super-user and securelevel.
The securelevel part was compiled of text from both init(8) and OpenBSD's
securelevel(7), and brought in-sync with what we really do.
when files may have hard links to a a name that only differs by case
- change install to unconditionally remove its temporary file
when installing hard links with -r. This avoids problems when
built with posix rename(2) semantics and reinstalling an existing
hard link.
- rework hard link targets in bsd.man.mk and bsd.links.mk
to use makefile constructs instead of shell constructs
- always reinstall hard links that may have case conflicts, even
when MKUPDATE=yes, this ensures that they get added to METALOG
- remove man pages which were hard linked to themselves in libform
- remove improper hard link command for existing man page in libkrb5
- fix libl's makefile to include bsd.lib.mk at end
- remove shell quoting in link target for test's [.1 man page
remove pseudo-device btdev(4) and inherent limitations
add bthub(4) which autoconfigures at bluetooth controllers as they
are enabled. bluetooth devices now attach here.
btdevctl(8) and its cache is updated to handle new semantics
etc/rc.d/btdevctl is updated to configure devices from a list
in /etc/bluetooth/btdevctl.conf
- Add a few scopes to the kernel: system, network, and machdep.
- Add a few more actions/sub-actions (requests), and start using them as
opposed to the KAUTH_GENERIC_ISSUSER place-holders.
- Introduce a basic set of listeners that implement our "traditional"
security model, called "bsd44". This is the default (and only) model we
have at the moment.
- Update all relevant documentation.
- Add some code and docs to help folks who want to actually use this stuff:
* There's a sample overlay model, sitting on-top of "bsd44", for
fast experimenting with tweaking just a subset of an existing model.
This is pretty cool because it's *really* straightforward to do stuff
you had to use ugly hacks for until now...
* And of course, documentation describing how to do the above for quick
reference, including code samples.
All of these changes were tested for regressions using a Python-based
testsuite that will be (I hope) available soon via pkgsrc. Information
about the tests, and how to write new ones, can be found on:
http://kauth.linbsd.org/kauthwiki
NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the
following:
- Uses a KAUTH_GENERIC_ISSUSER kauth(9) request,
- Checks 'securelevel' directly,
- Checks a uid/gid directly.
(or if you feel you have to, contact me first)
This is still work in progress; It's far from being done, but now it'll
be a lot easier.
Relevant mailing list threads:
http://mail-index.netbsd.org/tech-security/2006/01/25/0011.htmlhttp://mail-index.netbsd.org/tech-security/2006/03/24/0001.htmlhttp://mail-index.netbsd.org/tech-security/2006/04/18/0000.htmlhttp://mail-index.netbsd.org/tech-security/2006/05/15/0000.htmlhttp://mail-index.netbsd.org/tech-security/2006/08/01/0000.htmlhttp://mail-index.netbsd.org/tech-security/2006/08/25/0000.html
Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help
stablizing kauth(9).
Full credit for the regression tests, making sure these changes didn't break
anything, goes to Matt Fleming and Jaime Fournier.
Happy birthday Randi! :)
Both available for IPv4 and IPv6.
Basic implementation test results are available at
http://netbsd-soc.sourceforge.net/projects/ecn/testresults.html.
Work sponsored by the Google Summer of Code project 2006.
Special thanks to Kentaro Kurahone, Allen Briggs and Matt Thomas for their
help, comments and support during the project.
macros, __BIT, __BITS, SHIFTIN, SHIFTOUT, and __arraycount() from
lib/libkern/libkern.h to sys/cdefs.h. Add a __-prefix to SHIFTIN
and SHIFTOUT, and add a manual page for the bit-twiddling macros,
bits(3).
Make the __BIT and __BITS macros "widthless," as best I can, by
changing their type to uintmax_t from uint32_t. XXX The manual
page lags this change by a bit.
Define __PRIxBIT and __PRIxBITS printf(3) format strings.
Fix MOBILE encapsulation. Add many debugging printfs (mainly
concerning UDP mode). Clean up the gre(4) code a bit. Add the
capability to setup UDP tunnels to ifconfig. Update documentation.
In UDP mode, gre(4) puts a GRE header onto transmitted packets,
and hands them to a UDP socket for transmission. That is, the
encapsulation looks like this: IP+UDP+GRE+encapsulated packet.
There are two ways to set up a UDP tunnel. One way is to tell the
source and destination IP+port to gre(4), and let gre(4) create
the socket. The other way to create a UDP tunnel is for userland
to "delegate" a UDP socket to the kernel.
* added fallback mapping of 0xA989-0xA995 <-> U+E7E7-U+E7F3.
* some TTF - NSimSun(Microsoft GB18030 Support Package) and
FZSongTi(Solaris GB18030 locale) - assign Vertical form(U+FE10-U+FE19)
to UDA/PUA(0x2659-0x2673/U+E78D-U+E796), so comment about this.
* Remove extra file argument from a pipeline
* keep grops from stopping after the first manpage.
This gives working PDFs for all manpage sections again - altogether
NetBSD-current has 8192 pages after formatting, in PDF.
Provide an ioctl to set the SCO mtu value in the controller and
place limits in the SCO code such that only packets of this size
may be sent.
Move the mtu option from btsco(4) and btdevctl(8), to the
btconfig(8) program.
Remove temporary BLUETOOTH_SCO kernel option, and enable SCO
socket access.
Fix incoming connection handling for btsco(4) and SCO sockets.
Fix documentation to reflect the new world order.
While it can be made to compile, the paradigm is not quite right because
it attempts to contact the filesystem during autoconfig which sometimes
causes a panic. Even if that was fixed, there is another potential problem
in that the driver tries/sleeps/tries/sleeps and the sleep could
theoretically sleep past the rc.d/btconfig stage and the controller
would remain unconfigured.
So, I have prepared a different method for loading the firmware to
Broadcom BCM2033 chip based devices. A package 'sysutils/bcmfw' will load
the firmware files via a ugen(4) device interface.
This update removes the ubtbcmfw(4) driver and adds a table to the ubt(4)
driver so that it will not attach to Broadcom BCM2033 based devices before
the firmware was loaded.
This fixes kern/34219
Add a few more kernel configurations to synopsis.
Mention wscons and wsdisplay.
Describe the kernel options.
Add SEE ALSO section.
Mention about VESAFB_PM hanging systems.
Review by jmcneill on tech-kern list.
fileassoc.diff adds a fileassoc_table_run() routine that allows you to
pass a callback to be called with every entry on a given mount.
veriexec.diff adds some raw device access policies: if raw disk is
opened at strict level 1, all fingerprints on this disk will be
invalidated as a safety measure. level 2 will not allow opening disk
for raw writing if we monitor it, and prevent raw writes to memory.
level 3 will not allow opening any disk for raw writing.
both update all relevant documentation.
veriexec concept is okay blymn@.
for quite some time. Add it to all systems that have pcmcia SCSI.
Pointed out by Björn Johannesson <rherdware@yahoo.com> in private mail,
OK'd by matt@
Remove bthset(4) device and add btsco(4) in its place. This is an
improved version which is not just for headsets, as it can receive
incoming connections (eg for Hands Free Profile). Update bthset(1)
control utlitiy to relate to new device.
Change the way in which bluetooth devices attach to system. The
new way is for devices to attach directly to a btdevN device via
its own control file /dev/btdevN.
- bthub(4) is replaced by btdev(4).
- /dev/bthubctl is replaced by /dev/btdevN.
- configuration now uses proplib(3) property lists.
- btcontrol(8) updated to use new API, and now uses private
- XML config file /var/db/btdev.xml.
Explain that the UGEN_BULK_RA_WB option enables the USB_SET_BULK_*
ioctls.
Explain that select works in BULK mode, but not in the unbuffered
mode.
Explain more clearly that UGEN_SET_BULK_RA causes the driver to read
from the device whenever there is space in the buffer.
ahead and write behind, improving performance for the Universal
Software Radio Peripheral (USRP) used with GNU Radio.
Enable UGEN_BULK_RA_WB in GENERIC and GENERIC_LAPTOP; behavior is
unchanged unless the new ioctl is called.
This code was written by Joanne Mikkelson under funding from DARPA's
ACERT program.
ok'd by christos@, tested by Berndt Josef Wulf
for two kauth_cred_t rather than kauth_cred_t and struct proc *.
advise against using it in the man-page; it should be used only in cases
where we either don't have an object-specific op or when we can't easily
use one.
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.
this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.
as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.
also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.
tons of input from yamt@, wrstuden@, martin@, and christos@.
- note that ifconfig(8) create subcommand is required before slattach(8)
- network addresses aren't defined by slattach(8) but ifconfig(8)
- Add a BUGS section in slattach(8) to note that currently there is no way to
specify/see an interface name to be attached
- move description about link[0-2] flags from slattach(8) to sl(4)
(rather than adding a new description...)
- move description about SLIP limitations to a new BUGS section in sl(4)
- remove inappropriate MLINKS of slip.8 to slattach.8
- create MLINKS of slip.4 to sl.4 instead
- add some more xrefs
Ok'ed by christos, and closes PR kern/33672 and PR bin/33923.
- Update ctxsw(9) to reflect reality a little better
- chooselwp doesn't exist in the kernel so remove the man page.
- Remove the references to chooseproc which existed briefly.
Merge from chap-midi branch, after
~month for review
Comments by thorpej@ drochner@ and Alexandre Ratchov
Incorporated: points by thorpej@ drochner@; preliminary support for
a stats-collecting ioctl suggested by martin@ from comments by A.R.
PR kern/32441 kern/32442 kern/32567 kern/32588 kern/32694 kern/33590
kern/33614 and one instance of kern/32651
ok martin@
Big5-2003, Big5-ETen, Big5-IBM, Big-5E, Big-5+.
``Big5 is now the alias of Big5-ETen,
if you want Unicode.org's obsolete mappings, use Big5-IBM instead.
NetBSD Foundation Membership still pending.) This stack was written by
Iain under sponsorship from Itronix Inc.
The stack includes support for rfcomm networking (networking via your
bluetooth enabled cell phone), hid devices (keyboards/mice), and headsets.
Drivers for both PCMCIA and USB bluetooth controllers are included.
yamt