Commit Graph

55 Commits

Author SHA1 Message Date
elad
bc433a82fb Implement curtain in KERN_{PROC,PROC2,FILE,FILE2,PROC_ARGS}.
While I'm here, disable curtain by default.
2005-09-07 17:30:07 +00:00
elad
ec14f2d11e Introduce ``security.curtain'', new node for security features and
settings, and new variable for controlling access to objects based
on user-id.
2005-09-07 16:26:15 +00:00
rpaulo
f305bcafe3 Implement kern.hardclock_ticks. 2005-09-06 02:36:17 +00:00
simonb
fbcb9c4760 Fix a tyop in a comment. 2005-08-24 16:00:54 +00:00
blymn
01d37a82c0 Remove the tape stats from here, they caused issues on non-scsipi
architectures.
2005-08-13 10:48:27 +00:00
blymn
c0065dc0df Don't include tape stats functions if no devices configured. 2005-08-08 12:12:30 +00:00
blymn
ad6c334dcd Add tape statistics gathering functions. 2005-08-07 12:28:34 +00:00
elad
753edff337 #ifdef VERIFIED_EXEC 2005-07-29 14:49:00 +00:00
christos
1510fe1543 defopt verified_exec. 2005-07-16 22:47:18 +00:00
atatat
efb4270746 Comment in new cp_id implementation was wrong since I abandoned
rewriting it in favor of some testing and then never got back to it.
It's better now.
2005-06-17 23:53:21 +00:00
christos
dfa8191fb3 Add a new sysctl 'cp_id' that returns the array of cpu id values. Requested by
me, implemented by atatat.
2005-06-16 14:55:58 +00:00
elad
5b2713d417 Fix sysctl handling for raise-only variables. This affected the veriexec
node entirely. Reported by Nino Dehne.
2005-06-15 16:58:31 +00:00
atatat
420d91208b Properly fix the constipated lossage wrt -Wcast-qual and the sysctl
code.  I know it's not the prettiest code, but it seems to work rather
well in spite of itself.
2005-06-09 02:19:59 +00:00
jdc
e0dc2d1568 Revert previous ('_ncpus' is now 'ncpus' again).
MI variable names have precedence.
2005-06-06 19:56:46 +00:00
jdc
f13fcfe512 Rename 'ncpus' to '_ncpus', otherwise we shadow sparc/sparc64's 'ncpus'
when MULTIPROCESSOR is defined.
2005-06-05 09:04:49 +00:00
christos
efb6943313 - add const.
- remove unnecessary casts.
- add __UNCONST casts and mark them with XXXUNCONST as necessary.
2005-05-29 22:24:14 +00:00
elad
a2c658e922 Add indication for number of fingerprinted files on each device.
When a table is created for a new device, a new variable is created
under the kern.veriexec.count node named "dev_<id>". For example,
dev_0, dev_3, etc.
2005-05-22 22:34:01 +00:00
elad
5888b16eef Some changes in veriexec.
New features:

  - Add a veriexec_report() routine to make most reporting consistent and
    remove some common code.
  - Add 'strict' mode that controls how veriexec behaves.
  - Add sysctl knobs:
     o kern.veriexec.verbose controls verbosity levels. Value: 0, 1.
     o kern.veriexec.strict controls strict level. Values: 0, 1, 2. See
       documentation in sysctl(3) for details.
     o kern.veriexec.algorithms returns a string with a space separated
       list of supported hashing algorithms in veriexec.
  - Updated documentation in man pages for sysctl(3) and sysctl(8).

Bug fixes:

  - veriexec_removechk(): Code cleanup + handle FINGERPRINT_NOTEVAL
    correctly.
  - exec_script(): Don't pass 0 as flag when executing a script; use the
    defined VERIEXEC_INDIRECT - which is 1. Makes indirect execution
    enforcement work.
  - Fix some printing formats and types..
2005-05-19 20:16:19 +00:00
mrg
1ec9145306 be explicit in the description for POSIX saved set-id that this is for
POSIX-style, not sane-style.  (ie, add "POSIX " to the description.)
2005-04-18 10:46:39 +00:00
atatat
5b8a6c916d Revert the change that made kern.file2 and net.*.*.pcblist into nodes
instead of structs.  It had other deleterious side-effects that are
rather nasty.  Another solution must be found.
2005-03-11 06:16:15 +00:00
atatat
ca63da437a Change types of kern.file2 and net.*.*.pcblist to NODE 2005-03-10 05:43:25 +00:00
atatat
529b14ddf5 Add kern.file2. As kern.proc2 is to kern.proc, so is kern.file2 to
kern.file, namely a 32/64 bit clean sysctl interface to the same data.
It also borrows a few things from struct vnode (if applicable) and
from struct proc, just to tie things together a bit more.

You can walk this list "by file" or "by pid".  The former method is
similar to kern.file but omits the filehead, and the latter can give
you duplicates if multiple processes have the same struct file open,
but tells you which process it is.
2005-03-09 05:02:17 +00:00
perry
da8abec863 nuke trailing whitespace 2005-02-26 21:34:55 +00:00
yamt
0994e6acb8 introduce a function, proclist_foreach_call, to iterate all procs on
a proclist and call the specified function for each of them.
primarily to fix a procfs locking problem, but i think that it's useful for
others as well.

while i'm here, introduce PROCLIST_FOREACH macro, which is similar to
LIST_FOREACH but skips marker entries which are used by proclist_foreach_call.
2004-10-01 16:30:52 +00:00
atatat
91e4762204 The message buffer datum instrumented by KERN_MSGBUFSIZE is actually a
long, not an int, and this causes "problems" on LP64be machines
(sparc64, etc).  Assign the value to a temporary int and instrument
that instead.  Should be fine until someone wants a message buffer
larger than two gigabytes.
2004-07-27 12:46:18 +00:00
christos
19c4641ff8 (off_t)(long) is wrong when it comes to kernel addresses [because on a 32 bit
machine if the high bit is set they turn negative]. Make an intermediate cast
to unsigned long.
2004-05-26 16:28:05 +00:00
martin
efe61cce0d Fix a comment.
Approved by Andrew Brown.
2004-05-03 13:39:50 +00:00
simonb
9bc855a931 s/the the/the/ (only in sources that aren't regularly imported from
elsewhere).
2004-04-23 02:58:27 +00:00
atatat
904ca21614 Prefer that kern.hostid is printed in hex, not as a signed decimal,
and avoid accidental sign-extension when setting it.
2004-04-16 13:25:40 +00:00
atatat
3a5915c0ae Lots of sysctl descriptions (if someone wants to help out here, that
would be good) mostly copied from sysctl(3).  This takes care of the
top-level, most of kern.* and hw.* (modulo the ath and bge stuff), and
all of proc.*.

If you don't want the added rodata in your kernel, use "options
SYSCTL_NO_DESCR" in your kernel config.
2004-04-08 06:20:29 +00:00
atatat
a70c39ff35 Clear out the struct kinfo_drivers before stuffing things into it.
Avoids leaking garbage from the stack (left over from the earlier
call to sysctl_locate()).
2004-04-08 03:35:10 +00:00
atatat
19af35fd0d Tango on sysctl_createv() and flags. The flags have all been renamed,
and sysctl_createv() now uses more arguments.
2004-03-24 15:34:46 +00:00
yamt
82b343cc81 - move kern.somaxkva sysctl stuff from init_sysctl.c to uipc_socket.c.
- when changing its value, wakeup sokva waiters.
2004-03-17 10:21:59 +00:00
atatat
56392ab40b Use KERN_PROCSLOP for struct kinfo_proc and KERN_LWPSLOP for
struct kinfo_lwp, and not vice versa.

Should solve the issue with top dying because it's unable to "allocate
memory".
2004-02-21 03:27:57 +00:00
atatat
42d379d041 Use new PTRTOUINT64() macro instead of local PTRTOINT64() macro. 2004-02-19 03:57:56 +00:00
atatat
5d3b89e2f4 Avoid dereferencing l...it might be NULL 2004-01-17 03:33:24 +00:00
atatat
b1c111a62a Sysctl functions called for "generic" nodes should forward "query"
requests (where possible), rather than returning errors.
2003-12-28 22:36:37 +00:00
atatat
0f7550bbf8 Adjust error returns in kern.cp_time when a specific processor is
being requested so that (1) the uniprocessor case and the
multiprocessor case are more similar and (2) so that we return ENOENT
when a non-existent processor is requested (which is both more
sensible and follows the general order of things anyway).
2003-12-28 22:24:12 +00:00
atatat
c703d9821f Rename sysctl_kern_hostname() to sysctl_setlen() and use it also for
domainname.  Note that there's no need to copy rnode since we're not
changing any of it, nor protecting anything from change.

Thanks to martin for initial work.
2003-12-28 22:19:59 +00:00
atatat
8e0c1f1594 RCSid police 2003-12-28 22:12:00 +00:00
martin
c22fd25c47 After changing hostname, adjust hostnamelen.
This closes PR kern/23907.
2003-12-28 14:39:36 +00:00
martin
be59b63fe2 Make kern.rtc_offset writable at securelevel <= 0.
This allows boot-time adjustment when a machine runs other OSes with
RTC == localtime.
2003-12-26 23:49:39 +00:00
yamt
8b9614a490 update a comment to match with the previous change (rev.1.12). 2003-12-20 07:33:03 +00:00
yamt
4dd4230680 restore functionality to decrease kern.maxvnodes which
has been backed out during sysctl rework.
2003-12-20 07:26:27 +00:00
simonb
701a167dd3 In sysctl_kern_lwp adjust offsets into the mib entries so that
they are now correct.  Fixes problems with "ps -s" not working.
Also use KERN_LWPSLOP instead of KERN_PROCSLOP.

Both changes from Andrew Brown.
2003-12-12 23:21:44 +00:00
atatat
e3796202c5 Make kern.dump_on_panic writeable again, too 2003-12-10 14:16:12 +00:00
atatat
38f213672c Make kern.sbmax writeable again as well.
From a follow-on to PR kern/23695 by a Mr. Davis, which I missed at a
quick glance.
2003-12-09 01:52:07 +00:00
atatat
a5d6d5ebfd Make kern.logsigexit writeable again.
Fixes PR kern/23695.
2003-12-09 01:25:33 +00:00
martin
8c36f2238a Add missing break. 2003-12-07 10:33:03 +00:00
he
073a54fdfa Also make declaration of sysctl_kern_maxptys() depend on NPTY > 0.
Makes the mvme68k RAMDISK kernel compile again.
2003-12-07 10:31:32 +00:00