with privilege elevation no suid or sgid binaries are necessary any
longer. Applications can be executed completely unprivileged. Systrace
raises the privileges for a single system call depending on the
configured policy.
Idea from discussions with Perry Metzger, Dug Song and Marcus Watts.
Approved by christos and thorpej.
rename former uriopoll() to urioselect() and provide it only for OpenBSD -
FreeBSD uses nopoll() for urio too
g/c no longer needed uriopoll define for OpenBSD
XXX: Current code may have problems if kernel memory is completely depleted.
This is, unfortunately, not the only chunk of RAIDframe code to have
this problem, and will have to be dealt with. :(
Define an attribute for each crypto algorithm, and use that attribute
to select the files that implement the algorithm.
* Give the "wlan" attribute a dependency on the "arc4" attribute.
* Give the "cgd" pseudo-device the "des", "blowfish", "cast128", and
"rijndael" attributes.
* Use the new attribute-as-option-dependencies feature of config(8) to
give the IPSEC_ESP option dependencies on the "des", "blowfish", "cast128",
and "rijndael" attributes.
allowing for the following:
file foo.c foobar | bar
defflag BAR
device foobar
...to be expressed in the following (more natural) way:
define foo
file foo.c foo
defflag BAR: foo
device foobar: foo
* IPKDB_NE_PCISLOT does not need any dependencies (it is merely a
required parameter for IPKDB_NE_PCI).
* IPKDB_NE_PCI does should not have an option-dependency on IPKDB_NE_PCISLOT.
While IPKDB_NE_PCISLOT is a required parameter, that is not how option-
dependencies work, and we don't want IPKDB_NE_PCI to imply IPKDB_NE_PCISLOT,
as that would cause a bogus value for IPKDB_NE_PCISLOT to be used.
Also, the IPKDB_NE_PCI selector should be lower-case; make it so.
netinet/files.ipfilter, etinet/files.netinet, netinet6/files.netinet6,
and netinet6/files.netipsec.
XXX There are still a few stragglers in conf/files, which are entangled
with other network protocols.
"evictions" and avoide calling pmap_pte_spill if there are no evictions
for the current pmap. Make the ISI execption use the default exception
code. Remove lots of dead stuff from trap_subr.
Make olink use TAILQ instead of LIST and be sorted with evicted entries
first and resident entries last. Make use of this knowledge to make
pmap_pte_spill do a fast exit.
intterupts. No more races between the two interrupt handlers, without any
locking, and the driver becomes a bit simpler too.
Use the last bit of the config flags to select between the first and the
second sbus interrupt level the firmware has assigned to us.
wiz