d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4af919b491
freebsd-skq/sys/kern
History
rwatson 4af919b491 Second-to-last commit implementing Capsicum capabilities in the FreeBSD 
kernel for FreeBSD 9.0:

Add a new capability mask argument to fget(9) and friends, allowing system
call code to declare what capabilities are required when an integer file
descriptor is converted into an in-kernel struct file *.  With options
CAPABILITIES compiled into the kernel, this enforces capability
protection; without, this change is effectively a no-op.

Some cases require special handling, such as mmap(2), which must preserve
information about the maximum rights at the time of mapping in the memory
map so that they can later be enforced in mprotect(2) -- this is done by
narrowing the rights in the existing max_protection field used for similar
purposes with file permissions.

In namei(9), we assert that the code is not reached from within capability
mode, as we're not yet ready to enforce namespace capabilities there.
This will follow in a later commit.

Update two capability names: CAP_EVENT and CAP_KEVENT become
CAP_POST_KEVENT and CAP_POLL_KEVENT to more accurately indicate what they
represent.

Approved by:	re (bz)
Submitted by:	jonathan
Sponsored by:	Google Inc
2011-08-11 12:30:23 +00:00
..
bus_if.m Add a new bus method, BUS_ADJUST_RESOURCE() that is intended to be a 2011-04-29 21:36:45 +00:00
capabilities.conf Continue to introduce Capsicum Capability Mode support: 2011-03-01 13:28:27 +00:00
clock_if.m
cpufreq_if.m
device_if.m Update comments for DEVICE_PROBE() to reflect that BUS_PROBE_DEFAULT is 2011-05-24 13:22:40 +00:00
genassym.sh
imgact_aout.c Do not trash the argv[0] pointer for an a.out process on amd64. 2011-06-16 22:00:59 +00:00
imgact_elf32.c
imgact_elf64.c
imgact_elf.c All the racct_*() calls need to happen with the proc locked. Fixing this 2011-07-06 20:06:44 +00:00
imgact_gzip.c Add accounting for most of the memory-related resources. 2011-04-05 20:23:59 +00:00
imgact_shell.c The execution of the shebang script requires putting interpreter path, 2011-03-06 22:59:30 +00:00
inflate.c
init_main.c Enable accounting for RACCT_NPROC and RACCT_NTHR. 2011-03-31 19:22:11 +00:00
init_sysent.c Auto-generated system call code with cap_new(), cap_getrights(). 2011-07-15 18:33:12 +00:00
kern_acct.c Use ISO C99 integer types in sys/kern where possible. 2010-06-21 09:55:56 +00:00
kern_alq.c - Rework the underlying ALQ storage to be a circular buffer, which amongst other 2010-04-26 13:48:22 +00:00
kern_clock.c - Remove the eintrcnt/eintrnames usage and introduce the concept of 2011-07-18 15:19:40 +00:00
kern_clocksource.c Set negative quality to TSC timecounter when C3 state is enabled for Intel 2011-06-22 16:40:45 +00:00
kern_condvar.c
kern_conf.c Fix the devmtx lock leak from make_dev(9) when the old device cloning 2011-07-30 14:12:37 +00:00
kern_cons.c Add descriptions to a handful of sysctl nodes. 2010-08-09 14:48:31 +00:00
kern_context.c Clear the padding when returning context to the usermode, for 2011-02-05 15:10:27 +00:00
kern_cpu.c cpufreq: allocate long-lived buffer for handling of sysctl requests 2010-07-23 16:46:42 +00:00
kern_cpuset.c Fix KTR_CPUMASK in order to accept a string representing a cpuset_t. 2011-05-31 20:48:58 +00:00
kern_ctf.c
kern_descrip.c Second-to-last commit implementing Capsicum capabilities in the FreeBSD 2011-08-11 12:30:23 +00:00
kern_dtrace.c Add some FEATURE macros for various features (AUDIT/CAM/IPC/KTR/MAC/NFS/NTP/ 2011-02-25 10:11:01 +00:00
kern_environment.c MFC 2011-05-23 23:58:02 +00:00
kern_et.c sysctl(9) cleanup checkpoint: amd64 GENERIC builds cleanly. 2011-01-12 19:54:19 +00:00
kern_event.c Second-to-last commit implementing Capsicum capabilities in the FreeBSD 2011-08-11 12:30:23 +00:00
kern_exec.c Second-to-last commit implementing Capsicum capabilities in the FreeBSD 2011-08-11 12:30:23 +00:00
kern_exit.c All the racct_*() calls need to happen with the proc locked. Fixing this 2011-07-06 20:06:44 +00:00
kern_fail.c Add an option to have a fail point term only execute when run by a 2011-07-08 20:41:12 +00:00
kern_fork.c Implement an RFTSIGZMB flag to rfork(2) to specify a signal that is 2011-07-12 20:37:18 +00:00
kern_gzio.c Do not set IO_NODELOCKED while writing to vnodes as our consumers 2010-04-30 03:10:53 +00:00
kern_hhook.c Staticize malloc types. 2011-04-13 11:28:46 +00:00
kern_idle.c MFC 2011-05-31 21:22:44 +00:00
kern_intr.c - Remove the eintrcnt/eintrnames usage and introduce the concept of 2011-07-18 15:19:40 +00:00
kern_jail.c Always disable mount and unmount for jails with enforce_statfs==2. 2011-08-02 19:44:40 +00:00
kern_khelp.c Use the full and proper company name for Swinburne University of Technology 2011-04-12 08:13:18 +00:00
kern_kthread.c - Properly initialize the base priority (td_base_pri) of thread0 to PVM 2011-01-06 22:26:00 +00:00
kern_ktr.c Fix KTR_CPUMASK in order to accept a string representing a cpuset_t. 2011-05-31 20:48:58 +00:00
kern_ktrace.c Fix several places to ignore processes that are not yet fully constructed. 2011-04-06 17:47:22 +00:00
kern_linker.c Don't leak kld_sx lock in kldunloadf(). 2011-07-31 13:49:15 +00:00
kern_lock.c Fix the LK_NOSHARE lockmgr flag interaction with LK_UPGRADE and 2011-08-01 19:07:03 +00:00
kern_lockf.c
kern_lockstat.c
kern_loginclass.c Add racct. It's an API to keep per-process, per-jail, per-loginclass 2011-03-29 17:47:25 +00:00
kern_malloc.c Modestly increase the maximum allowed size of the kmem map on i386. 2011-03-23 16:38:29 +00:00
kern_mbuf.c Use ISO C99 integer types in sys/kern where possible. 2010-06-21 09:55:56 +00:00
kern_mib.c Define two new sysctl node flags: CTLFLAG_CAPRD and CTLFLAG_CAPRW, which 2011-07-17 23:05:24 +00:00
kern_module.c Style fix. 2010-11-22 15:28:54 +00:00
kern_mtxpool.c
kern_mutex.c - Remove <machine/mutex.h>. Most of the headers were empty, and the 2010-11-09 20:46:41 +00:00
kern_ntptime.c Add some FEATURE macros for various features (AUDIT/CAM/IPC/KTR/MAC/NFS/NTP/ 2011-02-25 10:11:01 +00:00
kern_osd.c
kern_physio.c Account i/o done on cdevs. 2010-11-25 20:05:11 +00:00
kern_pmc.c Commit the support for removing cpumask_t and replacing it directly with 2011-05-05 14:39:14 +00:00
kern_poll.c
kern_priv.c Add an extra comment to the SDT probes definition. This allows us to get 2010-08-22 11:18:57 +00:00
kern_proc.c Rename ki_ocomm to ki_tdname and OCOMMLEN to TDNAMLEN. 2011-07-18 20:06:15 +00:00
kern_prot.c Notify racct when process credentials change. 2011-03-31 18:12:04 +00:00
kern_racct.c Rename resource names to match these in login.conf. 2011-07-14 19:18:17 +00:00
kern_rctl.c Rename resource names to match these in login.conf. 2011-07-14 19:18:17 +00:00
kern_resource.c - Export each thread's individual resource usage in in struct kinfo_proc's 2011-07-18 17:33:08 +00:00
kern_rmlock.c With retirement of cpumask_t and usage of cpuset_t for representing a 2011-07-04 12:04:52 +00:00
kern_rwlock.c Print the pointer to the lock with the panic message. The previous 2010-03-24 19:21:26 +00:00
kern_sdt.c Use ISO C99 integer types in sys/kern where possible. 2010-06-21 09:55:56 +00:00
kern_sema.c
kern_shutdown.c remove RESTARTABLE_PANICS option 2011-07-25 09:12:48 +00:00
kern_sig.c Fix support for RACCT_CORE by merging forgotten file. 2011-05-26 18:54:07 +00:00
kern_switch.c Update several places that iterate over CPUs to use CPU_FOREACH(). 2010-06-11 18:46:34 +00:00
kern_sx.c - Merge changes to the base system to support OFED. These include 2011-03-21 09:40:01 +00:00
kern_synch.c Simplify a stale assertion. We have not called mi_switch() from a nested 2011-05-24 13:17:08 +00:00
kern_syscalls.c Call chainevh callback when we are invoked with neither MOD_LOAD nor 2010-10-21 20:31:50 +00:00
kern_sysctl.c Define two new sysctl node flags: CTLFLAG_CAPRD and CTLFLAG_CAPRW, which 2011-07-17 23:05:24 +00:00
kern_tc.c If TSC stops ticking in C3, disable deep sleep when the user forcefully 2011-07-14 21:00:26 +00:00
kern_thr.c All the racct_*() calls need to happen with the proc locked. Fixing this 2011-07-06 20:06:44 +00:00
kern_thread.c Fix some locking nits with the p_state field of struct proc: 2011-03-24 18:40:11 +00:00
kern_time.c Create a global thread hash table to speed up thread lookup, use 2010-10-09 02:50:23 +00:00
kern_timeout.c Reintroduce the fix already discussed in r216805 (please check its history 2011-04-08 18:48:57 +00:00
kern_umtx.c Expose the umtx_key structure and API to the rest of the kernel. 2011-02-23 13:19:14 +00:00
kern_uuid.c
kern_xxx.c
ksched.c Use p4prio_to_tsprio to calculate TS priority instead of using 2011-06-07 02:50:14 +00:00
link_elf_obj.c Remove malloc(9) return value checks when M_WAITOK is used. 2011-04-16 16:20:51 +00:00
link_elf.c Even if the loaded module has no symbols, we still need to notify 2011-06-16 17:41:21 +00:00
linker_if.m
Make.tags.inc Update tags build script 2011-07-10 00:53:04 +00:00
Makefile Continue to introduce Capsicum Capability Mode support: 2011-03-01 13:28:27 +00:00
makesyscalls.sh add DTrace systrace support for linux32 and freebsd32 on amd64 syscalls 2011-03-12 08:51:43 +00:00
md4c.c
md5c.c
p1003_1b.c Set various POSIX capability sysctls to the version of the API that is 2010-11-19 17:56:16 +00:00
posix4_mib.c Define two new sysctl node flags: CTLFLAG_CAPRD and CTLFLAG_CAPRW, which 2011-07-17 23:05:24 +00:00
sched_4bsd.c With retirement of cpumask_t and usage of cpuset_t for representing a 2011-07-04 12:04:52 +00:00
sched_ule.c Remove explicit MAXCPU usage from sys/pcpu.h avoiding a namespace 2011-07-19 16:50:55 +00:00
serdev_if.m
stack_protector.c Random number generator initialization cleanup: 2009-10-20 16:36:51 +00:00
subr_acl_nfs4.c Make UFS use PSARC/2010/029 NFSv4 ACL semantics by default, bringing 2011-03-22 19:52:29 +00:00
subr_acl_posix1e.c execve(2) has a special check for file permissions: a file must have at 2010-08-30 16:30:18 +00:00
subr_autoconf.c Retire PCONFIG and leave the priority of thread0 alone when waiting for 2011-01-06 22:09:37 +00:00
subr_blist.c
subr_bufring.c Switch to our preferred 2-clause BSD license. 2010-05-05 20:39:02 +00:00
subr_bus.c Add a new bus method, BUS_ADJUST_RESOURCE() that is intended to be a 2011-04-29 21:36:45 +00:00
subr_clock.c Improve style and wording of comments and sysctl descriptions [1]. 2011-01-09 14:34:56 +00:00
subr_devstat.c Instead of using an atomic operation to determine whether the devstat(9) 2011-06-13 22:08:24 +00:00
subr_disk.c Correct bioq_disksort so that bioq_insert_tail() offers barrier semantic. 2010-09-02 19:40:28 +00:00
subr_eventhandler.c Split eventhandler_register() into an internal part and a wrapper function 2010-03-19 19:51:03 +00:00
subr_fattime.c Use ISO C99 integer types in sys/kern where possible. 2010-06-21 09:55:56 +00:00
subr_firmware.c Bump up the firmware_table from 30 to 50. bwn needs more than 30, it 2010-03-07 22:37:35 +00:00
subr_hash.c Decompose the most lousy named file in sys/kern; kern_subr.c. 2010-02-21 19:53:33 +00:00
subr_hints.c
subr_kdb.c With retirement of cpumask_t and usage of cpuset_t for representing a 2011-07-04 12:04:52 +00:00
subr_kobj.c sysctl(9) cleanup checkpoint: amd64 GENERIC builds cleanly. 2011-01-12 19:54:19 +00:00
subr_lock.c Explicitly wire the user buffer rather than doing it implicitly in 2011-01-27 00:34:12 +00:00
subr_log.c Finish r210923, 210926. Mark some devices as eternal. 2011-01-04 10:59:38 +00:00
subr_mbpool.c
subr_mchain.c Add some FEATURE macros for various features (AUDIT/CAM/IPC/KTR/MAC/NFS/NTP/ 2011-02-25 10:11:01 +00:00
subr_module.c Provide convenience function for obtaining MODINFO_ADDR and MODINFO_SIZE 2011-02-09 19:08:21 +00:00
subr_msgbuf.c MFC 2011-06-01 16:54:33 +00:00
subr_param.c Modestly increase the maximum allowed size of the kmem map on i386. 2011-03-23 16:38:29 +00:00
subr_pcpu.c Remove pc_name member of struct pcpu. 2011-07-19 14:57:59 +00:00
subr_power.c
subr_prf.c Set pca.p_bufr to NULL when we haven't allocated a buffer. 2011-06-07 05:04:37 +00:00
subr_prof.c Revert r210225 - turns out I was wrong; the "/*-" is not license-only 2010-07-18 20:57:53 +00:00
subr_rman.c Clear the device_t pointer in 'struct resource' when releasing a device 2011-06-06 13:12:56 +00:00
subr_rtc.c Add the half of time-of-day clock resolution when we adjust system time from 2010-08-12 17:17:05 +00:00
subr_sbuf.c Use memset() instead of bzero() and memcpy() instead of bcopy(), there 2011-05-17 11:04:50 +00:00
subr_scanf.c
subr_sglist.c
subr_sleepqueue.c Explicitly wire the user buffer rather than doing it implicitly in 2011-01-27 00:34:12 +00:00
subr_smp.c smp_rendezvous: master cpu should wait until all slaves are fully done 2011-07-30 20:29:39 +00:00
subr_stack.c Add some FEATURE macros for various features (AUDIT/CAM/IPC/KTR/MAC/NFS/NTP/ 2011-02-25 10:11:01 +00:00
subr_taskqueue.c Implement the delayed task execution extension to the taskqueue 2011-04-26 11:39:56 +00:00
subr_trap.c We may split today's CAPABILITIES into CAPABILITY_MODE (which has 2011-06-29 13:03:05 +00:00
subr_turnstile.c Always assert that the turnstile chain lock is held in turnstile_wait() 2011-02-04 14:16:41 +00:00
subr_uio.c Add a facility to disable processing page faults. When activated, 2011-07-09 15:21:10 +00:00
subr_unit.c Fix typos - remove duplicate "the". 2011-02-21 09:01:34 +00:00
subr_witness.c Fix typos - remove duplicate "the". 2011-02-21 09:01:34 +00:00
sys_capability.c Second-to-last commit implementing Capsicum capabilities in the FreeBSD 2011-08-11 12:30:23 +00:00
sys_generic.c Second-to-last commit implementing Capsicum capabilities in the FreeBSD 2011-08-11 12:30:23 +00:00
sys_pipe.c After the r219999 is merged to stable/8, rename fallocf(9) to falloc(9) 2011-04-01 13:28:34 +00:00
sys_process.c Add comment from CSRG rev 7.27 (1992/06/23 19:56:55; author: mckusick) 2011-06-17 21:44:13 +00:00
sys_socket.c Mfp4 CH=177274,177280,177284-177285,177297,177324-177325 2011-02-16 21:29:13 +00:00
syscalls.c Auto-generated system call code with cap_new(), cap_getrights(). 2011-07-15 18:33:12 +00:00
syscalls.master Add cap_new() and cap_getrights() system calls. 2011-07-15 18:26:19 +00:00
systrace_args.c Auto-generated system call code with cap_new(), cap_getrights(). 2011-07-15 18:33:12 +00:00
sysv_ipc.c Move SysV IPC freebsd32 compat shims helpers from freebsd32_misc.c to 2010-03-19 11:01:51 +00:00
sysv_msg.c All the racct_*() calls need to happen with the proc locked. Fixing this 2011-07-06 20:06:44 +00:00
sysv_sem.c Remove semaphore map entry count "semmap" field and its tuning 2011-07-14 14:18:14 +00:00
sysv_shm.c All the racct_*() calls need to happen with the proc locked. Fixing this 2011-07-06 20:06:44 +00:00
tty_compat.c Make TIOCSTI work again. 2010-01-04 20:59:52 +00:00
tty_info.c
tty_inq.c Fix whitespace inconsistencies in the TTY layer and its drivers owned by me. 2011-06-26 18:26:20 +00:00
tty_outq.c Fix whitespace inconsistencies in the TTY layer and its drivers owned by me. 2011-06-26 18:26:20 +00:00
tty_pts.c Fix whitespace inconsistencies in the TTY layer and its drivers owned by me. 2011-06-26 18:26:20 +00:00
tty_tty.c Finish r210923, 210926. Mark some devices as eternal. 2011-01-04 10:59:38 +00:00
tty_ttydisc.c Fix whitespace inconsistencies in the TTY layer and its drivers owned by me. 2011-06-26 18:26:20 +00:00
tty.c Second-to-last commit implementing Capsicum capabilities in the FreeBSD 2011-08-11 12:30:23 +00:00
uipc_accf.c (S)LIST_HEAD_INITIALIZER takes a (S)LIST_HEAD as an argument. 2009-12-28 22:56:30 +00:00
uipc_cow.c Add some FEATURE macros for various features (AUDIT/CAM/IPC/KTR/MAC/NFS/NTP/ 2011-02-25 10:11:01 +00:00
uipc_debug.c
uipc_domain.c
uipc_mbuf2.c Use ISO C99 integer types in sys/kern where possible. 2010-06-21 09:55:56 +00:00
uipc_mbuf.c Fix typos - remove duplicate "the". 2011-02-21 09:01:34 +00:00
uipc_mqueue.c Second-to-last commit implementing Capsicum capabilities in the FreeBSD 2011-08-11 12:30:23 +00:00
uipc_sem.c Second-to-last commit implementing Capsicum capabilities in the FreeBSD 2011-08-11 12:30:23 +00:00
uipc_shm.c Add some checks to ensure that Capsicum is behaving correctly, and add some 2011-06-30 10:56:02 +00:00
uipc_sockbuf.c Revert r194662, since it breaks ng_ksocket(4) and may break 2011-04-14 14:54:22 +00:00
uipc_socket.c In the experimental soreceive_stream(): 2011-07-08 10:50:13 +00:00
uipc_syscalls.c Second-to-last commit implementing Capsicum capabilities in the FreeBSD 2011-08-11 12:30:23 +00:00
uipc_usrreq.c Mfp4 CH=177274,177280,177284-177285,177297,177324-177325 2011-02-16 21:29:13 +00:00
vfs_acl.c Second-to-last commit implementing Capsicum capabilities in the FreeBSD 2011-08-11 12:30:23 +00:00
vfs_aio.c Second-to-last commit implementing Capsicum capabilities in the FreeBSD 2011-08-11 12:30:23 +00:00
vfs_bio.c Call pmap_qremove() before freeing or unwiring the pages, otherwise 2011-07-05 18:40:37 +00:00
vfs_cache.c Fix some more style(9) issues. 2010-11-14 16:10:15 +00:00
vfs_cluster.c The hardware has caught up; improvements are now observed even at 128, 2011-03-16 16:22:59 +00:00
vfs_default.c Add a lock flags argument to the VFS_FHTOVP() file system 2011-05-22 01:07:54 +00:00
vfs_export.c
vfs_extattr.c Second-to-last commit implementing Capsicum capabilities in the FreeBSD 2011-08-11 12:30:23 +00:00
vfs_hash.c
vfs_init.c
vfs_lookup.c Second-to-last commit implementing Capsicum capabilities in the FreeBSD 2011-08-11 12:30:23 +00:00
vfs_mount.c Revert r224655 and r224614 because vn_fullpath* does not always work 2011-08-08 14:02:08 +00:00
vfs_mountroot.c Include sys/sbuf.h directly. 2011-07-11 05:17:46 +00:00
vfs_subr.c Move the MNTK_SUJ flag in mnt_kern_flag to MNT_SUJ in mnt_flag 2011-07-24 18:27:09 +00:00
vfs_syscalls.c Second-to-last commit implementing Capsicum capabilities in the FreeBSD 2011-08-11 12:30:23 +00:00
vfs_vnops.c MFC 2011-05-13 15:20:57 +00:00
vnode_if.src MFC 2011-05-13 15:20:57 +00:00