d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f8f6146082
freebsd-skq/sys
History
Ed Schouten f8f6146082 Improve nested jail awareness of devfs by handling credentials. 
Now that we start to use credentials on character devices more often
(because of MPSAFE TTY), move the prison-checks that are in place in the
TTY code into devfs.

Instead of strictly comparing the prisons, use the more common
prison_check() function to compare credentials. This means that
pseudo-terminals are only visible in devfs by processes within the same
jail and parent jails.

Even though regular users in parent jails can now interact with
pseudo-terminals from child jails, this seems to be the right approach.
These processes are also capable of interacting with the jailed
processes anyway, through signals for example.

Reviewed by:	kib, rwatson (older version)
2009-06-20 14:50:32 +00:00
..
amd64 I have several machines where the following warning is printed: 2009-06-15 21:55:29 +00:00
arm Track the kernel mapping of a physical page by a new entry in vm_page 2009-06-18 20:42:37 +00:00
boot Add cas(4), a driver for Sun Cassini/Cassini+ and National Semiconductor 2009-06-15 18:22:41 +00:00
bsm Merge OpenBSM 1.1 from OpenBSM vendor branch to head. 2009-04-19 16:17:13 +00:00
cam Include <camlib.h> for cam_path_string(). 2009-06-14 12:46:34 +00:00
cddl Rename the host-related prison fields to be the same as the host.* 2009-06-13 15:39:12 +00:00
compat Rework the credential code to support larger values of NGROUPS and 2009-06-19 17:10:35 +00:00
conf Greatly simplify cxgb by removing almost all of the custom mbuf management logic 2009-06-19 23:34:32 +00:00
contrib All consumers of in_cksum.h have been properly #ifdefed already, 2009-06-10 11:19:34 +00:00
crypto Changed to M_NOWAIT when reallocing psc_buf in padlock_sha_update(), 2009-05-27 09:52:12 +00:00
ddb Place hostnames and similar information fully under the prison system. 2009-05-29 21:27:12 +00:00
dev Make puc(4) aware of this 2 port serial card based on NetMos 9835: 2009-06-20 00:04:48 +00:00
fs Improve nested jail awareness of devfs by handling credentials. 2009-06-20 14:50:32 +00:00
gdb
geom Fix tabs, slightly improve comments. 2009-06-18 11:12:11 +00:00
gnu Do not use casts (int *)0 and (struct thread *)0 for the arguments of 2009-06-16 15:13:45 +00:00
i386 Rework the credential code to support larger values of NGROUPS and 2009-06-19 17:10:35 +00:00
ia64 Drop the high FP state of an exiting thread in cpu_thread_exit() and 2009-06-20 05:36:53 +00:00
isa Rename statclock_disable variable to atrtcclock_disable that it actually is, 2009-05-03 17:47:21 +00:00
kern Improve nested jail awareness of devfs by handling credentials. 2009-06-20 14:50:32 +00:00
kgssapi When the KOBJMETHOD() macro was updated, it resulted in the 2009-06-14 17:33:46 +00:00
libkern add explanatory header license 2009-06-09 21:29:16 +00:00
mips Add a .cvsignore file and along with that put an svn:ignore proprty 2009-06-17 10:48:32 +00:00
modules Greatly simplify cxgb by removing almost all of the custom mbuf management logic 2009-06-19 23:34:32 +00:00
net add helper function for flushing software queues 2009-06-19 23:11:20 +00:00
net80211 ieee80211_dwds_mcast(): check the correct mbuf ptr after encap. 2009-06-18 21:15:41 +00:00
netatalk Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC 2009-06-05 14:55:22 +00:00
netgraph s/usb2_/usb_|usbd_/ on all function names for the USB stack. 2009-06-15 01:02:43 +00:00
netinet Rework the credential code to support larger values of NGROUPS and 2009-06-19 17:10:35 +00:00
netinet6 Add explicit includes for jail.h to the files that need them and 2009-06-17 15:01:01 +00:00
netipsec Move setting of ports from NAT-T below key_getsah() and actually 2009-06-19 21:01:55 +00:00
netipx Put the variable declarations for TCPDEBUG under #ifdef INET as well. 2009-06-10 09:28:50 +00:00
netnatm Reimplement the netisr framework in order to support parallel netisr 2009-06-01 10:41:38 +00:00
netncp
netsmb Rework socket upcalls to close some races with setup/teardown of upcalls. 2009-06-01 21:17:03 +00:00
nfs Add cpu_flush_dcache() for use after non-DMA based I/O so that a 2009-05-18 18:37:18 +00:00
nfsclient Fix some of the style errors in *getpages(). 2009-06-18 05:56:24 +00:00
nfsserver Rework the credential code to support larger values of NGROUPS and 2009-06-19 17:10:35 +00:00
nlm Since svc_[dg|vc|tli|tp]_create() did not hold a reference count on the 2009-06-17 22:50:26 +00:00
opencrypto Fix cryptodev UIO creation. 2009-05-23 13:23:46 +00:00
pc98 Remove MAC kernel config files and add "options MAC" to GENERIC, with the 2009-06-02 18:31:08 +00:00
pci When user_frac in the polling subsystem is low it is going to busy the 2009-05-30 15:14:44 +00:00
powerpc Teach cpu_est_clockrate() about the G5's slightly different PMC. This 2009-06-17 16:34:40 +00:00
rpc Rework the credential code to support larger values of NGROUPS and 2009-06-19 17:10:35 +00:00
security Adapt vfs kqfilter to the shared vnode lock used by zfs write vop. Use 2009-06-10 20:59:32 +00:00
sparc64 Add cas(4), a driver for Sun Cassini/Cassini+ and National Semiconductor 2009-06-15 18:22:41 +00:00
sun4v Adjust the padding of struct pcpu to r193219. 2009-06-03 19:31:26 +00:00
sys Improve nested jail awareness of devfs by handling credentials. 2009-06-20 14:50:32 +00:00
tools - Add a way to change filter oversampling factor through 2009-06-15 04:31:34 +00:00
ufs Rework the credential code to support larger values of NGROUPS and 2009-06-19 17:10:35 +00:00
vm Track the kernel mapping of a physical page by a new entry in vm_page 2009-06-18 20:42:37 +00:00
xdr MFdevbranch 192944 2009-05-28 08:18:12 +00:00
xen Make ipi_cpu() function as intended. 2009-05-30 08:53:13 +00:00
Makefile Remove the unmaintained University of Michigan NFSv4 client from 8.x 2009-05-22 12:35:12 +00:00