Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
137,708 Commits 606 Branches 0 Tags 3.1 GiB
ad7b01f7d0
Commit Graph

137708 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
elad
ad7b01f7d0 More veriexec changes: 
- Better organize strict level. Now we have 4 levels:
  - Level 0, learning mode: Warnings only about anything that might've
      resulted in 'access denied' or similar in a higher strict level.

  - Level 1, IDS mode:
    - Deny access on fingerprint mismatch.
    - Deny modification of veriexec tables.

  - Level 2, IPS mode:
    - All implications of strict level 1.
    - Deny write access to monitored files.
    - Prevent removal of monitored files.
    - Enforce access type - 'direct', 'indirect', or 'file'.

  - Level 3, lockdown mode:
    - All implications of strict level 2.
    - Prevent creation of new files.
    - Deny access to non-monitored files.

- Update sysctl(3) man-page with above. (date bumped too :)

- Remove FINGERPRINT_INDIRECT from possible fp_status values; it's no
  longer needed.

- Simplify veriexec_removechk() in light of new strict level policies.

- Eliminate use of 'securelevel'; veriexec now behaves according to
  its strict level only.
 2005-06-17 17:46:18 +00:00
peter
8704f18e38 Install vinum(4) manpage. 2005-06-17 17:12:57 +00:00
hira
f999ca1abd Sort options (description). 2005-06-17 14:40:47 +00:00
hira
a2ed3bbe80 - Add -h to usage. 
- Use set/getprogname(3).
 2005-06-17 14:36:16 +00:00
hira
dfa6df8e5a - Whitespace nit. 
- Wrap long line.
 2005-06-17 14:27:18 +00:00
peter
63e19c89a6 - Correct the IFQ_ENQUEUE macro. 
- Fix some internal variable names for some macros.
- A few corrections from the OpenBSD manpage.
 2005-06-17 14:10:50 +00:00
peter
f1843b15c3 - add -D to usage 
- use getprogname()
- sort options (usage, synopsis and description)
- add `Ar conf_file' to -f option (description)

From Kouichirou Hiratsuka in PR/26532.
 2005-06-17 12:02:00 +00:00
hannken
e018f80e47 Avoid shadow warnings, const and __UNVOLATILE(). 
Kernel sparc/GENERIC.MP builds again.
 2005-06-17 09:13:56 +00:00
enami
cdc60944c2 Changes done in rev. 1.21 of getcap.3 (former name of this file) is 
not correct since, as far as reading the source, it is impossible for
cgetset() to set such errno.  I guess `seq' is not a typo of `set' but
abbreviation of `sequen...'.
 2005-06-17 02:10:45 +00:00
jmc
016a928508 Shadowing and const fixes. 2005-06-16 22:45:46 +00:00
jmc
61f16670a4 Fixes for volatile problems 2005-06-16 22:43:36 +00:00
jmc
7a0ba84f10 gcc 2.96 requires all declarations before variable usage so the last set of 
changes to fix -Wunitialized broke on vax. Moved definitions of
option and op before the initializations.
 2005-06-16 22:04:24 +00:00
jmc
96839ff18e Mark an sh3 gcc unitialized variable w. XXGCC 2005-06-16 20:39:33 +00:00
bouyer
cf4b00e2e4 Remove a (wdc == NULL) test. We know wdc is not NULL at this point. 2005-06-16 20:15:04 +00:00
bouyer
69baf4357d Use pmatch() metacharacters to match both SATA and PATA versions of seagate 
drives in the quirk table.
 2005-06-16 20:03:35 +00:00
bouyer
5494975684 Add quirk for SIS 96x that masquerade as a SIS503. Based on patch sent by 
Robert Fuller in kern/30431, information found in the linux kernel.
While here, add SIS 965 to the table (from FreeBSD).
 2005-06-16 19:30:02 +00:00
jmc
e72c744fe2 If the line being passed to the shell is a blank line and we're not in compat 
mode, use the ignErr template for the command as shell doesn't like an empty
construct of the form { } || <something>. Fixes build breakage on cats
distrib where a command ends up expanding to nothing.
 2005-06-16 18:07:45 +00:00
jmc
971a01a036 Rename a shadowed variable 2005-06-16 17:04:53 +00:00
elad
a3c81f769c Since NetBSD operates in securelevel -1 by default, don't rely on the 
securelevel alone when checking if the veriexec tables can be modified;
also check if the strict level is above 0.
 2005-06-16 15:45:48 +00:00
elad
27cb371b94 Don't allow unprivileged users to open the veriexec device. 
While I'm here, explicit 'int' for 'veriexec_device_usage'.
 2005-06-16 15:41:36 +00:00
elad
68988657cd Don't allow unprivileged users to access the veriexec device. 2005-06-16 15:31:21 +00:00
christos
fa2b48914c Instead of printing the raw cpu_id, print the logical cpu number. The raw 
cpuid values may not be contiguous, or come in ascending order, so this
makes the cpu value of each process display match the summary display on
top.
 2005-06-16 14:58:51 +00:00
christos
29a6465002 Add code to handle cp_id. From atatat. 2005-06-16 14:56:36 +00:00
christos
dfa8191fb3 Add a new sysctl 'cp_id' that returns the array of cpu id values. Requested by 
me, implemented by atatat.
 2005-06-16 14:55:58 +00:00
rpaulo
a94394c1d9 Back it out while I'm working on a real fix without introducing new bugs. 2005-06-16 14:54:10 +00:00
yamt
91fa31b5d2 uipc_usrreq: plug mbuf leak. 2005-06-16 14:36:42 +00:00
tsutsui
8e9e66997f Rename iha_pci_probe() -> iha_pci_match() because we don't have to 
probe PCI devices.
 2005-06-16 14:32:09 +00:00
christos
47429afbb8 Return the beginning of the string, not the end. 2005-06-16 12:55:25 +00:00
bouyer
15ce68ccd1 Allow compiling a domain0 kernel with vga but without pckbc, and add 
console support for USB keyboard. Problem pointed out by Karl Janmar on
port-xen.
 2005-06-16 10:58:52 +00:00
martti
ec63076a4b Added LBA48 quirk for Seagate ST3200822AS. Tested by Teemu Rinta-aho. 2005-06-16 05:47:17 +00:00
he
970b620d42 Adapt to changed signature of cpu_coredump32(). 2005-06-16 05:38:43 +00:00
briggs
7f01fdeb84 Rename 'ncpus' to 'sparc_ncpus' to avoid shadow warnings in m.i. code. 
Also sprinkle an __UNVOLATILE() for sparc.
n.b. sparc64 'cpus' should probably be renamed to 'cpu_info_list' to
     match i386 et al.
 2005-06-16 04:17:49 +00:00
seb
bc1b24046b Add missing entries in cache information array for, at least, 
Pentium M 770, 760, 750, 740 and 730.

Approved by mrg@
 2005-06-16 00:04:25 +00:00
rpaulo
9eb6f66b9a We now support comments until the end of a non-escaped line. 
Ok'ed by hubertf.
 2005-06-15 22:39:27 +00:00
rpaulo
d0727c5f5b Add a unit-test for comments. 
Addition to PR bin/17732.
Approved by sjg and christos.
 2005-06-15 22:32:22 +00:00
rpaulo
72c3c708ca PR bin/17732: Allow make to understand escaped comments. 
Approved by sjg, christos and hubertf.
 2005-06-15 22:26:54 +00:00
bouyer
6b930c6d27 Add support for x86 boot flags: 
-s boot single user
-a ask root device
XXX -d is ifdef'd out for now, it cause early panic (no console message).
 2005-06-15 22:08:08 +00:00
dsl
37bbe98710 Remove the never changed 'bootxx' variable 2005-06-15 20:49:41 +00:00
dsl
efb521dba8 Rip out the references to the installation of more than one bootstrap file. 
Only arm32 needs the -B stuff at all, all other ports use installboot(8).
 2005-06-15 20:31:47 +00:00
dsl
f74e227614 Remove all the code that was under 'NUMBOOT > 1' nothing has set that for 
a long time.
 2005-06-15 20:19:03 +00:00
christos
e0db7c68ff WARNS=4, misc cleanups. 
- void casts
- remove unused notreached
- use a loop instead of code duplication
- use switches and #define constants
 2005-06-15 20:03:03 +00:00
junyoung
ef7e076715 Cosmetic changes. 2005-06-15 19:07:36 +00:00
peter
d191390e9e fix the date, use .An for names, correct the name (scanffs -> scan_ffs), 
.Ox/.Nx for OpenBSD/NetBSD, mention appearance in NetBSD.
 2005-06-15 19:02:54 +00:00
junyoung
d659374d57 ANSI, KNF, de-__P, and various cosmetic changes. 2005-06-15 19:01:19 +00:00
elad
faffb35d60 Run veriexec before securelevel and sysctl scripts. Suggested by Nino Dehne. 2005-06-15 18:49:40 +00:00
kleink
4a74bb7497 Use EXIT_{SUCCESS,FAILURE}. 2005-06-15 18:42:23 +00:00
kleink
32f2d508d6 No need to define SRCS here. 2005-06-15 18:39:46 +00:00
xtraeme
6d1bcdaeab Note addition of scan_ffs(8) from OpenBSD, utility to find FFSv1/FFSv2 
partitions on disks.
 2005-06-15 18:08:41 +00:00
xtraeme
b67b8509c2 Add scan_ffs(8) from OpenBSD, it was modified to support FFSv2 
for NetBSD (with different blocksizes). Utility to find
FFSv1 and FFSv2 partitions on disks, useful to recover lost
disklabels.

Reviewed by christos.
 2005-06-15 18:06:19 +00:00
bouyer
ec4bb683de Support Intel 82801FBM Serial ATA Controller. From Kurt Schreiner on tech-kern. 2005-06-15 18:01:12 +00:00