freebsd-skq/sys
Robert Watson 030a28b3b5 Introduce new MAC Framework and MAC Policy entry points to control the use
of system calls to manipulate elements of the process credential,
including:

        setuid()                mac_check_proc_setuid()
        seteuid()               mac_check_proc_seteuid()
        setgid()                mac_check_proc_setgid()
        setegid()               mac_check_proc_setegid()
        setgroups()             mac_check_proc_setgroups()
        setreuid()              mac_check_proc_setreuid()
        setregid()              mac_check_proc_setregid()
        setresuid()             mac_check_proc_setresuid()
        setresgid()             mac_check_rpoc_setresgid()

MAC checks are performed before other existing security checks; both
current credential and intended modifications are passed as arguments
to the entry points.  The mac_test and mac_stub policies are updated.

Submitted by:	Samy Al Bahra <samy@kerneled.org>
Obtained from:	TrustedBSD Project
2005-04-16 13:29:15 +00:00
..
alpha Use PCPU_LAZY_INC() for cnt.v_{intr,trap,syscalls} rather than atomic 2005-04-12 23:18:54 +00:00
amd64 Update to DRM CVS as of 2005-04-12, bringing many changes: 2005-04-16 03:44:47 +00:00
arm Unbreak the vector_page == 0x00000000 case. Map the vector page L1PT into the 2005-04-14 14:32:32 +00:00
boot MFi386: revision 1.20. 2005-04-14 14:12:54 +00:00
bsm Add a stub audit_kevents.h, which defines exactly one audit event: 2005-02-02 14:27:36 +00:00
cam Make sure we look at the correct sub op codes when 2005-04-14 04:51:18 +00:00
coda - Change all filesystems and vfs_cache to relock the dvp once the child is 2005-04-13 10:59:09 +00:00
compat When setting up the new stack for a function in x86_64_wrap(), make 2005-04-16 04:47:15 +00:00
conf Add ALQ and KTR_ALQ to NOTES so that they are built into LINT. 2005-04-16 12:14:43 +00:00
contrib Modify the alq(9) alq_open() API to accept a file creation mode, rather 2005-04-16 12:12:27 +00:00
crypto gbde(8) is also rejndael user. 2005-03-11 22:07:04 +00:00
ddb rev 1.54 of i386/include/pcb.h depended on sys/proc.h. The prerequisite 2005-04-14 05:25:40 +00:00
dev Update to DRM CVS as of 2005-04-12, bringing many changes: 2005-04-16 03:44:47 +00:00
doc
fs Fix mbnambuf support for multi-byte characters. If a substring is larger 2005-04-16 01:49:50 +00:00
gdb check return value of gdb_rx_varhex 2005-03-28 18:31:18 +00:00
geom Protect against recursive labels creation in simlar way as it is done 2005-04-12 08:14:15 +00:00
gnu - Change all filesystems and vfs_cache to relock the dvp once the child is 2005-04-13 10:59:09 +00:00
i4b Don't use 'i386/include' directly. 2005-04-08 03:37:20 +00:00
i386 Update to DRM CVS as of 2005-04-12, bringing many changes: 2005-04-16 03:44:47 +00:00
ia64 Return better "error" values for UWX_BOTTOM and UWX_ABI_FRAME in 2005-04-16 05:38:59 +00:00
isa Add ISACFGATTR_HINTS flag to allow detection of a device that was created 2005-04-13 03:26:24 +00:00
isofs/cd9660 - Change all filesystems and vfs_cache to relock the dvp once the child is 2005-04-13 10:59:09 +00:00
kern Introduce new MAC Framework and MAC Policy entry points to control the use 2005-04-16 13:29:15 +00:00
libkern Replace the current strspn() and strcspn() with significantly faster 2005-04-02 18:52:44 +00:00
modules Update to DRM CVS as of 2005-04-12, bringing many changes: 2005-04-16 03:44:47 +00:00
net Zero the ifr.ifr_name buffer in ifconf() in order to avoid 2005-04-15 01:52:40 +00:00
net80211 Revise crypto api lightly to improve group key handling: 2005-04-12 17:55:13 +00:00
netatalk When generating a phase II ARP lookup from aarpwhohas(), use a 2005-02-22 14:37:22 +00:00
netatm In the current world order, solisten() implements the state transition of 2005-02-21 21:58:17 +00:00
netgraph - Return error, if there was one. 2005-04-15 10:14:00 +00:00
netinet Centralized finding the protocol header in IP packets in preperation for 2005-04-15 00:47:44 +00:00
netinet6 Remove dead code which would never execute. 2005-04-14 11:41:23 +00:00
netipsec correct space check 2005-03-09 15:28:48 +00:00
netipx Update copyright: parts of the netipx implementation are covered by a 2005-04-10 18:05:46 +00:00
netkey
netnatm Mark netatm and netnatm explicitly as requiring Giant, as they still do. 2005-02-17 14:21:22 +00:00
netncp avoid potential null ptr derefs 2005-02-23 22:44:38 +00:00
netsmb Explicitly hold a reference to the cdev we have just cloned. This 2005-03-31 12:19:44 +00:00
nfs
nfs4client - cache_lookup() relocks the parent in the DOTDOT case for us. 2005-04-14 07:08:34 +00:00
nfsclient - cache_lookup() relocks the parent in the DOTDOT case for us. 2005-04-14 07:08:34 +00:00
nfsserver avoid potential null ptr deref by free'ing excess mbufs instead of 2005-03-28 18:51:58 +00:00
opencrypto just use crypto/rijndael, and nuke opencrypto/rindael.[ch]. 2005-03-11 17:24:46 +00:00
pc98 Really remove the last vestiges of mixed mode from all but amd64. 2005-04-15 06:56:52 +00:00
pccard Remove more deadwood that never got implemented in NEWCARD, since NEWCARD 2005-02-15 02:54:53 +00:00
pci Invert conditional and use continue to reduce nesting. 2005-04-13 01:32:06 +00:00
posix4 Actually commit the code for kern_sched_get_rr_interval(). 2005-03-31 22:54:48 +00:00
powerpc Use PCPU_LAZY_INC() for cnt.v_{intr,trap,syscalls} rather than atomic 2005-04-12 23:18:54 +00:00
rpc - Don't call rpcclnt_realign() if we don't have any mbufs to realign. 2005-03-19 01:16:25 +00:00
security Introduce new MAC Framework and MAC Policy entry points to control the use 2005-04-16 13:29:15 +00:00
sparc64 Close a race I introduced in the spinlock_* changes. We need to finish 2005-04-14 18:30:10 +00:00
sys Introduce new MAC Framework and MAC Policy entry points to control the use 2005-04-16 13:29:15 +00:00
tools - Add the character "E" to the understood lock types. This means 2005-04-11 15:15:03 +00:00
ufs - Plug memory leak. 2005-04-16 10:57:49 +00:00
vm Unbreak the build on 64-bit architectures. 2005-04-16 12:37:16 +00:00
Makefile When building cscopnamefile, default architecture to ${MACHINE}, not i386. 2005-03-08 00:09:41 +00:00