aboutsummaryrefslogtreecommitdiff
path: root/sys/security
Commit message (Expand)AuthorAgeFilesLines
...
* - Add a FEATURE for capsicum (security_capabilities).Alexander Leidinger2011-03-041-1/+1
* Add ECAPMODE, "Not permitted in capability mode", a new kernel errnoRobert Watson2011-03-011-0/+14
* Add some FEATURE macros for various features (AUDIT/CAM/IPC/KTR/MAC/NFS/NTP/Alexander Leidinger2011-02-252-0/+5
* Unless "cnt" exceeds MAX_COMMIT_COUNT, nfsrv_commit() and nfsvno_fsync() areAlan Cox2011-02-051-5/+2
* sysctl(9) cleanup checkpoint: amd64 GENERIC builds cleanly.Matthew D Fleming2011-01-122-2/+2
* Fix typos.Rebecca Cran2010-11-091-1/+1
* Add missing DTrace probe invocation to mac_vnode_check_open; the probeRobert Watson2010-10-231-0/+2
* Replace sbuf_overflowed() with sbuf_error(), which returns any errorMatthew D Fleming2010-09-101-1/+1
* Add an extra comment to the SDT probes definition. This allows us to getRui Paulo2010-08-222-13/+15
* Add a case to make sure that internal audit records get convertedChristian S.J. Peron2010-05-041-0/+1
* Update device-labeling logic for Biba, LOMAC, and MLS to recognize new-styleRobert Watson2010-03-023-0/+3
* Make sure we convert audit records that were produced as the result of theChristian S.J. Peron2010-01-311-0/+7
* Replace the static NGROUPS=NGROUPS_MAX+1=1024 with a dynamicBrooks Davis2010-01-121-2/+2
* Make mac_lomac(4) able to interpret NFSv4 access bits.Edward Tomasz Napierala2010-01-031-1/+1
* Having thrown the cat out of the house, add a necessary include.Poul-Henning Kamp2009-09-081-0/+1
* Revert previous commit and add myself to the list of people who shouldPoul-Henning Kamp2009-09-081-1/+0
* Add necessary include.Poul-Henning Kamp2009-09-081-0/+1
* Correctly audit real gids following changes to the audit record argumentRobert Watson2009-08-121-1/+1
* Eliminate ARG_UPATH[12] arguments to AUDIT_ARG_UPATH() and insteadRobert Watson2009-07-293-89/+89
* Rework vnode argument auditing to follow the same structure, in orderRobert Watson2009-07-283-34/+50
* Audit file descriptors passed to fooat(2) system calls, which are usedRobert Watson2009-07-286-83/+184
* Import OpenBSM 1.1p1 from vendor branch to 8-CURRENT, populatingRobert Watson2009-07-172-8/+121
* Create audit records for AUE_POSIX_OPENPT, currently w/o arguments.Robert Watson2009-07-021-0/+1
* Fix comment misthink.Robert Watson2009-07-021-1/+1
* Clean up a number of aspects of token generation from audit arguments toRobert Watson2009-07-021-69/+55
* For access(2) and eaccess(2), audit the requested access mode.Robert Watson2009-07-011-2/+9
* Define missing audit argument macro AUDIT_ARG_SOCKET(), andRobert Watson2009-07-011-0/+6
* When auditing unmount(2), capture FSID arguments as regular text stringsRobert Watson2009-07-011-0/+8
* Audit the file descriptor number passed to lseek(2).Robert Watson2009-07-011-1/+1
* udit the 'options' argument to wait4(2).Robert Watson2009-07-011-0/+4
* Dynamically allocate the gidset field in audit record.Stacey Son2009-06-293-2/+13
* Replace AUDIT_ARG() with variable argument macros with a set more moreRobert Watson2009-06-272-15/+174
* Implement global and per-uid accounting of the anonymous memory. AddKonstantin Belousov2009-06-232-0/+4
* Chase the removal of PRIV_TTY_PRISON in the mac(9) modules.Ed Schouten2009-06-202-2/+0
* Adapt vfs kqfilter to the shared vnode lock used by zfs write vop. UseKonstantin Belousov2009-06-101-2/+1
* Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERICRobert Watson2009-06-051-2/+0
* Add one further check with mac_policy_count to an mbuf copying caseRobert Watson2009-06-031-0/+3
* Continue work to optimize performance of "options MAC" when no MAC policyRobert Watson2009-06-0310-94/+328
* By default, label all network interfaces as biba/equal on attach. ThisRobert Watson2009-06-031-1/+1
* Mark MAC Framework sx and rm locks as NOWITNESS to suppress warnings thatRobert Watson2009-06-021-2/+2
* Add internal 'mac_policy_count' counter to the MAC Framework, which is aRobert Watson2009-06-023-22/+70
* Make the rmlock(9) interface a bit more like the rwlock(9) interface:Robert Watson2009-05-291-1/+1
* Add hierarchical jails. A jail may further virtualize its environmentJamie Gritton2009-05-271-2/+2
* Convert the MAC Framework from using rwlocks to rmlocks to stabilizeRobert Watson2009-05-272-21/+32
* Remove the thread argument from the FSD (File-System Dependent) parts ofAttilio Rao2009-05-111-1/+1
* Rename MAC Framework-internal macros used to invoke policy entry points:Robert Watson2009-05-0118-304/+339
* Temporarily relax the constraints on argument size checking for A_GETCOND;Robert Watson2009-04-191-12/+6
* Merge OpenBSM 1.1 changes to the FreeBSD 8.x kernel:Robert Watson2009-04-197-44/+225
* Merge new kernel files from OpenBSM 1.1: audit_fcntl.h andRobert Watson2009-04-161-0/+290
* Remove D_NEEDGIANT from audit pipes. I'm actually not sure why this wasRobert Watson2009-04-161-1/+1