d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd kernel with SKQ
237,834 Commits 4 Branches 49 Tags 2 GiB
C 63.3%
C++ 23.3%
Roff 5.1%
Shell 2.9%
Makefile 1.5%
Other 3.4%
b307954481
Go to file
Jamie Gritton b307954481 In hardened systems, where the security.bsd.unprivileged_proc_debug sysctl 
node is set, allow setting security.bsd.unprivileged_proc_debug per-jail.
In part, this is needed to create jails in which the Address Sanitizer
(ASAN) fully works as ASAN utilizes libkvm to inspect the virtual address
space. Instead of having to allow unprivileged process debugging for the
entire system, allow setting it on a per-jail basis.

The sysctl node is still security.bsd.unprivileged_proc_debug and the
jail(8) param is allow.unprivileged_proc_debug. The sysctl code is now a
sysctl proc rather than a sysctl int. This allows us to determine setting
the flag for the corresponding jail (or prison0).

As part of the change, the dynamic allow.* API needed to be modified to
take into account pr_allow flags which may now be disabled in prison0.
This prevents conflicts with new pr_allow flags (like that of vmm(4)) that
are added (and removed) dynamically.

Also teach the jail creation KPI to allow differences for certain pr_allow
flags between the parent and child jail. This can happen when unprivileged
process debugging is disabled in the parent prison, but enabled in the
child.

Submitted by:	Shawn Webb <lattera at gmail.com>
Obtained from:	HardenedBSD (45b3625edba0f73b3e3890b1ec3d0d1e95fd47e1, deba0b5078cef0faae43cbdafed3035b16587afc, ab21eeb3b4c72f2500987c96ff603ccf3b6e7de8)
Relnotes:	yes
Sponsored by:	HardenedBSD and G2, Inc
Differential Revision:	https://reviews.freebsd.org/D18319
2018-11-27 17:51:50 +00:00
bin rm(1): Formalize non-functional status of -P flag 2018-11-10 20:26:55 +00:00
cddl dtrace(1): remove reference to dtruss that was removed from base 2018-10-31 15:29:26 +00:00
contrib vi: fix UTF-8 detection. 2018-11-26 15:33:55 +00:00
crypto Merge OpenSSL 1.1.1a. 2018-11-20 21:10:04 +00:00
etc Add ga_IE.UTF-8 locale. 2018-11-26 19:39:49 +00:00
gnu Do not install GNU ld if lld is /usr/bin/ld 2018-11-26 17:07:35 +00:00
include Import CK as of 21d3e319407d19dece16ee317c757ffc54a452bc, which makes its 2018-11-27 12:31:58 +00:00
kerberos5 Update the existing heimdal implementation for OpenSSL 1.1. 2018-10-05 16:35:24 +00:00
lib When deciding whether to send the complete URL or just the document part, 2018-11-27 16:23:17 +00:00
libexec rtld: parse FreeBSD Feature Control note on the object load. 2018-11-23 22:37:35 +00:00
release Fix NTP query on GCE due to unresolved hostname. 2018-11-26 17:00:39 +00:00
rescue rescue: set NO_SHARED in Makefile 2018-11-19 22:18:18 +00:00
sbin Small language fix after r340978. 2018-11-26 16:10:20 +00:00
secure Merge OpenSSL 1.1.1a. 2018-11-20 21:10:04 +00:00
share Add ga_IE.UTF-8 locale. 2018-11-26 19:39:49 +00:00
stand Restore the ability to override the disk unit/partition at the boot: prompt 2018-11-27 16:16:38 +00:00
sys In hardened systems, where the security.bsd.unprivileged_proc_debug sysctl 2018-11-27 17:51:50 +00:00
targets retire LINKER_FEATURES filter flag 2018-11-12 20:44:22 +00:00
tests Make whitespace more consistent in libkqueue tests. 2018-11-27 15:12:34 +00:00
tools Add ga_IE.UTF-8 locale. 2018-11-26 19:39:49 +00:00
usr.bin llvm-objdump.1: remove more unintentional options 2018-11-27 13:52:51 +00:00
usr.sbin In hardened systems, where the security.bsd.unprivileged_proc_debug sysctl 2018-11-27 17:51:50 +00:00
.arcconfig callsign isn't required anymore 2016-09-29 06:19:45 +00:00
.arclint arc lint: ignore /tests/ in chmod 2017-12-19 03:38:06 +00:00
.gitattributes sfxge(4): fix incorrectly set svn properties 2018-11-26 07:30:47 +00:00
.gitignore Ignore _.universe-toolchain file. 2018-07-01 13:50:37 +00:00
COPYRIGHT Remove 'All Rights Reserved' from the collection copyright and templates. 2018-05-09 02:02:49 +00:00
LOCKS LOCKS: update current locks 2018-06-09 03:08:04 +00:00
MAINTAINERS Add pointer to freebsd-numerics for libm. 2018-07-16 15:29:32 +00:00
Makefile Update comment about 'universe' disk usage 2018-11-10 19:09:48 +00:00
Makefile.inc1 Fix -DNO_CLEAN amd64 build after r340463 2018-11-18 19:55:03 +00:00
Makefile.libcompat Use ...-freebsd13.0 in -target strings. 2018-11-12 16:55:20 +00:00
Makefile.sys.inc AUTO_OBJ: For all top-level targets enforce using an OBJDIR. 2017-12-05 21:29:47 +00:00
ObsoleteFiles.inc - Add a belated UPDATING entry for the ixlv(4) -> iavf(4) rename in r339338. 2018-11-27 12:11:16 +00:00
README Import OpenSSL 1.1.1a. 2018-11-20 18:59:41 +00:00
README.md README: add generic notes about GENERIC and NOTES 2018-06-17 19:44:24 +00:00
UPDATING - Add a belated UPDATING entry for the ixlv(4) -> iavf(4) rename in r339338. 2018-11-27 12:11:16 +00:00

README.md

FreeBSD Source:

This is the top level of the FreeBSD source directory. This file was last revised on: FreeBSD

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms. A large community has continually developed it for more than thirty years. Its advanced networking, security, and storage features have made FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage devices.

For copyright information, please see the file COPYRIGHT in this directory. Additional copyright information also exists for some sources in this tree - please see the specific source directories for more information.

The Makefile in this directory supports a number of targets for building components (or all) of the FreeBSD source tree. See build(7), config(8), https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html, and https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html for more information, including setting make(1) variables.

Source Roadmap:

bin		System/user commands.

cddl		Various commands and libraries under the Common Development
		and Distribution License.

contrib		Packages contributed by 3rd parties.

crypto		Cryptography stuff (see crypto/README).

etc		Template files for /etc.

gnu		Various commands and libraries under the GNU Public License.
		Please see gnu/COPYING* for more information.

include		System include files.

kerberos5	Kerberos5 (Heimdal) package.

lib		System libraries.

libexec		System daemons.

release		Release building Makefile & associated tools.

rescue		Build system for statically linked /rescue utilities.

sbin		System commands.

secure		Cryptographic libraries and commands.

share		Shared resources.

stand		Boot loader sources.

sys		Kernel sources.

sys/<arch>/conf Kernel configuration files. GENERIC is the configuration
		used in release builds. NOTES contains documentation of
		all possible entries.

tests		Regression tests which can be run by Kyua.  See tests/README
		for additional information.

tools		Utilities for regression testing and miscellaneous tasks.

usr.bin		User commands.

usr.sbin	System administration commands.

For information on synchronizing your source tree with one or more of the FreeBSD Project's development branches, please see:

https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html