Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
155,820 Commits 606 Branches 0 Tags 3.1 GiB
20fd6754cf
Commit Graph

1336 Commits

Author SHA1 Message Date
ad
20fd6754cf Sync with latest changes. 2007-02-05 15:04:21 +00:00
ad
26d6ccf325 Document cv_has_waiters(). 2007-02-03 16:49:11 +00:00
ad
00b8f6d201 - Require that cv_signal/cv_broadcast be called with the interlock held. 
- Provide 'async' versions that don't need the interlock.
 2007-02-03 16:39:53 +00:00
wiz
711856f6bb Fix Dd argument. 2007-02-02 07:37:06 +00:00
wiz
a88d4440e3 Sort SEE ALSO. Fix typo. 2007-02-02 07:36:09 +00:00
wiz
401fd96995 Sort options. Fix a few typos. 2007-02-02 07:35:28 +00:00
ad
c1a5096807 Add manpage for memory barrier ops. Not enabled in the Makefile yet. 2007-02-02 03:40:07 +00:00
elad
409147ef11 Forgot to add notes about secmodel_register() and secmodel_register() in 
previous commit -- added now.
 2007-01-31 11:18:23 +00:00
elad
ac22ef0996 Update instructions on writing a new security model to include some notes 
about LKMs and private data in credentials.
 2007-01-31 11:16:46 +00:00
elad
9d00fe4640 Fix mdoc (Lt -> Gt). 2007-01-31 10:39:40 +00:00
elad
c439bcfe43 Add a new scope, the credentials scope, which is internal to the kauth(9) 
implementation and meant to be used by security models to hook credential
related operations (init, fork, copy, free -- hooked in kauth_cred_alloc(),
kauth_proc_fork(), kauth_cred_clone(), and kauth_cred_free(), respectively)
and document it.

Add specificdata to credentials, and routines to register/deregister new
"keys", as well as set/get routines. This allows security models to add
their own private data to a kauth_cred_t.

The above two, combined, allow security models to control inheritance of
their own private data in credentials which is a requirement for doing
stuff like, I dunno, capabilities?
 2007-01-31 10:08:23 +00:00
hannken
4d607243ba Change fstrans enum types to upper case. 
No functional change.

From Antti Kantee <pooka@netbsd.org>
 2007-01-29 15:42:50 +00:00
elad
c2e4f788f9 Talk about special cases for kauth_authorize_action(). 2007-01-28 00:21:04 +00:00
elad
94d493dbe2 Remove extra '.El', left in previous commit. 2007-01-27 23:14:02 +00:00
wiz
c0ed8c1e97 Make HTML-safe. 2007-01-23 20:31:33 +00:00
wiz
0f3c9bb729 Sort ERRORS. 2007-01-23 20:31:20 +00:00
hannken
facd1f65cb Add and update documentation for fstrans(9) file system suspension helper. 
wiz?
 2007-01-21 15:42:36 +00:00
elad
a78693aa19 Kill KAUTH_PROCESS_RESOURCE and just replace it with two actions for 
nice and rlimit.
 2007-01-20 16:47:38 +00:00
elad
c3ca2b03a6 Add man-page for pathname(9) routines, but don't link to build yet. 2007-01-16 13:21:14 +00:00
elad
6df6f0ea65 Introduce kauth_proc_fork() to control credential inheritance. 2007-01-15 17:45:32 +00:00
elad
8ed50e44ae veriexec_file_delete() and veriexec_table_delete() now take 'struct lwp *' 
too.
 2007-01-11 16:24:47 +00:00
elad
d2e4f7167b Remove advertising clause from all of my stuff. 2007-01-09 12:49:36 +00:00
wiz
751fa51e41 Sort SEE ALSO. 2007-01-08 07:24:35 +00:00
elad
190f747fee Add a memoryallocators(9) man-page to give a short summary of memory 
allocators available in the kernel.

Tons of input from YAMAMOTO Takashi, thanks!
 2007-01-07 15:37:51 +00:00
elad
a13160f423 Make mount(2) and unmount(2) use kauth(9) for security policy. 
Okay yamt@.
 2007-01-02 10:47:28 +00:00
elad
c6e8423fec Make kauth_deregister_scope() and kauth_unlisten_scope() free the 
passed kauth_scope_t and kauth_listener_t objects, respectively.

Okay yamt@.
 2007-01-01 23:33:03 +00:00
elad
867767da66 Add veriexe_openchk(). 2006-12-30 15:32:19 +00:00
elad
504c71d9fe Make machdep scope architecture-agnostic by removing all arch-specific 
requests and centralizing them all. The result is that some of these
are not used on some architectures, but the documentation was updated
to reflect that.
 2006-12-26 10:43:43 +00:00
elad
ff39342b33 veriexec_lookup() should not return an internal data-structure, but rather 
just a boolean value.
 2006-12-26 07:50:40 +00:00
wiz
a1b013e655 Drop trailing dot in Nd. 2006-12-23 10:01:32 +00:00
wiz
0cbf97b519 Use HTML escapes. 2006-12-23 09:45:34 +00:00
wiz
103c72a1ca Bump date for previous. 2006-12-23 09:36:56 +00:00
wiz
6dfb14d789 New sentence, new line. Fix typo. 2006-12-23 09:21:10 +00:00
wiz
f92f3068da Use HTML escapes. 2006-12-23 09:05:20 +00:00
wiz
987a2558a6 Use Dv for defined values. 2006-12-23 09:02:45 +00:00
yamt
e9e681eded remove the fileassoc "tabledata" functionality. 2006-12-23 08:36:14 +00:00
wiz
66bd97f47f Use Dv for defined values. 2006-12-23 07:43:41 +00:00
yamt
dcedbd0734 remove a BUGS section because it's solved by yamt-splraiseipl. 2006-12-23 07:30:26 +00:00
wiz
7713de669b Fix sections in Xrefs. 2006-12-23 07:17:50 +00:00
wiz
43a0a70785 Use more markup. Use .Rs/.Re for book citation. 2006-12-23 06:51:41 +00:00
wiz
d15f199eb9 Use more markup. Use .Rs/.Re for book citation. Add missing comma. 2006-12-23 06:39:35 +00:00
wiz
f5ec841753 Fix typo. 2006-12-23 06:36:33 +00:00
wiz
fa9034328d Drop trailing whitespace. 2006-12-23 06:36:19 +00:00
elad
3d11477c94 Add requests indicating access to unmanaged memory for arm, pc532, powerpc, 
sh3, sh5, and vax, and use them instead of KAUTH_GENERIC_ISSUSER.

Update documentation and example secmodel code.
 2006-12-22 11:13:21 +00:00
yamt
71683748ca fix a typo. 2006-12-21 16:09:22 +00:00
yamt
5d51c3ca27 document splraiseipl and makeiplcookie. 2006-12-21 16:01:13 +00:00
elad
2fa3937ffc Markup fix - forgot 'Fn'. 2006-12-20 12:29:09 +00:00
elad
f1a69ab3ea Some changes to get rid of another KAUTH_GENERIC_ISSUSER usage: 
- Make procfs_control() in procfs_ctl.c static,
  - Add an argument to the above, 'pfs', for the pfsnode,
  - Add another request type to KAUTH_PROCESS_CANPROCFS named
    KAUTH_REQ_PROCESS_CANPROCFS_CTL (and update documentation),
  - Use the above combination in a call to kauth_authorize_process().
 2006-12-19 09:58:34 +00:00
simonb
58e3217148 Explicitly mention that pmap_extract() should deal with KSEG-style 
kernel addresses.
 2006-12-18 00:41:21 +00:00
elad
238ad51d2d - moves 'nice' access semantics to secmodel code, 
- makes sysctl_proc_find() just lookup the process,
- use KAUTH_PROCESS_CANSEE requests to determine if the caller is
  allowed to view the target process' corename, stop flags, and
  rlimits,
- use explicit kauth(9) calls with KAUTH_PROCESS_CORENAME,
  KAUTH_REQ_PROCESS_RESOURCE_NICE, KAUTH_REQ_PROCESS_RESOURCE_RLIMIT,
  and KAUTH_PROCESS_STOPFLAG when modifying the aforementioned.
- sync man-page and example skeleton secmodel with reality.

okay yamt@

this is a pullup candidate.
 2006-12-14 11:45:08 +00:00