| Commit message (Expand) | Author | Age | Files | Lines |
* | mac_pimd: Support for privilege drop in pimd | Wojciech Macek | 2022-04-20 | 1 | -0/+75 |
* | audit: Initialize vattr fields before calling VOP_GETATTR | Mark Johnston | 2022-03-28 | 1 | -0/+1 |
* | mac_veriexec: Fix a typo in a source code comment | Gordon Bergling | 2022-03-27 | 1 | -1/+1 |
* | vfs: NDFREE(&nd, NDF_ONLY_PNBUF) -> NDFREE_PNBUF(&nd) | Mateusz Guzik | 2022-03-24 | 3 | -4/+4 |
* | Thread creation privilege for realtime group | Florian Walpen | 2021-12-14 | 1 | -2/+2 |
* | Add idle priority scheduling privilege group to MAC/priority | Florian Walpen | 2021-12-10 | 1 | -1/+16 |
* | Add PRIV_SCHED_IDPRIO | Florian Walpen | 2021-12-10 | 2 | -0/+2 |
* | MAC/priority module for realtime privilege group | Florian Walpen | 2021-12-04 | 1 | -0/+68 |
* | vfs: remove the unused thread argument from NDINIT* | Mateusz Guzik | 2021-11-25 | 3 | -5/+5 |
* | Add fspacectl(2), vn_deallocate(9) and VOP_DEALLOCATE(9). | Ka Ho Ng | 2021-08-05 | 1 | -0/+12 |
* | Fix mac_veriexec version mismatch | Wojciech Macek | 2021-07-29 | 1 | -1/+1 |
* | mac: cheaper check for ifnet_create_mbuf and ifnet_check_transmit | Mateusz Guzik | 2021-06-29 | 3 | -10/+40 |
* | tcp_input/syncache: acquire only read lock on PCB for SYN,!ACK packets | Gleb Smirnoff | 2021-04-12 | 1 | -1/+1 |
* | Add a comment on why the call to mac_vnode_relabel() might be in the wrong | Robert Watson | 2021-02-27 | 1 | -3/+12 |
* | close_range: add audit support | Alex Richardson | 2021-02-23 | 1 | -0/+15 |
* | Convert remaining cap_rights_init users to cap_rights_init_one | Mateusz Guzik | 2021-01-12 | 2 | -4/+6 |
* | mac: cheaper check for mac_vnode_check_readlink | Mateusz Guzik | 2021-01-08 | 3 | -2/+20 |
* | cache: combine fast path enabled status into one flag | Mateusz Guzik | 2021-01-06 | 1 | -0/+3 |
* | audit: rework AUDIT_SYSCLOSE | Mateusz Guzik | 2020-12-17 | 2 | -8/+4 |
* | pipe: allow for lockless pipe_stat | Mateusz Guzik | 2020-11-19 | 3 | -3/+30 |
* | mac_framework.h: fix build with DEBUG_VFS_LOCKS and !MAC | Andriy Gapon | 2020-09-03 | 1 | -1/+1 |
* | security: clean up empty lines in .c and .h files | Mateusz Guzik | 2020-09-01 | 13 | -22/+4 |
* | cache: drop the always curthread argument from reverse lookup routines | Mateusz Guzik | 2020-08-24 | 1 | -1/+1 |
* | vfs: add VOP_STAT | Mateusz Guzik | 2020-08-07 | 1 | -1/+1 |
* | mac: even up all entry points to the same scheme | Mateusz Guzik | 2020-08-06 | 1 | -7/+38 |
* | vfs: add a cheaper entry for mac_vnode_check_access | Mateusz Guzik | 2020-08-05 | 3 | -2/+17 |
* | Fix tinderbox build after r363714 | Mateusz Guzik | 2020-07-30 | 1 | -0/+8 |
* | vfs: elide MAC-induced locking on rename if there are no relevant hoooks | Mateusz Guzik | 2020-07-29 | 2 | -0/+7 |
* | vfs: add the infrastructure for lockless lookup | Mateusz Guzik | 2020-07-25 | 1 | -1/+2 |
* | vfs: fix vn_poll performance with either MAC or AUDIT | Mateusz Guzik | 2020-07-16 | 2 | -1/+16 |
* | vfs: fix MAC/AUDIT mismatch in vn_poll | Mateusz Guzik | 2020-07-16 | 1 | -0/+10 |
* | audit: provide AUDITING_TD for !AUDIT case | Mateusz Guzik | 2020-07-04 | 1 | -0/+2 |
* | mac_veriexec_fingerprint_check_vnode: v_writecount > 0 means active writers | Simon J. Gerraty | 2020-06-12 | 1 | -1/+1 |
* | Deduplicate fsid comparisons | Ryan Moeller | 2020-05-21 | 2 | -4/+3 |
* | Add BSM record conversion for a number of syscalls: | Christian S.J. Peron | 2020-05-16 | 1 | -0/+34 |
* | audit_canon_path_vp: don't panic if cdir == NULL | Kyle Evans | 2020-04-17 | 1 | -2/+7 |
* | mac_policy: Remove mac_policy_sx | Jason A. Harmening | 2020-04-04 | 1 | -8/+3 |
* | Make sure we convert internal audit records for thr_new | Christian S.J. Peron | 2020-03-30 | 1 | -0/+3 |
* | In r358471, we interrupted the case block that would eventually lead | Christian S.J. Peron | 2020-03-03 | 1 | -9/+10 |
* | fd: move vnodes out of filedesc into a dedicated structure | Mateusz Guzik | 2020-03-01 | 1 | -15/+12 |
* | Currently kernel audit events for jail_set(2), jail_get(2), jail_attach(2), | Christian S.J. Peron | 2020-02-29 | 1 | -0/+16 |
* | Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) | Pawel Biernacki | 2020-02-26 | 15 | -19/+36 |
* | audit: provide audit_canon_path variant which accepts vnodes | Mateusz Guzik | 2020-02-21 | 4 | -23/+103 |
* | audit: simplify path resolving logic | Mateusz Guzik | 2020-02-21 | 1 | -49/+26 |
* | audit: rely on use count instead of hold count in audit_canon_path | Mateusz Guzik | 2020-02-21 | 1 | -9/+6 |
* | vfs: add realpathat syscall | Mateusz Guzik | 2020-02-20 | 1 | -0/+1 |
* | Merge audit and systrace checks | Mateusz Guzik | 2020-02-14 | 1 | -3/+6 |
* | Annotate branches in the syscall path | Mateusz Guzik | 2020-02-14 | 1 | -1/+1 |
* | vfs: use mac fastpath for lookup, open, read, write, mmap | Mateusz Guzik | 2020-02-13 | 3 | -15/+124 |
* | mac: implement fast path for checks | Mateusz Guzik | 2020-02-13 | 3 | -4/+118 |