KAUTH_REQ_NETWORK_NFS_EXPORT and KAUTH_REQ_NETWORK_NFS_SVC, and use them
to replace two KAUTH_GENERIC_ISSUSER calls in the NFS code.
Also replace two more with KAUTH_SYSTEM_MKNOD, where appropriate.
Documetnation and examples updated. More to come.
Make the FreeBSD and Linux compat code convert the parameters to their
native representation and call the native routines.
Remove KAUTH_PROCESS_SCHEDULER_GET/SET.
Update documentation and examples.
XXX: For now, only the Linux compat code does the priority conversion
XXX: right.
Linux priority conversion code from yamt@, thanks!
Okay yamt@.
- Document the signatures file format in a veriexec(5) man-page,
- Document the strict levels and a general Veriexec intro in veriexec(8)
instead of security(8).
Okay blymn@.
words, don't pass an action and a request, and just use a single action to
indicate what is the operation in question.
This is the first step in fixing PR/37986, which calls for policy/priority
checking in the secmodel code. Right now we're lacking room for another
parameter required to make a decision, and this change makes room for such.
Don't hand all the argv options to fuse_main() - it's only interested
in the ones we haven't parsed ourselves.
These changes make the initiator compile and perform discovery successfully
on FreeBSD 6.3. Full login doesn't work yet due to a KSE related bug.
contents of the generated scripts may change (as will happen with ATF 0.4),
so this dependency is important to have. Dunno how to deal with the
non-tools case other than adding an entry in UPDATING, but if you are not
using tools, you can expect all kinds of breakage.
it is deprecated, no longer required, and will be removed in a future
release of NetBSD.
Dramatically reduce the size of the session structure by removing an
IOV_MAX array of iovecs where only the first was use. Saves an 8k
bzero on each session creation.
Convert fixed-size allocations in cryptodev.c to pools.
OpenSSL:
1) Fix extremely misleading text in crypto.4 manual page so it does not
appear to claim that a new cloned file descriptor is required for every
session.
2) Fix severe performance problem (and fd leak!) in openssl cryptodev
engine resulting from misunderstanding probably caused by said manual
page text.
3) Check for session-ID wraparound in kernel cryptodev provider. Also,
start allocating sessions at 1, not 0 -- this will be necessary when
we add ioctls for the creation of multiple sessions at once, so we
can tell which if any creations failed.
elad