sftp code to accomplish something close to sshfs. this basically
works, but there are some issues with directory grovelers still,
e.g. so untar won't work. but it works for browsing mailboxes,
transferring large files, etcetc.
a fs hierarchy. This is currently ro, lacking features, and very
much unfinished in every other possible sense. Should investigate
if this can share code with sbin/sysctl so that everything must
not be rewritten.
allowed. It takes three int * arguments indicating domain, type, and
protocol. Replace previous KAUTH_REQ_NETWORK_SOCKET_RAWSOCK with it (but
keep it still).
Places that used to explicitly check for privileged context now don't
need it anymore, so I replaced these with XXX comment indiacting it for
future reference.
Documented and updated examples as well.
how to use libpuffs
this is not installed into the binary distribution just yet
*) you can call it either "Delectable Test File System" or
"Detrempe File System", depending on what you think will result
in more puffing
used to manage network interfaces.
Add four sub-actions to fulfill generic needs for now, until a more
carefully defined usage of the interface is documented: get, set,
getpriv, and setpriv.
credentials on sockets, at least not anytime soon, this is a way to check
if we can "look" at a socket. Later on when (and if) we do have socket
credentials, the interface usage remains the same because we pass the
socket.
This also fixes sysctl for inet/inet6 pcblist.
No setuid programs in /var -> mount -o nodev,nosuid
Adding "noexec" in various places may cause too much damage
(e.g. for running DEINSTALL scripts from /var/db/pkg, configure
scripts, etc).
Inspired by OpenBSD's afterboot(8) manpage.
* We now use hash tables instead of a list to store the in kernel
fingerprints.
* Fingerprint methods handling has been made more flexible, it is now
even simpler to add new methods.
* the loader no longer passes in magic numbers representing the
fingerprint method so veriexecctl is not longer kernel specific.
* fingerprint methods can be tailored out using options in the kernel
config file.
* more fingerprint methods added - rmd160, sha256/384/512
* veriexecctl can now report the fingerprint methods supported by the
running kernel.
* regularised the naming of some portions of veriexec.
