Commit Graph

233 Commits

Author SHA1 Message Date
pooka 67a4f392d8 use crunchops for crunchables 2010-12-13 21:48:01 +00:00
pooka f9740ada7f RUMP_ACTION -> RUMPPRG 2010-12-13 17:42:17 +00:00
pooka 08fc937c06 make sysctl(8) work as a rump client 2010-11-05 15:55:23 +00:00
mrg e00e7bd5c0 implement CTLTYPE_BOOL support. it was entirely missing. HI MATT! 2010-04-11 01:52:10 +00:00
elad 55a6f2a937 Remove stale references to the "read only at securelevel [12]" flags in
the documentation and code comments.
2009-09-30 04:30:50 +00:00
christos e048bed6b3 Don't print an error with sysctl -w name?=value if name does not exist.
Should be pulled up to 5.0
2009-04-01 15:55:27 +00:00
lukem deb4c0bbb3 fix sign-compare issues 2009-03-20 13:18:50 +00:00
pgoyette dab2b670bf Format the address/offset of hexdump in hex, not decimal.
Addresses my PR bin/41035
2009-03-18 01:28:25 +00:00
njoly e4bf6d925f Add missing free() in machdep_diskinfo(). 2009-03-05 15:35:59 +00:00
uebayasi a6533b8fed Comment out CFLAGS+=-g. 2009-02-13 16:02:05 +00:00
christos 118c87a6fe fix dev_t format. 2008-12-28 20:17:11 +00:00
reed a4bfac4a14 Reference secmodel_securelevel(9) manual page. 2008-11-11 00:09:36 +00:00
lukem 6543a91fea Remove the \n and tabs from the __COPYRIGHT() strings.
(Tweak some to use a consistent format.)
2008-07-20 01:20:21 +00:00
martin cd22f25e6f Move TNF licenses to 2 clause form 2008-05-02 18:11:04 +00:00
martin 3028e483e4 Convert to new 2 clause license 2008-04-29 06:53:00 +00:00
elad aede3e59fc PR/35304: C J Coleman: Off-by-one nul byte overwrite in mode_bits routine
of sbin/sysctl
2006-12-21 22:25:39 +00:00
christos b311ec9d52 Exit with non-zero on errors. 2006-12-18 12:50:08 +00:00
pavel edab74570a Move the description of sysctl MIBs from sysctl.3 to a new manual page
sysctl.7. Remove the list of MIBs from sysctl.8 so we don't have to
maintain duplicate information, as proposed by YAMAMOTO Takashi on
tech-userlevel. Also remove references to header files from sysctl.8.

The numeric constants remain documented, they are still needed in some
cases. See the discussion on tech-userlevel. ("mib list in sysctl.8")

OK by YAMAMOTO Takashi.
2006-12-04 08:59:13 +00:00
christos df031f1edc PR/34837: Mindaguas: Add SysV SHM dynamic reallocation and locking to the
physical memory
2006-11-25 21:40:04 +00:00
elad a84fee7faf Initial implementation of PaX Segvguard (this is still work-in-progress,
it's just to get it out of my local tree).
2006-11-22 02:02:51 +00:00
christos 9f4a7c8c31 PR/34965: Nicolas Joly: sysctl(1) small memory leak 2006-11-02 14:54:21 +00:00
christos 09012c9606 prefix name in kern.drivers 2006-11-01 22:26:36 +00:00
christos 5bc3ea6c79 support printing kern.drivers 2006-10-15 21:33:34 +00:00
elad 5c38108d28 Change the PaX mprotect(2) restrictions' "global_protection" knob to
just "global" -- it's shorter and more readable. Update documentation.
2006-09-26 14:48:40 +00:00
rpaulo 2fb2ae3251 Import of TCP ECN algorithm for congestion control.
Both available for IPv4 and IPv6.
Basic implementation test results are available at
http://netbsd-soc.sourceforge.net/projects/ecn/testresults.html.

Work sponsored by the Google Summer of Code project 2006.
Special thanks to Kentaro Kurahone, Allen Briggs and Matt Thomas for their
help, comments and support during the project.
2006-09-05 00:29:35 +00:00
liamjfoy 2e60755ac8 add net.inet.ip.maxflows. Bump date. 2006-09-04 23:40:18 +00:00
wiz 4a3dddea24 Bump date for previous. 2006-08-08 22:11:42 +00:00
kardel 64e74c80df document timecounter sysctls 2006-08-08 19:47:44 +00:00
elad f1d99e7dfa CTLFLAG_READONLY1 and CTLFLAG_READONLY2 were deprecated in earlier commit, remove them here too 2006-07-30 19:53:20 +00:00
elad 1c8d298b89 move security.setid_core.* to kern.coredump.setid.*, as requested by yamt@. 2006-07-14 21:55:19 +00:00
elad b5d09ef065 okay, since there was no way to divide this to two commits, here it goes..
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.

this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.

as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.

also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.

tons of input from yamt@, wrstuden@, martin@, and christos@.
2006-07-14 18:41:40 +00:00
liamjfoy 27f99986a6 bump date (.Dd) 2006-05-29 19:35:31 +00:00
liamjfoy 10f12d58af document Common Address Redundancy Protocol sysctls, aka CARP
ok joerg@
2006-05-29 19:11:16 +00:00
elad 04d63f90b5 Introduce PaX MPROTECT -- mprotect(2) restrictions used to strengthen
W^X mappings.

Disabled by default.

First proposed in:

	http://mail-index.netbsd.org/tech-security/2005/12/18/0000.html

More information in:

	http://pax.grsecurity.net/docs/mprotect.txt

Read relevant parts of options(4) and sysctl(3) before using!

Lots of thanks to the PaX author and Matt Thomas.
2006-05-16 00:08:24 +00:00
jnemeth 7b95c00460 Coverity CID 2784: Add more checks for value==NULL. 2006-03-30 08:02:40 +00:00
christos fbe98ede0f Coverity CID 2763: Add more checks for value==NULL. 2006-03-26 23:12:48 +00:00
christos 48ce3c5d75 Coverity CID 2764: Avoid null reference 2006-03-26 23:10:26 +00:00
christos 86bc6ef985 Coverity CID 786: Avoid NULL dereference. 2006-03-22 02:25:44 +00:00
christos 421a9c133c add the 3 opencrypto sysctls. 2006-03-06 00:51:48 +00:00
christos 238f1027f9 detect integer overflow differently. previous change broke negative sysctl
values.
2006-02-08 18:13:56 +00:00
christos 404831da9c PR/17441: John F. Woods: integer sysctl does not accept numbers > 0x7fffffff
Use unsigned int in the range comparison, and use strerror() instead of
home brewed error strings.
2006-02-05 22:42:55 +00:00
wiz e1a202b1cb Bump date for security.* 2006-02-04 18:37:58 +00:00
elad 81ed970f39 - make use of the recently added mode_bits for security.setid_core.mode;
- document setid_core variables.
2006-02-02 18:00:07 +00:00
elad 202872db03 add support for parsing file mode bits.
when printed, you'll see something like "0600 (rw-------)", like the
ls output. when reading input you can either specify octal mode (0600)
or chmod-like (u=rw).

ideas from atatat@ and kjk@; okay and lots of help from atatat@.
2006-02-02 16:23:25 +00:00
elad 48c362c085 add some more to kern. 2006-01-14 11:52:20 +00:00
elad 0fd32b39ab remove dup cnmagic. 2006-01-14 11:11:08 +00:00
elad 8ff7a54798 Sync and sort ddb, hw, kern, vm. 2006-01-14 10:33:11 +00:00
elad 3b0d736d23 oops - this should not have been commited. remove sugid_coredump line. 2006-01-13 21:10:34 +00:00
elad 6aa189f3fb grrr... another space -> tab... 2006-01-13 18:45:47 +00:00
elad 7ddc0d80bd space -> tab 2006-01-13 18:44:51 +00:00