| Commit message (Expand) | Author | Age | Files | Lines |
* | Style fix | Baptiste Daroussin | 2012-11-14 | 1 | -1/+1 |
* | return ERANGE if the buffer is too small to contain the login as documented in | Baptiste Daroussin | 2012-11-14 | 1 | -0/+2 |
* | Fix a typo. (s/nessesary/necessary/) | Hiroki Sato | 2012-01-08 | 1 | -1/+1 |
* | In order to maximize the re-usability of kernel code in user space this | Kip Macy | 2011-09-16 | 1 | -27/+27 |
* | Notify racct when process credentials change. | Edward Tomasz Napierala | 2011-03-31 | 1 | -0/+10 |
* | Add two new system calls, setloginclass(2) and getloginclass(2). This makes | Edward Tomasz Napierala | 2011-03-05 | 1 | -0/+4 |
* | Add some FEATURE macros for various features (AUDIT/CAM/IPC/KTR/MAC/NFS/NTP/ | Alexander Leidinger | 2011-02-25 | 1 | -0/+5 |
* | Revert r210225 - turns out I was wrong; the "/*-" is not license-only | Edward Tomasz Napierala | 2010-07-18 | 1 | -16/+16 |
* | The "/*-" comment marker is supposed to denote copyrights. Remove non-copyright | Edward Tomasz Napierala | 2010-07-18 | 1 | -16/+16 |
* | Only allocate the space we need before calling kern_getgroups instead | Brooks Davis | 2010-01-15 | 1 | -1/+7 |
* | Replace the static NGROUPS=NGROUPS_MAX+1=1024 with a dynamic | Brooks Davis | 2010-01-12 | 1 | -6/+6 |
* | Remove the interim vimage containers, struct vimage and struct procg, | Jamie Gritton | 2009-07-17 | 1 | -15/+1 |
* | Remove crcopy call from seteuid now that it calls crcopysafe. | Jamie Gritton | 2009-07-08 | 1 | -1/+0 |
* | Replace AUDIT_ARG() with variable argument macros with a set more more | Robert Watson | 2009-06-27 | 1 | -15/+15 |
* | Change crsetgroups_locked() (called by crsetgroups()) to sort the | Brooks Davis | 2009-06-20 | 1 | -10/+45 |
* | Rework the credential code to support larger values of NGROUPS and | Brooks Davis | 2009-06-19 | 1 | -35/+135 |
* | Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC | Robert Watson | 2009-06-05 | 1 | -1/+0 |
* | Add internal 'mac_policy_count' counter to the MAC Framework, which is a | Robert Watson | 2009-06-02 | 1 | -2/+0 |
* | Introduce an interm userland-kernel API for creating vnets and | Marko Zec | 2009-05-31 | 1 | -1/+5 |
* | Add hierarchical jails. A jail may further virtualize its environment | Jamie Gritton | 2009-05-27 | 1 | -19/+10 |
* | Introduce a new virtualization container, provisionally named vprocg, to hold | Marko Zec | 2009-05-08 | 1 | -0/+10 |
* | Improve the consistency of MAC Framework and MAC policy entry point | Robert Watson | 2009-03-08 | 1 | -9/+9 |
* | The userland_sysctl() function retries sysctl_root() until returned | Konstantin Belousov | 2008-12-12 | 1 | -1/+1 |
* | Retire the MALLOC and FREE macros. They are an abomination unto style(9). | Dag-Erling Smørgrav | 2008-10-23 | 1 | -8/+8 |
* | Add cr_canseeinpcb() doing checks using the cached socket | Bjoern A. Zeeb | 2008-10-17 | 1 | -0/+35 |
* | Merge first in a series of TrustedBSD MAC Framework KPI changes | Robert Watson | 2007-10-24 | 1 | -18/+18 |
* | Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in | Robert Watson | 2007-06-12 | 1 | -39/+20 |
* | Move per-process audit state from a pointer in the proc structure to | Robert Watson | 2007-06-07 | 1 | -0/+9 |
* | Further system call comment cleanup: | Robert Watson | 2007-03-05 | 1 | -6/+4 |
* | Remove 'MPSAFE' annotations from the comments above most system calls: all | Robert Watson | 2007-03-04 | 1 | -97/+3 |
* | Sort copyrights together. | Robert Watson | 2007-01-08 | 1 | -2/+4 |
* | Add a new priv(9) kernel interface for checking the availability of | Robert Watson | 2006-11-06 | 1 | -89/+58 |
* | Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h | Robert Watson | 2006-10-22 | 1 | -1/+1 |
* | Declare security and security.bsd sysctl hierarchies in sysctl.h along | Robert Watson | 2006-09-17 | 1 | -3/+1 |
* | Add kern_setgroups() and kern_getgroups() and use them to implement | John Baldwin | 2006-07-06 | 1 | -25/+42 |
* | Audit the arguments (user/group IDs) for the system calls that set these IDs. | Wayne Salamon | 2006-02-06 | 1 | -0/+17 |
* | Use the refcount API to manage the reference count for user credentials | John Baldwin | 2005-09-27 | 1 | -16/+6 |
* | Introduce p_canwait() and MAC Framework and MAC Policy entry points | Robert Watson | 2005-04-18 | 1 | -0/+31 |
* | Introduce new MAC Framework and MAC Policy entry points to control the use | Robert Watson | 2005-04-16 | 1 | -53/+137 |
* | Impose the upper limit on signals that are allowed between kernel threads | Maxim Sobolev | 2005-03-18 | 1 | -2/+2 |
* | Linuxthreads uses not only signal 32 but several signals >= 32. | Maxim Sobolev | 2005-03-18 | 1 | -5/+5 |
* | In linux emulation layer try to detect attempt to use linux_clone() to | Maxim Sobolev | 2005-03-03 | 1 | -0/+12 |
* | Backout addition of SIGTHR into the list of signals allowed to be delivered | Maxim Sobolev | 2005-02-13 | 1 | -1/+0 |
* | Backout previous change (disabling of security checks for signals delivered | Maxim Sobolev | 2005-02-13 | 1 | -4/+5 |
* | Split out kill(2) syscall service routine into user-level and kernel part, the | Maxim Sobolev | 2005-02-13 | 1 | -5/+4 |
* | Add SIGTHR (32) into list of signals permitted to be delivered to the | Maxim Sobolev | 2005-02-11 | 1 | -0/+1 |
* | Style cleanup: with removal of mutex operations, we can also remove | Robert Watson | 2005-01-23 | 1 | -4/+2 |
* | When reading pr_securelevel from a prison, perform a lockless read, | Robert Watson | 2005-01-23 | 1 | -4/+0 |
* | /* -> /*- for copyright notices, minor format tweaks as necessary | Warner Losh | 2005-01-06 | 1 | -1/+1 |
* | Remove sched_free_thread() which was only used | Julian Elischer | 2004-08-31 | 1 | -13/+0 |