ƒ´&101000 179 173 588 307 475 639 538 709 649 584 219 158 115 115 700 135 600 139 120 147 231 215 170 224 118 180 97 151 145 139 203 144 97 419 125 271 169 292 187 205 371 251 154 208 149 127 159 158 189 117 141 141 169 200 230 163 158 115 276 148 150 330 186 149 169 158 156 161 142 174 790 105 248 140 985 591 449 177 360 122 558 150 483 170 634 125 199 523 115 418 115 382 392 125 115 113 753 566 165 149 2878 594 614 114 658 139 670 885 433 404 152 122 146 183 227 156 190 448 241 134 141 545 285 382 358 524 278 382 385 208 255 658 233 407 131 433 373 548 374 144 303 270 509 171 150 146 226 135 162 165 191 190 190 128 474 261 179 235 344 516 122 1288 109 245 172 599 126 763 126 231 342 435 235 893 227 229 197 502 110 282 K 10 svn:author V 6 semenu K 8 svn:date V 27 2002-07-31T00:32:28.000000Z K 7 svn:log V 78 MFC: rev 1.53: Fix null_lock() not unlocking vp->v_interlock if LK_THISLAYER. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T00:39:19.000000Z K 7 svn:log V 491 Introduce support for Mandatory Access Control and extensible kernel access control. Invoke the necessary MAC entry points to maintain labels on process credentials. In particular, invoke entry points for the initialization and destruction of struct ucred, the copying of struct ucred, and permit the initial labels to be set for both process 0 (parent of all kernel processes) and process 1 (parent of all user processes). Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 6 semenu K 8 svn:date V 27 2002-07-31T00:42:57.000000Z K 7 svn:log V 211 Fix a problem with sendfile() syscall by always doing I/O via bread() in ntfs_read(). This guarantee that requested cache pages will be valid if UIO_NOCOPY specifed. PR: bin/34072, bin/36189 MFC after: 1 week END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T00:48:24.000000Z K 7 svn:log V 378 Introduce support for Mandatory Access Control and extensible kernel access control. Implement inter-process access control entry points for the MAC framework. This permits policy modules to augment the decision making process for process and socket visibility, process debugging, re-scheduling, and signaling. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T01:11:29.000000Z K 7 svn:log V 542 Introduce support for Mandatory Access Control and extensible kernel access control. Invoke the necessary MAC entry points to maintain labels on mount structures. In particular, invoke entry points for intialization and destruction in various scenarios (root, non-root). Also introduce an entry point in the boot procedure following the mount of the root file system, but prior to the start of the userland init process to permit policies to perform further initialization. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T01:27:33.000000Z K 7 svn:log V 441 Introduce support for Mandatory Access Control and extensible kernel access control. Implement MAC framework access control entry points relating to operations on mountpoints. Currently, this consists only of access control on mountpoint listing using the various statfs() variations. In the future, it might also be desirable to implement checks on mount() and unmount(). Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T01:42:19.000000Z K 7 svn:log V 612 Introduce support for Mandatory Access Control and extensible kernel access control. Invoke the necessary MAC entry points to maintain labels on header mbufs. In particular, invoke entry points during the two mbuf header allocation cases, and the mbuf freeing case. Pass the "how" argument at allocation time to the MAC framework so that it can determine if it is permitted to block (as with policy modules), and permit the initialization entry point to fail if it needs to allocate memory but is not permitted to, failing the mbuf allocation. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T01:51:34.000000Z K 7 svn:log V 552 Introduce support for Mandatory Access Control and extensible kernel access control. Invoke additional MAC entry points when an mbuf packet header is copied to another mbuf: release the old label if any, reinitialize the new header, and ask the MAC framework to copy the header label data. Note that this requires a potential allocation operation, but m_copy_pkthdr() is not permitted to fail, so we must block. Since we now use interrupt threads, this is possible, but not desirable. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T02:03:46.000000Z K 7 svn:log V 487 Introduce support for Mandatory Access Control and extensible kernel access control. Invoke the necessary MAC entry points to maintain labels on vnodes. In particular, initialize the label when the vnode is allocated or reused, and destroy the label when the vnode is going to be released, or reused. Wow, an object where there really is exactly one place where it's allocated, and one other where it's freed. Amazing. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T02:05:12.000000Z K 7 svn:log V 122 Note that the privilege indicating flag to vaccess() originally used by the process accounting system is now deprecated. END K 10 svn:author V 4 bmah K 8 svn:date V 27 2002-07-31T02:48:20.000000Z K 7 svn:log V 65 Updated release notes: ACPI CA 20020725, OpenSSL 0.9.6e (+MFC). END K 10 svn:author V 4 bmah K 8 svn:date V 27 2002-07-31T02:50:14.000000Z K 7 svn:log V 22 MFC: OpenSSL-0.9.6e. END K 10 svn:author V 6 nectar K 8 svn:date V 27 2002-07-31T02:55:11.000000Z K 7 svn:log V 20 MFC: OpenSSL 0.9.6e END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T03:03:22.000000Z K 7 svn:log V 603 Introduce support for Mandatory Access Control and extensible kernel access control. Invoke the necessary MAC entry points to maintain labels on sockets. In particular, invoke entry points during socket allocation and destruction, as well as creation by a process or during an accept-scenario (sonewconn). For UNIX domain sockets, also assign a peer label. As the socket code isn't locked down yet, locking interactions are not yet clear. Various protocol stack socket operations (such as peer label assignment for IPv4) will follow. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 4 bmah K 8 svn:date V 27 2002-07-31T03:25:25.000000Z K 7 svn:log V 42 Fix markup nits and a (not related) typo. END K 10 svn:author V 3 jhb K 8 svn:date V 27 2002-07-31T03:56:03.000000Z K 7 svn:log V 507 - Define NO_CPU_CFLAGS during BMAKE and TMAKE (and thus XMAKE) so that bsd.cpu.mk doesn't have to worry about compilers other than the current version. - Allow TARGET_CPUTYPE to override CPUTYPE in bsd.cpu.mk. - Treat an empty CPUTYPE the same as an undefined CPUTYPE. - For buildworld, buildkernel, etc., define TARGET_CPUTYPE to CPUTYPE for native builds and define it to be empty for cross-builds. TARGET_CPUTYPE is only defined if it is not already defined via the commandline or environment. END K 10 svn:author V 4 bmah K 8 svn:date V 27 2002-07-31T04:01:12.000000Z K 7 svn:log V 46 New release notes: uaudio, uvisor, gpt, mca. END K 10 svn:author V 5 chris K 8 svn:date V 27 2002-07-31T06:40:34.000000Z K 7 svn:log V 26 Grammar (`was' -> `were') END K 10 svn:author V 3 phk K 8 svn:date V 27 2002-07-31T07:01:18.000000Z K 7 svn:log V 55 I forgot this bit of uglyness in the fsck_ffs cleanup. END K 10 svn:author V 3 alc K 8 svn:date V 27 2002-07-31T07:27:08.000000Z K 7 svn:log V 138 o Lock page accesses by vm_page_io_start() with the page queues lock. o Assert that the page queues lock is held in vm_page_io_start(). END K 10 svn:author V 5 maxim K 8 svn:date V 27 2002-07-31T07:44:14.000000Z K 7 svn:log V 120 MFC rev. 1.102: move 'byte_count' calculation just before 'recvurg' check. It is a global variable and used in myoob(). END K 10 svn:author V 3 joe K 8 svn:date V 27 2002-07-31T08:51:32.000000Z K 7 svn:log V 78 Add the Primax (Visioneer) 6200 scanner. Obtained from: OpenBSD (via NetBSD) END K 10 svn:author V 3 joe K 8 svn:date V 27 2002-07-31T09:05:52.000000Z K 7 svn:log V 131 Enable the HP 2200C and Visioneer Scanport 3000 scanners, and remove some trailing spaces whilst I'm here. Obtained from: NetBSD. END K 10 svn:author V 3 joe K 8 svn:date V 27 2002-07-31T09:07:56.000000Z K 7 svn:log V 26 Add the HP ScanJet 2200C. END K 10 svn:author V 3 imp K 8 svn:date V 27 2002-07-31T09:08:34.000000Z K 7 svn:log V 88 MFC: phk's crc32 stuff + one typo fix. Stuff depending on this will be merged shortly. END K 10 svn:author V 3 joe K 8 svn:date V 27 2002-07-31T09:09:50.000000Z K 7 svn:log V 6 Regen END K 10 svn:author V 3 joe K 8 svn:date V 27 2002-07-31T09:24:41.000000Z K 7 svn:log V 59 Remove trailing white spaces Obtained from: NetBSD (1.16) END K 10 svn:author V 8 schweikh K 8 svn:date V 27 2002-07-31T09:32:22.000000Z K 7 svn:log V 48 Correct a few grammar bogons. MFC after: 3 days END K 10 svn:author V 8 blackend K 8 svn:date V 27 2002-07-31T10:05:00.000000Z K 7 svn:log V 42 Correct URL to the FAQ MFC after: 1 week END K 10 svn:author V 3 joe K 8 svn:date V 27 2002-07-31T10:05:26.000000Z K 7 svn:log V 110 MFNetBSD: uvisor.c (1.14, 1.15) Add support for Palm (M500, M505, M125) and Sony devices (Clie 4.0 and 4.1). END K 10 svn:author V 8 blackend K 8 svn:date V 27 2002-07-31T10:05:37.000000Z K 7 svn:log V 47 Correct URL to the Handbook MFC after: 1 week END K 10 svn:author V 3 joe K 8 svn:date V 27 2002-07-31T10:05:58.000000Z K 7 svn:log V 6 Regen END K 10 svn:author V 3 ume K 8 svn:date V 27 2002-07-31T10:11:09.000000Z K 7 svn:log V 326 MFC 1.12: - ntohs() returns unsigned value. - use strlcpy. - snprintf can return negative value, so cope with it. - tweak interface index on interface locals (ff01::/16). - removed unused macros. - removed a macro that uses only once (in a trivial context). - explicitly say goodbye to ENI_xxx. - constify struct afd. END K 10 svn:author V 3 joe K 8 svn:date V 27 2002-07-31T10:52:46.000000Z K 7 svn:log V 33 It should be "ucom", not "usio". END K 10 svn:author V 3 yar K 8 svn:date V 27 2002-07-31T10:55:31.000000Z K 7 svn:log V 178 Deny the SIZE command on large files when in ASCII mode. This eliminates an opportunity for DoS attack. Pointed out by: maxim Inspired by: lukemftpd, OpenBSD MFC after: 2 weeks END K 10 svn:author V 3 yar K 8 svn:date V 27 2002-07-31T11:04:42.000000Z K 7 svn:log V 77 MFC rev. 1.115: Clean up the syslog(3) messages on the setsockopt(2) errors. END K 10 svn:author V 3 sos K 8 svn:date V 27 2002-07-31T11:19:26.000000Z K 7 svn:log V 199 MFC: Dont rely on the upper layers handling iosize_max correctly, instead rely on ATAPI devices ability to do the work instead. This should fix the READ_BIG and related errors. Requested by: RE@ END K 10 svn:author V 3 mux K 8 svn:date V 27 2002-07-31T12:01:14.000000Z K 7 svn:log V 95 Fix a bunch of format string warnings which broke the sparc64 build. Tested on: sparc64, i386 END K 10 svn:author V 3 des K 8 svn:date V 27 2002-07-31T12:16:51.000000Z K 7 svn:log V 112 Add struct xfile, which will be used instead of struct file for sysctl purposes. Sponsored by: DARPA, NAI Labs END K 10 svn:author V 3 des K 8 svn:date V 27 2002-07-31T12:19:49.000000Z K 7 svn:log V 278 Introduce struct xvnode, which will be used instead of struct vnode for sysctl purposes. Also add two fields to struct vnode, v_cachedfs and v_cachedid, which hold the vnode's device and file id and are filled in by vn_open_cred() and vn_stat(). Sponsored by: DARPA, NAI Labs END K 10 svn:author V 3 des K 8 svn:date V 27 2002-07-31T12:24:35.000000Z K 7 svn:log V 158 Initialize v_cachedid to -1 in getnewvnode(). Reintroduce the kern.vnode sysctl and make it export xvnodes rather than vnodes. Sponsored by: DARPA, NAI Labs END K 10 svn:author V 3 des K 8 svn:date V 27 2002-07-31T12:25:28.000000Z K 7 svn:log V 62 Nit in previous commit: the correct sysctl type is "S,xvnode" END K 10 svn:author V 3 des K 8 svn:date V 27 2002-07-31T12:26:52.000000Z K 7 svn:log V 115 Have the kern.file sysctl export xfiles rather than files. The truth is out there! Sponsored by: DARPA, NAI Labs END K 10 svn:author V 3 des K 8 svn:date V 27 2002-07-31T12:32:03.000000Z K 7 svn:log V 57 Rewrite sockstat(1) in C. Sponsored by: DARPA, NAI Labs END K 10 svn:author V 3 des K 8 svn:date V 27 2002-07-31T12:43:17.000000Z K 7 svn:log V 35 Use struct xfile, not struct file. END K 10 svn:author V 7 darrenr K 8 svn:date V 27 2002-07-31T12:50:28.000000Z K 7 svn:log V 63 Patch to fix bounds checking/overflow. Obtained from: OpenBSD END K 10 svn:author V 7 darrenr K 8 svn:date V 27 2002-07-31T12:52:05.000000Z K 7 svn:log V 62 Patch to fix bounds checking/overflow Obtained From: OpenBSD END K 10 svn:author V 7 darrenr K 8 svn:date V 27 2002-07-31T12:58:35.000000Z K 7 svn:log V 93 Patch to fix bounds checking/overflow. Approved by: Security Officer Obtained from: OpenBSD END K 10 svn:author V 6 nectar K 8 svn:date V 27 2002-07-31T13:04:17.000000Z K 7 svn:log V 22 Note XDR decoder fix. END K 10 svn:author V 6 nectar K 8 svn:date V 27 2002-07-31T13:05:53.000000Z K 7 svn:log V 46 Correct awkward wording in recent pppd entry. END K 10 svn:author V 6 nectar K 8 svn:date V 27 2002-07-31T13:17:38.000000Z K 7 svn:log V 46 Correct awkward wording in recent pppd entry. END K 10 svn:author V 6 nectar K 8 svn:date V 27 2002-07-31T13:19:08.000000Z K 7 svn:log V 74 MFC lib/libc/xdr/xdr_array.c 1.11: Patch to fix bounds checking/overflow. END K 10 svn:author V 6 nectar K 8 svn:date V 27 2002-07-31T13:21:13.000000Z K 7 svn:log V 104 Remove `By this count' line ... it provides no additional information and I always forget to update it. END K 10 svn:author V 3 joe K 8 svn:date V 27 2002-07-31T13:33:55.000000Z K 7 svn:log V 137 Get bored with hard coded debug level variables and introduce a debug.usb sysctl tree for tweaking them real-time. Reviewed by: iedowse END K 10 svn:author V 3 phk K 8 svn:date V 27 2002-07-31T13:45:44.000000Z K 7 svn:log V 71 The Elan SC520 MMCR is actually 16bit wide, so u_char is inconvenient. END K 10 svn:author V 3 joe K 8 svn:date V 27 2002-07-31T13:58:15.000000Z K 7 svn:log V 66 Add a sysctl (debug.usb.uhub) for tweaking the uhub debug levels. END K 10 svn:author V 6 nectar K 8 svn:date V 27 2002-07-31T14:05:34.000000Z K 7 svn:log V 20 MFC: OpenSSL 0.9.6e END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T14:13:05.000000Z K 7 svn:log V 179 Fix -STABLE kernel build due to possibly missed file in MFC. Reported by: Jan Schlesner , brad@brad-x.com (et al) Hopefully not objected to by: imp END K 10 svn:author V 3 joe K 8 svn:date V 27 2002-07-31T14:20:07.000000Z K 7 svn:log V 56 Wake up Joe! It would help if I included sys/sysctl.h. END K 10 svn:author V 3 joe K 8 svn:date V 27 2002-07-31T14:27:40.000000Z K 7 svn:log V 58 Make this compile with the debugging options switched on. END K 10 svn:author V 3 joe K 8 svn:date V 27 2002-07-31T14:34:36.000000Z K 7 svn:log V 237 Replace the FOO_DEBUG definitions with USB_DEBUG, and switch the debugging levels to off by default. Now that debug levels can be tweaked by sysctl we don't need to go through hoops to get the different usb parts to produce debug data. END K 10 svn:author V 6 nectar K 8 svn:date V 27 2002-07-31T14:40:32.000000Z K 7 svn:log V 91 Add missing header for UINT_MAX introduced in previous commit. Noticed by: bsd END K 10 svn:author V 7 darrenr K 8 svn:date V 27 2002-07-31T14:47:02.000000Z K 7 svn:log V 53 some dolt forgot to add in an include for END K 10 svn:author V 6 nectar K 8 svn:date V 27 2002-07-31T14:50:18.000000Z K 7 svn:log V 74 Add missing header for UINT_MAX introduced in previous commit. END K 10 svn:author V 4 jake K 8 svn:date V 27 2002-07-31T14:59:05.000000Z K 7 svn:log V 65 Moved the rule for locore.o from kern.post.mk to Makefile.$ARCH. END K 10 svn:author V 3 ume K 8 svn:date V 27 2002-07-31T15:06:09.000000Z K 7 svn:log V 64 include file of SASLv1 was changed to /usr/local/include/sasl1. END K 10 svn:author V 3 ume K 8 svn:date V 27 2002-07-31T15:08:10.000000Z K 7 svn:log V 69 MFC: include file of SASLv1 was changed to /usr/local/include/sasl1. END K 10 svn:author V 6 nectar K 8 svn:date V 27 2002-07-31T15:11:59.000000Z K 7 svn:log V 47 Sort headers to reduce diffs between branches. END K 10 svn:author V 3 imp K 8 svn:date V 27 2002-07-31T15:17:42.000000Z K 7 svn:log V 82 effectivelt back out my last change. There's a conflict I need to resolve first. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T15:45:16.000000Z K 7 svn:log V 693 Introduce support for Mandatory Access Control and extensible kernel access control. Instrument devfs to support per-dirent MAC labels. In particular, invoke MAC framework when devfs directory entries are instantiated due to make_dev() and related calls, and invoke the MAC framework when vnodes are instantiated from these directory entries. Implement vop_setlabel() for devfs, which pushes the label update into the devfs directory entry for semi-persistant store. This permits the MAC framework to assign labels to devices and directories as they are instantiated, and export access control information via devfs vnodes. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 4 jake K 8 svn:date V 27 2002-07-31T15:52:04.000000Z K 7 svn:log V 12 *.s -> *.S. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T15:54:03.000000Z K 7 svn:log V 151 Add pathconf/fpathconf entries from POSIX.1e indicating support for ACLs, Capabilities, Information Labels, and MAC Labels on the queried file system. END K 10 svn:author V 4 jake K 8 svn:date V 27 2002-07-31T15:56:15.000000Z K 7 svn:log V 47 These were repo-copied to have a .S extension. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T16:05:30.000000Z K 7 svn:log V 888 Introduce support for Mandatory Access Control and extensible kernel access control. Instrument UFS to support per-inode MAC labels. In particular, invoke MAC framework entry points for generically supporting the backing of MAC labels into extended attributes. This ends up introducing new vnode operation vector entries point at the MAC framework entry points, as well as some explicit entry point invocations for file and directory creation events so that the MAC framework can push labels to disk before the directory names become persistent (this will work better once EAs in UFS2 are hooked into soft updates). The generic EA MAC entry points support executing with the file system in either single label or multilabel operation, and will fall back to the mount label if multilabel is not specified at mount-time. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T16:09:38.000000Z K 7 svn:log V 494 Introduce support for Mandatory Access Control and extensible kernel access control. Instrument BPF so that MAC labels are properly maintained on BPF descriptors. MAC framework entry points are invoked at BPF instantiation and allocation, permitting the MAC framework to derive the BPF descriptor label from the credential authorizing the device open. Also enter the MAC framework to label mbufs created using the BPF device. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T16:11:32.000000Z K 7 svn:log V 352 Introduce support for Mandatory Access Control and extensible kernel access control. Invoke a MAC framework entry point to authorize reception of an incoming mbuf by the BPF descriptor, permitting MAC policies to limit the visibility of packets delivered to particular BPF descriptors. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 8 pdeuskar K 8 svn:date V 27 2002-07-31T16:11:43.000000Z K 7 svn:log V 80 MFC: Add support for 82546 based adapters. Fix markup issues with the man page. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T16:13:13.000000Z K 7 svn:log V 263 Introduce support for Mandatory Access Control and extensible kernel access control. When decompressing data from one mbuf into another mbuf, preserve the mbuf label by copying it to the new mbuf. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 4 bmah K 8 svn:date V 27 2002-07-31T16:13:59.000000Z K 7 svn:log V 29 New release note: SA-02:32. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T16:16:03.000000Z K 7 svn:log V 461 Introduce support for Mandatory Access Control and extensible kernel access control. Instrument the interface management code so that MAC labels are properly maintained on network interfaces (struct ifnet). In particular, invoke entry points when interfaces are created and removed. MAC policies may initialized the label interface based on a variety of factors, including the interface name. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 4 bmah K 8 svn:date V 27 2002-07-31T16:19:25.000000Z K 7 svn:log V 57 New release note: ata(4) READ_BIG fix. MFC: SA-02:32. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T16:22:02.000000Z K 7 svn:log V 386 Introduce support for Mandatory Access Control and extensible kernel access control. Label mbufs received via ethernet-based interfaces by invoking appropriate MAC framework entry points. Perform access control checks on out-going mbufs delivered via ethernet-based interfaces by invoking appropriate MAC entry points. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 4 jake K 8 svn:date V 27 2002-07-31T16:23:27.000000Z K 7 svn:log V 77 These file are no longer used (moved to userland and/or merged into pmap.c). END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T16:23:42.000000Z K 7 svn:log V 537 Introduce support for Mandatory Access Control and extensible kernel access control. Label mbufs received via kernel tunnel device interfaces by invoking appropriate MAC framework entry points. Perform access control checks on out-going mbufs delivered via tunnel interfaces by invoking appropriate MAC entry points: NOTE: Currently the label for a tunnel interface is not derived from the label of the process that opened the tunnel interface. It probably should be. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 4 bmah K 8 svn:date V 27 2002-07-31T16:27:21.000000Z K 7 svn:log V 32 MFS: SA-02:32, OpenSSL 0.9.6e. END K 10 svn:author V 3 ume K 8 svn:date V 27 2002-07-31T16:39:19.000000Z K 7 svn:log V 106 FreeBSD has setkey in different location from NetBSD. Submitted by: Mike Makonnen END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T16:39:49.000000Z K 7 svn:log V 426 Introduce support for Mandatory Access Control and extensible kernel access control. Instrument connect(), listen(), and bind() system calls to invoke MAC framework entry points to permit policies to authorize these requests. This can be useful for policies that want to limit the activity of processes involving particular types of IPC and network activity. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 6 nectar K 8 svn:date V 27 2002-07-31T16:41:27.000000Z K 7 svn:log V 20 MFC: OpenSSL 0.9.6e END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T16:42:47.000000Z K 7 svn:log V 321 Introduce support for Mandatory Access Control and extensible kernel access control. Invoke the MAC framework to label mbuf created using divert sockets. These labels may later be used for access control on delivery to another socket, or to an interface. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI LAbs END K 10 svn:author V 5 markm K 8 svn:date V 27 2002-07-31T16:44:01.000000Z K 7 svn:log V 21 sort(1) and uniq(1). END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T16:45:16.000000Z K 7 svn:log V 285 Introduce support for Mandatory Access Control and extensible kernel access control. When generating an ARP query, invoke a MAC entry point to permit the MAC framework to label its mbuf appropriately for the interface. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T16:46:56.000000Z K 7 svn:log V 295 Introduce support for Mandatory Access Control and extensible kernel access control. When generating an IGMP message, invoke a MAC entry point to permit the MAC framework to label its mbuf appropriately for the target interface. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 5 markm K 8 svn:date V 27 2002-07-31T16:50:21.000000Z K 7 svn:log V 31 Give lint a small bit of help. END K 10 svn:author V 5 markm K 8 svn:date V 27 2002-07-31T16:52:16.000000Z K 7 svn:log V 21 Fix some easy WARNS. END K 10 svn:author V 5 markm K 8 svn:date V 27 2002-07-31T16:53:59.000000Z K 7 svn:log V 19 Fix an easy WARNS. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T17:17:51.000000Z K 7 svn:log V 656 Introduce support for Mandatory Access Control and extensible kernel access control. Instrument the code managing IP fragment reassembly queues (struct ipq) to invoke appropriate MAC entry points to maintain a MAC label on each queue. Permit MAC policies to associate information with a queue based on the mbuf that caused it to be created, update that information based on further mbufs accepted by the queue, influence the decision making process by which mbufs are accepted to the queue, and set the label of the mbuf holding the reassembled datagram following reassembly completetion. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T17:21:01.000000Z K 7 svn:log V 469 Introduce support for Mandatory Access Control and extensible kernel access control. When fragmenting an IP datagram, invoke an appropriate MAC entry point so that MAC labels may be copied (...) to the individual IP fragment mbufs by MAC policies. When IP options are inserted into an IP datagram when leaving a host, preserve the label if we need to reallocate the mbuf for alignment or size reasons. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 3 imp K 8 svn:date V 27 2002-07-31T17:30:48.000000Z K 7 svn:log V 73 Shouldn't have backed this out, rwatson fixed things in the right place. END K 10 svn:author V 6 jedgar K 8 svn:date V 27 2002-07-31T17:55:22.000000Z K 7 svn:log V 54 Correct bounds checking error in FFS filesize limits. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T18:07:45.000000Z K 7 svn:log V 2780 Introduce support for Mandatory Access Control and extensible kernel access control. Provide implementations of some sample operating system security policy extensions. These are not yet hooked up to the build as other infrastructure is still being committed. Most of these work fairly well and are in daily use in our development and (limited) production environments. Some are not yet in their final form, and a number of the labeled policies waste a lot of kernel memory and will be fixed over the next month or so to be more conservative. They do give good examples of the flexibility of the MAC framework for implementing a variety of security policies. mac_biba: Implementation of fixed-label Biba integrity policy, similar to those found in a number of commercial trusted operating systems. All subjects and objects are assigned integrity levels, and information flow is controlled based on a read-up, write-down policy. Currently, purely hierarchal. mac_bsdextended: Implementation of a "file system firewall", which allows the administrator to specify a series of rules limiting access by users and groups to objects owned by other users and groups. This policy is unlabeled, relying on existing system security labeling (file permissions/ownership, process credentials). mac_ifoff: Secure interface silencing. Special-purpose module to limit inappropriate out-going network traffic for silent monitoring scenarios. Prevents the various network stacks from generating any output despite an interface being live for reception. mac_mls: Implementation of fixed-label Multi-Level Security confidentiality policy, similar to those found in a number of commercial trusted operating systems. All subjects and objects are assigned confidentiality levels, and information flow is controlled based on a write-up, read-down policy. Currently, purely hiearchal, although non-hierarchal support is in the works. mac_none: Policy module implementing all MAC policy entry points with empty stubs. A good place to start if you want all the prototypes types in for you, and don't mind a bit of pruning. Can be loaded, but has no access control impact. Useful also for performance measurements. mac_seeotheruids: Policy module implementing a security service similar to security.bsd.seeotheruids, only a slightly more detailed policy involving exceptions for members of specific groups, etc. This policy is unlabeled, relying on existing system security labeling (process credentials). mac_test: Policy module implementing basic sanity tests for label handling. Attempts to ensure that labels are not freed multiple times, etc, etc. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 3 sos K 8 svn:date V 27 2002-07-31T18:26:30.000000Z K 7 svn:log V 501 Finally first shot at a driver for the Promise SuperTrak SX6000 ATA RAID controller. Some testing has already been done, but its still greenish. RAID's has to be setup via the BIOS on the SuperTrak, but all RAID types are supported by the driver. The SuperTrak rebuilds failed arrays on the fly and supports spare disks etc etc... Add "device pst" to your config file to use. As usual bugsreports, suggestions etc are welcome... Development sponsored by: Advanis Hardware donated by: Promise Inc. END K 10 svn:author V 3 sos K 8 svn:date V 27 2002-07-31T18:27:30.000000Z K 7 svn:log V 521 Finally first shot at a driver for the Promise SuperTrak SX6000 ATA RAID controller. Some testing has already been done, but its still greenish. RAID's has to be setup via the BIOS on the SuperTrak, but all RAID types are supported by the driver. The SuperTrak rebuilds failed arrays on the fly and supports spare disks etc etc... Add "device pst" to your config file to use. As usual bugsreports, suggestions etc are welcome... Development sponsored by: Advanis Hardware donated by: Promise Inc. END K 10 svn:author V 3 sos K 8 svn:date V 27 2002-07-31T18:29:34.000000Z K 7 svn:log V 22 Byteswap the serial # END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T18:30:34.000000Z K 7 svn:log V 561 Introduce support for Mandatory Access Control and extensible kernel access control. Instrument the raw IP socket code for packet generation and delivery: label outgoing mbufs with the label of the socket, and check the socket and mbuf labels before permitting delivery to a socket, permitting MAC policies to selectively allow delivery of raw IP mbufs to various raw IP sockets that may be open. Restructure the policy checking code to compose IPsec and MAC results in a more readable manner. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 3 sos K 8 svn:date V 27 2002-07-31T18:30:38.000000Z K 7 svn:log V 47 Also print the serial # on atacontrol cap .... END K 10 svn:author V 3 alc K 8 svn:date V 27 2002-07-31T18:46:47.000000Z K 7 svn:log V 577 o Setting PG_MAPPED and PG_WRITEABLE on pages that are mapped and unmapped by pmap_qenter() and pmap_qremove() is pointless. In fact, it probably leads to unnecessary pmap_page_protect() calls if one of these pages is paged out after unwiring. Note: setting PG_MAPPED asserts that the page's pv list may be non-empty. Since checking the status of the page's pv list isn't any harder than checking this flag, the flag should probably be eliminated. Alternatively, PG_MAPPED could be set by pmap_enter() exclusively rather than various places throughout the kernel. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T19:06:49.000000Z K 7 svn:log V 788 Introduce support for Mandatory Access Control and extensible kernel access control. Instrument the TCP socket code for packet generation and delivery: label outgoing mbufs with the label of the socket, and check socket and mbuf labels before permitting delivery to a socket. Assign labels to newly accepted connections when the syncache/cookie code has done its business. Also set peer labels as convenient. Currently, MAC policies cannot influence the PCB matching algorithm, so cannot implement polyinstantiation. Note that there is at least one case where a PCB is not available due to the TCP packet not being associated with any socket, so we don't label in that case, but need to handle it in a special manner. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 3 jhb K 8 svn:date V 27 2002-07-31T19:37:03.000000Z K 7 svn:log V 340 - Split the unaligned access check flags out of md_flags in struct mdthread and move them into md_uac in struct mdproc. mdproc is protected by the proc lock. md_flags now is only ever modified by the current thread, so it doesn't need a lock. - Rename the constants for all the per-thread MD flags to use MDTD_* instead of MDP_*. END K 10 svn:author V 5 silby K 8 svn:date V 27 2002-07-31T19:58:36.000000Z K 7 svn:log V 309 Make sure to set both sets of registers which control the RX and TX buffer sizes. Previously, the end result was at the mercy of the card's default setting. This change will reduce the number of buffer underruns for some users. PR: kern/37929 Submitted by: Thomas Nystrom MFC after: 7 days END K 10 svn:author V 3 imp K 8 svn:date V 27 2002-07-31T20:01:11.000000Z K 7 svn:log V 60 Add 16-bit before bus to keep the words card and bus apart. END K 10 svn:author V 4 bmah K 8 svn:date V 27 2002-07-31T20:09:07.000000Z K 7 svn:log V 29 New release note: SA-02:33. END K 10 svn:author V 4 bmah K 8 svn:date V 27 2002-07-31T20:15:20.000000Z K 7 svn:log V 53 New release note: SA-02:23 update. MFC: SA-02:33. END K 10 svn:author V 4 jake K 8 svn:date V 27 2002-07-31T20:17:06.000000Z K 7 svn:log V 90 Stash various networking paramters in the environment for the kernel to pick up, ala pxe. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-07-31T20:19:28.000000Z K 7 svn:log V 130 The ppp and tunnel modules now rely on opt_mac.h. Missed in a previous commit. Submitted by: Anders Andersson END K 10 svn:author V 4 bmah K 8 svn:date V 27 2002-07-31T20:20:29.000000Z K 7 svn:log V 63 MFS: SA-02:23 update, SA-02:33. Approved by: re (implicitly) END K 10 svn:author V 3 hrs K 8 svn:date V 27 2002-07-31T21:35:28.000000Z K 7 svn:log V 98 Merge the following from the English version: 1.22.2.269 -> 1.22.2.272 relnotes/common/new.sgml END K 10 svn:author V 5 luigi K 8 svn:date V 27 2002-07-31T22:31:47.000000Z K 7 svn:log V 353 Two bugfixes: + the header file contains two different opcodes (O_IPOPTS and O_IPOPT) for what is the same thing, and sure enough i used one in the kernel and the other one in userland. Be consistent! + "keep-state" and "limit" must be the last match pattern in a rule, so no matter how you enter them move them to the end of the rule. END K 10 svn:author V 5 luigi K 8 svn:date V 27 2002-07-31T22:42:08.000000Z K 7 svn:log V 146 Forgot this one: properly initialize an address set when the set size is less than 32 bits (/28 mask or more). Also remove a debugging fprintf(). END K 10 svn:author V 5 luigi K 8 svn:date V 27 2002-07-31T23:35:46.000000Z K 7 svn:log V 40 MFC: sync with the version in -current. END K 10 svn:author V 4 jake K 8 svn:date V 27 2002-07-31T23:39:50.000000Z K 7 svn:log V 48 Add some statistic gathering for cache flushes. END K 10 svn:author V 5 luigi K 8 svn:date V 27 2002-07-31T23:44:26.000000Z K 7 svn:log V 450 Make net.link.ether.ipfw read-write so users of ipfw2 can set it to 1 to try MAC filtering of layer2 packets. It also works with ipfw, but 1) you are not supposed to know, and 2) ipfw does not have instructions to match MAC fields. See the commit log for rev.1.111 of this file to understand when the firewall is invoked. We do not have separate firewall chains yet so if you are not careful the same packet can be processed by ipfw up to 4 times. END K 10 svn:author V 4 jake K 8 svn:date V 27 2002-08-01T00:16:22.000000Z K 7 svn:log V 191 Modify the cache handling code to assume 2 virtual colours, which is much simpler and easier to get right. Add comments. Add more statistic gathering on cacheable and uncacheable mappings. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T01:04:16.000000Z K 7 svn:log V 285 Introduce support for Mandatory Access Control and extensible kernel access control. Instrument the kernel ACL retrieval and modification system calls to invoke MAC framework entry points to authorize these operations. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T01:07:03.000000Z K 7 svn:log V 261 Introduce support for Mandatory Access Control and extensible kernel access control. Instrument the ktrace write operation so that it invokes the MAC framework's vnode write authorization check. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T01:09:54.000000Z K 7 svn:log V 427 Introduce support for Mandatory Access Control and extensible kernel access control. Instrument ctty driver invocations of various vnode operations on the terminal controlling tty to perform appropriate MAC framework authorization checks. Note: VOP_IOCTL() on the ctty appears to be authorized using NOCRED in the existing code rather than td->td_ucred. Why? Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T01:16:22.000000Z K 7 svn:log V 181 When invoking NDINIT() in preparation for CREATE, set SAVENAME since we'll use nd.ni_cnp later. Submitted by: green Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T01:18:42.000000Z K 7 svn:log V 285 Introduce support for Mandatory Access Control and extensible kernel access control. Authorize the creation of UNIX domain sockets in the file system namespace via an appropriate invocation a MAC framework entry point. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T01:21:40.000000Z K 7 svn:log V 288 Introduce support for Mandatory Access Control and extensible kernel access control. Authorize vop_readlink() and vop_lookup() activities during recursive path lookup via namei() via calls to appropriate MAC entry points. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T01:26:07.000000Z K 7 svn:log V 111 Simplify the logic to enter VFS_EXTATTRCTL(). Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T01:29:03.000000Z K 7 svn:log V 158 Improve formatting and variable use consistency in extattr system calls. Submitted by: green Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T01:33:12.000000Z K 7 svn:log V 561 Introduce support for Mandatory Access Control and extensible kernel access control. Modify pseudofs so that it can support synthetic file systems with the multilabel flag set. In particular, implement vop_refreshlabel() as pn_refreshlabel(). Implement pfs_refreshlabel() to invoke this, and have it fall back to the mount label if the file system does not implement pn_refreshlabel() for the node. Otherwise, permit the file system to determine how the service is provided. Approved by: des Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 6 scottl K 8 svn:date V 27 2002-08-01T01:36:39.000000Z K 7 svn:log V 137 Allow the ahc and ahd drivers to be built as modules. This also breaks the ahc driver into a core back-end and pci and eisa front-ends. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T02:03:21.000000Z K 7 svn:log V 310 Introduce support for Mandatory Access Control and extensible kernel access control. Modify procfs so that (when mounted multilabel) it exports process MAC labels as the vnode labels of procfs vnodes associated with processes. Approved by: des Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 5 peter K 8 svn:date V 27 2002-08-01T03:13:10.000000Z K 7 svn:log V 37 Remove duplicate 'modules-tags' rule END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T03:45:40.000000Z K 7 svn:log V 336 Introduce support for Mandatory Access Control and extensible kernel access control. Implement two IOCTLs at the socket level to retrieve the primary and peer labels from a socket. Note that this user process interface will be changing to improve multi-policy support. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T03:50:08.000000Z K 7 svn:log V 276 Introduce support for Mandatory Access Control and extensible kernel access control. Instrument chdir() and chroot()-related system calls to invoke appropriate MAC entry points to authorize the two operations. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T03:53:04.000000Z K 7 svn:log V 451 Introduce support for Mandatory Access Control and extensible kernel access control. Add support for labeling most out-going ICMP messages using an appropriate MAC entry point. Currently, we do not explicitly label packet reflect (timestamp, echo request) ICMP events, implicitly using the originating packet label since the mbuf is reused. This will be made explicit at some point. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T03:54:43.000000Z K 7 svn:log V 277 Document the undocumented assumption that at least one of the PCB pointer and incoming mbuf pointer will be non-NULL in tcp_respond(). This is relied on by the MAC code for correctness, as well as existing code. Obtained from: TrustedBSD PRoject Sponsored by: DARPA, NAI Labs END K 10 svn:author V 4 mike K 8 svn:date V 27 2002-08-01T07:18:38.000000Z K 7 svn:log V 51 Implement the POSIX.1-2001 (XSI) header, . END K 10 svn:author V 3 imp K 8 svn:date V 27 2002-08-01T07:37:52.000000Z K 7 svn:log V 210 Don't set the IFF_PROMISC bit when in hostap mode like the previous commit bogusly did. Instead, don't set PROMSIC in the hardware if we're in hostap mode. This matches more closely what openbsd did as well. END K 10 svn:author V 7 iwasaki K 8 svn:date V 27 2002-08-01T09:48:01.000000Z K 7 svn:log V 173 Fix a bug about stack manipulation at ACPI wakeup. This should avoid kernel panic on kernel compiled w/o NO_CPU_COPTFLAGS. Suggested by: optimized code by -mcpu=pentiumpro END K 10 svn:author V 2 ru K 8 svn:date V 27 2002-08-01T10:05:30.000000Z K 7 svn:log V 417 MFC: Split scripts/dokern.sh into MD parts. The old version used ``uname -m'' to choose the appropriate sed(1) filter, and this did not obviously work in the case of cross release. I've been getting kern.flp overflows on i386 attempting to cross-release Alpha. Many thanks to Wilko for providing me with an account on his Alpha box. Comparing generated BOOTMFS configs helped fix this problem almost immediately. END K 10 svn:author V 8 blackend K 8 svn:date V 27 2002-08-01T10:20:59.000000Z K 7 svn:log V 74 Fix links to the FAQ and the Handbook Reviewed by: re@ MFC after: 1 week END K 10 svn:author V 3 yar K 8 svn:date V 27 2002-08-01T10:53:04.000000Z K 7 svn:log V 58 MFC rev. 1.35: Avoid introducing a non-portable constant. END K 10 svn:author V 3 des K 8 svn:date V 27 2002-08-01T11:02:30.000000Z K 7 svn:log V 54 Implement the -l and -c options, which I'd forgotten. END K 10 svn:author V 6 robert K 8 svn:date V 27 2002-08-01T11:22:16.000000Z K 7 svn:log V 130 MFC: Duplicate file descriptors with the correct flags, when the destination is a standard file descriptor. PR: misc/39377 END K 10 svn:author V 5 markm K 8 svn:date V 27 2002-08-01T11:29:05.000000Z K 7 svn:log V 41 Fix an easy warning in a local addition. END K 10 svn:author V 6 nectar K 8 svn:date V 27 2002-08-01T12:23:04.000000Z K 7 svn:log V 67 The fix applied to the XDR decoder in revision 1.11 was incorrect. END K 10 svn:author V 6 nectar K 8 svn:date V 27 2002-08-01T12:23:20.000000Z K 7 svn:log V 70 The fix applied to the XDR decoder in revision 1.8.2.1 was incorrect. END K 10 svn:author V 6 nectar K 8 svn:date V 27 2002-08-01T12:23:40.000000Z K 7 svn:log V 96 The fix applied to the XDR decoder in lib/libc/xdr/xdr_array.c revision 1.8.10.1 was incorrect. END K 10 svn:author V 6 nectar K 8 svn:date V 27 2002-08-01T12:23:58.000000Z K 7 svn:log V 95 The fix applied to the XDR decoder in lib/libc/xdr/xdr_array.c revision 1.8.8.1 was incorrect. END K 10 svn:author V 6 nectar K 8 svn:date V 27 2002-08-01T12:24:20.000000Z K 7 svn:log V 95 The fix applied to the XDR decoder in lib/libc/xdr/xdr_array.c revision 1.8.6.1 was incorrect. END K 10 svn:author V 3 jhb K 8 svn:date V 27 2002-08-01T13:30:20.000000Z K 7 svn:log V 36 MFC: Add PREFETCHDISTFILES support. END K 10 svn:author V 3 jhb K 8 svn:date V 27 2002-08-01T13:35:38.000000Z K 7 svn:log V 381 If we fail to write to a vnode during a ktrace write, then we drop all other references to that vnode as a trace vnode in other processes as well as in any pending requests on the todo list. Thus, it is possible for a ktrace request structure to have a NULL ktr_vp when it is destroyed in ktr_freerequest(). We shouldn't call vrele() on the vnode in that case. Reported by: bde END K 10 svn:author V 3 jhb K 8 svn:date V 27 2002-08-01T13:37:22.000000Z K 7 svn:log V 168 Forced commit to note that the previous log was incorrect. The previous commit added an assertion that a taskqueue being free'd wasn't being drained at the same time. END K 10 svn:author V 3 jhb K 8 svn:date V 27 2002-08-01T13:39:33.000000Z K 7 svn:log V 87 Revert previous revision which was accidentally committed and has not been tested yet. END K 10 svn:author V 3 jhb K 8 svn:date V 27 2002-08-01T13:44:33.000000Z K 7 svn:log V 142 Revert previous revision which accidentally snuck in with another commit. It just removed a comment that doesn't make sense to me personally. END K 10 svn:author V 8 bmilekic K 8 svn:date V 27 2002-08-01T14:24:41.000000Z K 7 svn:log V 246 Move the MAC label init/destroy stuff to more appropriate places so that the inits/destroys are done without the cache locks held even in the persistent-lock calls. I may be cheating a little by using the MAC "already initialized" flag for now. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T14:31:58.000000Z K 7 svn:log V 419 Introduce support for Mandatory Access Control and extensible kernel access control. Invoke an appropriate MAC entry point to authorize execution of a file by a process. The check is placed slightly differently than it appears in the trustedbsd_mac tree so that it prevents a little more information leakage about the target of the execve() operation. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 4 bmah K 8 svn:date V 27 2002-08-01T15:27:51.000000Z K 7 svn:log V 29 New release note: SA-02:34. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T15:37:12.000000Z K 7 svn:log V 1190 Introduce support for Mandatory Access Control and extensible kernel access control. Invoke appropriate MAC entry points to authorize the following operations: truncate on open() (write) access() (access) readlink() (readlink) chflags(), lchflags(), fchflags() (setflag) chmod(), fchmod(), lchmod() (setmode) chown(), fchown(), lchown() (setowner) utimes(), lutimes(), futimes() (setutimes) truncate(), ftrunfcate() (write) revoke() (revoke) fhopen() (open) truncate on fhopen() (write) extattr_set_fd, extattr_set_file() (setextattr) extattr_get_fd, extattr_get_file() (getextattr) extattr_delete_fd(), extattr_delete_file() (setextattr) These entry points permit MAC policies to enforce a variety of protections on vnodes. More vnode checks to come, especially in non-native ABIs. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 4 bmah K 8 svn:date V 27 2002-08-01T15:59:40.000000Z K 7 svn:log V 16 MFC: SA-02:34. END K 10 svn:author V 4 bmah K 8 svn:date V 27 2002-08-01T16:15:50.000000Z K 7 svn:log V 151 MFS: SA-02:34. While I'm here, do some tweaks to support the upcoming 4.6.2 version number bump (but don't do it yet). Approved by: re (implicitly) END K 10 svn:author V 3 des K 8 svn:date V 27 2002-08-01T16:49:31.000000Z K 7 svn:log V 80 Don't depend on namespace pollution from . Submitted by: bde END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T17:14:28.000000Z K 7 svn:log V 502 Introduce support for Mandatory Access Control and extensible kernel access control. Restructure the vn_open_cred() access control checks to invoke the MAC entry point for open authorization. Note that MAC can reject open requests where existing DAC code skips the open authorization check due to O_CREAT. However, the failure mode here is the same as other failure modes following creation, wherein an empty file may be left behind. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 8 blackend K 8 svn:date V 27 2002-08-01T17:21:18.000000Z K 7 svn:log V 29 Fix the link to the Handbook END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T17:23:22.000000Z K 7 svn:log V 666 Introduce support for Mandatory Access Control and extensible kernel access control Invoke appropriate MAC framework entry points to authorize a number of vnode operations, including read, write, stat, poll. This permits MAC policies to revoke access to files following label changes, and to limit information spread about the file to user processes. Note: currently the file cached credential is used for some of these authorization check. We will need to expand some of the MAC entry point APIs to permit multiple creds to be passed to the access control check to allow diverse policy behavior. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 8 blackend K 8 svn:date V 27 2002-08-01T17:26:31.000000Z K 7 svn:log V 29 Fix the link to the Handbook END K 10 svn:author V 4 fanf K 8 svn:date V 27 2002-08-01T17:29:41.000000Z K 7 svn:log V 137 MFC 1.11: Use login_getpwclass() instead of login_getclass() so that the root vs. default login class distinction is made correctly. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T17:32:01.000000Z K 7 svn:log V 245 Change macop_t to const, use macop_t in MAC policy entry point definition structure. This prevents a boatload of warnings in the MAC modules, so we can hook them up to the build. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 sobomax K 8 svn:date V 27 2002-08-01T17:32:08.000000Z K 7 svn:log V 338 Move even closer to matching behaviour of our old tar(1) wrt preserving modes of extracted files. This effectively disables special threating of uid 0 for mode-preserving purposes and should fix problems with pkg_add(1) and probably other things when extracting files/dirs with sticky mode bits set. Pointed out by: bde MFC in: 2 weeks END K 10 svn:author V 4 bmah K 8 svn:date V 27 2002-08-01T17:36:26.000000Z K 7 svn:log V 141 New entries for the errata: SA-02:23 update, SA-02:32, SA-02:33, SA-02:34, mention that the READ_BIG ata(4) problems are fixed in 4-STABLE. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T17:41:27.000000Z K 7 svn:log V 796 Introduce support for Mandatory Access Control and extensible kernel access control. Hook up various policy modules to the kernel build. Note that a number of these modules require futher entry point commits in the remainder of the kernel to become fully functional, but enough of the pieces are in place to allow experimentation. Note also that it would be desirable to not build the mac_*.ko modules if 'options MAC' is not defined in the kernel configuration, because the resulting modules are not useful without the kernel option. There doesn't appear to be precedent for a way to do this -- for example, we allow ipfw.ko to be built even if 'options NETINET' isn't defined. Suggests welcomed on the "best" way to do this. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T17:47:56.000000Z K 7 svn:log V 130 Include file cleanup; mac.h and malloc.h at one point had ordering relationship requirements, and no longer do. Reminded by: bde END K 10 svn:author V 3 alc K 8 svn:date V 27 2002-08-01T17:57:42.000000Z K 7 svn:log V 136 o Acquire the page queues lock before calling vm_page_io_finish(). o Assert that the page queues lock is held in vm_page_io_finish(). END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2002-08-01T18:29:30.000000Z K 7 svn:log V 100 Since we have the struct file data pointer cached in vp, use that instead when invoking VOP_POLL(). END K 10 svn:author V 6 julian K 8 svn:date V 27 2002-08-01T18:45:10.000000Z K 7 svn:log V 406 Slight cleanup of some comments/whitespace. Make idle process state more consistant. Add an assert on thread state. Clean up idleproc/mi_switch() interaction. Use a local instead of referencing curthread 7 times in a row (I've been told curthread can be expensive on some architectures) Remove some commented out code. Add a little commented out code (completion coming soon) Reviewed by: jhb@freebsd.org END K 10 svn:author V 6 julian K 8 svn:date V 27 2002-08-01T19:10:40.000000Z K 7 svn:log V 15 Fix a comment. END K 10 svn:author V 3 ume K 8 svn:date V 27 2002-08-01T19:31:06.000000Z K 7 svn:log V 189 MFC 1.6: sysctl(NET_RT_IFLIST) up to several (currently 5) times. This will make the behavior robuster if many addresses are added after the size estimation of storage at the first sysctl. END