MAC policy. To load a KLD, require that the subject hold Biba privilege,
and the the kernel module be marked as high integrity. To unload a
KLD, require that the subject hold Biba privilege.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
and MLS policies: as we support both an effective (single) element and
range (available) elements, require that the single be in the range if
both the single and range are defined in the update. Remove comments
suggesting that such a check might be a good idea.
Don't introduce a similar check for network interfaces; due to different
interpretations of the single and range elements, it's not clear that
it's useful to do so.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
labeling for Biba.
Rename the variable 'level' to 'type' in interface parsing and
labeling for MLS.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
always compatible with the i386 version.
This fixes one of the problems I had cross-releasing i386 on
Alpha: the produced "-f aout" binaries are now identical.
This makes such natural commands as "MKD ~user/newdir" or "STOR ~/newfile"
do what they are supposed to instead of failing miserably with the
"File not found" error.
This involves a bit of code reorganization. Namely, the code doing
glob(3) expansion has been separated to a function; a new function
has been introduced to do tilde expansion; the latter function is
invoked on a pathname before the former one. Thus behaviour mimicing
that of the Bourne shell has been achieved.
uio segment is empty. In this case no dma segment is create by
bus_dmamap_load_buffer, but the calling routine clears the first flag.
Under certain combinations of addresses of the first and second mbuf/uio
buffer this leads to corrupted DMA segment descriptors. This was already
fixed by tmm in sparc64/sparc64/iommu.c.
PR: kern/47733
Reviewed by: sam
Approved by: jake (mentor)
some USB devices. (Make sure to set xfer data length when we force
a short inquiry.)
Obtained from: NetBSD(sys/dev/usb/umass_scsipi.c rev.1.8)
Original idea from: Shingo WATANABE <nabe@nabechan.org>
to remove part of seed -> 1st value correlation. Correlation still remains
because of algorithm limits. Note that old algorithm have even stronger
correlation, especially in the lower bits area, but not eye-visible, as
current one.
This is a band-aid while I fret over how much breakage removing the
restriction entirely will result in.
Please note that this is still a limit for the entire pathname
relative to the mountpoint of devfs, so the length of "/dev/fd/3"
is 4 characters.
Change the si_name of dev_t's to be a char * and put a private buffer for
holding the name at then end of the struct.
Initialize si_name to point to the private buffer.
Put a KASSERT in geom_disk to prevent overrun on the fake dev_t we still
have to generate for the disk_drivers.