make room for the new
features.
The behaviour of the standard build differs from the previous
version in the following, minor things:
+ 'noupdate' is the default, which means the code does not
write back the selection to disk. You can enable the feature
at runtime with boot0cfg, or changing the flags in the Makefile.
+ a drive number of 0x00 (floppy, or USB in floppy emulation) is
now accepted as valid. Previously, it was overridden with 0x80,
meaning that the partition table coming from the media was
used to access sectors on a possibly different media.
You can revert to the previous mode building with -DCHECK_DRIVE,
and you can always use the 'setdrv' option in boot0cfg
+ certain FAT or NTFS partitions are listed as WIN instead of DOS.
+ the 'bel' character on a bad selection is replaced by a '#' to
make it clear that the system is not hang even if the machine
does not have a speaker. This can be reverted back at compile
time, or at runtime with an upcoming boot0cfg option.
Additional features are available as compile time options,
and may be become the default if deemed useful. In particular:
+ INT18/PXE boot (make -DPXE)
This option enables booting through INT 18h (which on certain
BIOSes can be hooked to PXE) by pressing F6. There is unfortunately
no room to print the additional menu option.
Also, to make room for the code, the 'Default: ' string is
changed to 'Boot: '
+ print current drive number (make -DTEST)
Prints a line indicating the current drive number.
This is useful to figure out what is going on for machines/bioses
which remap drives in sometimes surprising ways.
+ disable numeric keys in console mode (make -DONLY_F_KEYS)
Not really a significant option, but it is needed to make
room for the -DTEST mode.
+ disable floppy support (make -DCHECK_DRIVE)
Revert to the old behaviour of only accepting 0x80 and above
as valid drive numbers.
MFC after: 6 weeks
does not use any external symbols, thus avoiding possible recursion into
rtld to resolve symbols, when called.
Reviewed by: kan, davidxu
Tested by: rink
MFC after: 1 month
entries for one name. Then, creating inode with that name would remove
one entry, leaving others dormant. Reclaiming the vnode would uncover
negative entries, causing false return of ENOENT from the calls like
stat, that do not create inode.
Prevent creation of the duplicated negative entries.
Reported and debugged with: pho
Reviewed by: jhb
X-MFC: after shared lookup changes
hardware for PMCs that have been configured for sampling.
- Bug fix: acknowledge PMC hardware overflows irrespective of the
the (software) PMC's state.
- break complex conditionals in to multiple lines to avoid wrapping
- remove copious unused debug statements
- be more aggressive about cleaning in the calling thread
- eliminate usage of ENOSPC
- increase number of iterations that cxgbsp can do
- eliminate "initerr" usage to simplify ENOBUFS handling
- when coalescing pass all packets to BPF
- always set overrun if hardware queue is full
This changes struct kinfo_filedesc and kinfo_vmentry such that they are
same on both 32 and 64 bit platforms like i386/amd64 and won't require
sysctl wrapping.
Two new OIDs are assigned. The old ones are available under
COMPAT_FREEBSD7 - but it isn't that simple. The superceded interface
was never actually released on 7.x.
The other main change is to pack the data passed to userland via the
sysctl. kf_structsize and kve_structsize are reduced for the copyout.
If you have a process with 100,000+ sockets open, the unpacked records
require a 132MB+ copyout. With packing, it is "only" ~35MB. (Still
seriously unpleasant, but not quite as devastating). A similar problem
exists for the vmentry structure - have lots and lots of shared libraries
and small mmaps and its copyout gets expensive too.
My immediate problem is valgrind. It traditionally achieves this
functionality by parsing procfs output, in a packed format. Secondly, when
tracing 32 bit binaries on amd64 under valgrind, it uses a cross compiled
32 bit binary which ran directly into the differing data structures in 32
vs 64 bit mode. (valgrind uses this to track file descriptor operations
and this therefore affected every single 32 bit binary)
I've added two utility functions to libutil to unpack the structures into
a fixed record length and to make it a little more convenient to use.
offload for VLAN frames are also supported. The VLAN hardware
assistance is available only on 82550/82551 based controllers.
While I'm here change the confusing name of bit1 in byte 22 of
configuration block to vlan_drop_en. The bit controls whether
hardware strips VLAN tagged frame or not. Special thanks to wpaul
who sent valuable VLAN related information to me.
Tested on: i386, sparc64
events. Just reading PMDR register was not enough to have fxp(4)
immuninize against received magic packets during system boot.
Tested by: Alexey Shuvaev < shuvaev <> physik DOT uni-wuerzburg DOT de >
exact multiple of system page size should still be allowed to be mapped
in their entirety to match the regular vnode backed file behavior.
Reported by: ed
Reviewed by: jhb
by switching into single-thread mode.
libthr ignores broken use of lock bitmaps used by default rtld locking
implementation, this in turn turns lock handoff in _rtld_thread_init
into NOP. This in turn makes child processes of forked multi-threaded
programs to run with _thr_signal_block still in effect, with most
signals blocked.
Reported by: phk, kib
module; the ath module now brings in the hal support. Kernel
config files are almost backwards compatible; supplying
device ath_hal
gives you the same chip support that the binary hal did but you
must also include
options AH_SUPPORT_AR5416
to enable the extended format descriptors used by 11n parts.
It is now possible to control the chip support included in a
build by specifying exactly which chips are to be supported
in the config file; consult ath_hal(4) for information.
