really be moved elsewhere: p_candebug() encapsulates the security
policy decision, whereas the P_INEXEC check has to do with "correctness"
regarding race conditions, rather than security policy.
Example: even if no security protections were enforced (the "uids are
advisory" model), removing P_INEXEC could result in incorrect operation
due to races on credential evaluation and modification during execve().
Obtained from: TrustedBSD Project
o Reorder and synchronize #include's, including moving "opt_cap.h" to
above system includes.
o Introduce #ifdef'd kern.security.capabilities sysctl tree, including
kern.security.capabilities.enabled, which defaults to 0.
The rest of the file remains stubs for the time being.
Obtained from: TrustedBSD Project
o POSIX.1e capabilities authorize overriding of VEXEC for VDIR based
on CAP_DAC_READ_SEARCH, but of !VDIR based on CAP_DAC_EXECUTE. Add
appropriate conditionals to vaccess() to take that into account.
o Synchronization cap_check_xxx() -> cap_check() change.
Obtained from: TrustedBSD Project
- Introduce cap_check_td() to reflect suser_td()
- Introduce non-portable cap_from_text2_np(), which converts a
text-form capability to an internal form relative to an existing
capability, and non-portable cap_to_text2_np(), which accepts
a flag argument specifying more about the text output format.
- Introduce CTT_* flags controlling the behavior of
cap_to_text2_np().
Submitted by: tmm
Obtained from: TrustedBSD Project
When we truncate the msgbuf size because the last chunk is too small,
correctly terminate the phys_avail[] array - the VM system tests
the *end* for zero, not the start. This leads the VM startup to
attempt to recreate a duplicate set of pages for all physical memory.
XXX the msgbuf handling is suspiciously different on i386 vs
alpha/ia64...
o Add reference to TrustedBSD Project in license header.
o Update dated comments, including comment in extattr.h claiming that
no file systems support extended attributes.
o Improve comment consistency.
credential selection, rather than reference via a thread or process
pointer. This is part of a gradual migration to suser() accepting
a struct ucred instead of a struct proc, simplifying the reference
and locking semantics of suser().
Obtained from: TrustedBSD Project
- Now that apm loadable module can inform its existence to other kernel
components (e.g. i386/isa/clock.c:startrtclock()'s TCS hack).
- Exchange priority of SI_SUB_CPU and SI_SUB_KLD for above purpose.
- Add simple arbitration mechanism for APM vs. ACPI. This prevents
the kernel enables both of them.
- Remove obsolete `#ifdef DEV_APM' related code.
- Add abstracted interface for Powermanagement operations. Public apm(4)
functions, such as apm_suspend(), should be replaced new interfaces.
Currently only power_pm_suspend (successor of apm_suspend) is implemented.
Reviewed by: peter, arch@ and audit@
us a lot on older Alphas.
Andrew Gallatin, Thomas V. Crimi, and Peter Jeremy contributed to this
work along with the submitter.
Submitted by: Andrew M. Miklic <miklic@home.com>
dedicated" mode. This was specifying that there are 256 (illegal!)
heads on the disk. If bioses store that in a byte, and it gets truncated
to 0, then that almost certainly causes the infamous divide-by-zero
nightmare.
This is also most likely the reason why the Thinkpad T20/A20 series
were locking up when FreeBSD was installed. This is also the most likely
reason why a boot1 being present causes an IA64 box to lock up at boot.
(removing the "part4" stuff from boot1.s fixes the IA64 boxes and would
most likely have fixed the T20/A20 and some TP600E series thinkpads)
booted from it when doing an installkernel.
Only change kern.bootfile from ${DESTDIR}${KODIR}/${KERNEL_KO}
to ${DESTDIR}${KODIR}.old/${KERNEL_KO}, and only when we're renaming
a booted ${DESTDIR}${KODIR}/${KERNEL_KO} kernel.
a temporary fix so that we can compile kernels. I waited 30 minutes
for a response from the person who would likely know, but any longer
is too long to wait with breakage at ToT.
(allocating pv entries w/ zalloci) when called in a loop due to
an madvise(). It is possible to completely exhaust the free page list and
cause a system panic when an expected allocation fails.
