| Commit message (Expand) | Author | Age | Files | Lines |
* | Add stub entry point implementations of mpo_priv_check and mpo_priv_grant to | Robert Watson | 2006-11-06 | 1 | -0/+16 |
* | Sweep kernel replacing suser(9) calls with priv(9) calls, assigning | Robert Watson | 2006-11-06 | 11 | -21/+45 |
* | Add a new priv(9) kernel interface for checking the availability of | Robert Watson | 2006-11-06 | 3 | -0/+100 |
* | Change the type of ar_arg_sockaddr from struct sockaddr to struct | Christian S.J. Peron | 2006-11-06 | 2 | -3/+2 |
* | Forward declare struct cdev, since arguments of this type are used in | Robert Watson | 2006-10-30 | 1 | -0/+1 |
* | Remove extra _MAC_ from #ifdef guard. | Robert Watson | 2006-10-25 | 1 | -1/+1 |
* | Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h | Robert Watson | 2006-10-22 | 17 | -76/+32 |
* | Do allow jailed superuser to override the port ACL. | Robert Watson | 2006-10-10 | 1 | -1/+1 |
* | Mark the audit system calls as being un-implemented in jails. Currently we do | Christian S.J. Peron | 2006-10-10 | 1 | -0/+19 |
* | Add BSM conversion switch entries for a number of system calls, many | Robert Watson | 2006-10-03 | 1 | -7/+43 |
* | Trim some no longer XXX comments. | Robert Watson | 2006-10-02 | 1 | -22/+5 |
* | Audit path argument when changing audit trails. | Robert Watson | 2006-10-02 | 1 | -3/+4 |
* | Rework the way errors are handled with respect to how audit records are | Robert Watson | 2006-09-24 | 1 | -100/+145 |
* | Merge OpenBSM 1.0 alpha 11 changes into src/sys/bsm and src/sys/security; | Robert Watson | 2006-09-21 | 1 | -1/+1 |
* | Remove MAC_DEBUG label counters, which were used to debug leaks and | Robert Watson | 2006-09-20 | 13 | -161/+0 |
* | Rather than allocating all buffer memory for the completed BSM record | Robert Watson | 2006-09-20 | 1 | -19/+17 |
* | Add missing white space in au_to_exec_{args,env}(). | Robert Watson | 2006-09-20 | 1 | -0/+2 |
* | Make sure that lutimes(2) gets processed and converted into a BSM record. | Christian S.J. Peron | 2006-09-18 | 1 | -0/+1 |
* | Declare security and security.bsd sysctl hierarchies in sysctl.h along | Robert Watson | 2006-09-17 | 1 | -1/+0 |
* | Correct a slight regression which was introduced with the implementation of | Christian S.J. Peron | 2006-09-17 | 4 | -5/+20 |
* | Add AUE_SYSARCH to the list of audit events during BSM conversion to prevent | Robert Watson | 2006-09-17 | 1 | -0/+1 |
* | Introduce a new entry point, mac_create_mbuf_from_firewall. This entry point | Christian S.J. Peron | 2006-09-12 | 6 | -0/+50 |
* | Add struct msg to the forwarded declared data structures in mac_policy.h. | Robert Watson | 2006-09-09 | 1 | -0/+1 |
* | Add a BSM conversion switch case for AUE_GETCWD, so that a console | Robert Watson | 2006-09-09 | 1 | -0/+3 |
* | Small style cleanup. | Robert Watson | 2006-09-09 | 1 | -3/+2 |
* | White space cleanup, no functional change. | Robert Watson | 2006-09-04 | 1 | -53/+53 |
* | Audit the argv and env vectors passed in on exec: | Wayne Salamon | 2006-09-01 | 7 | -10/+139 |
* | Fix panic associated with file creation via RPC/NFS when the MLS policy | Christian S.J. Peron | 2006-08-26 | 1 | -0/+12 |
* | Allow the user process to query the kernel's notion of a maximum | Robert Watson | 2006-08-26 | 2 | -0/+6 |
* | Update kernel OpenBSM parts, especially src/sys/bsm, for the OpenBSM | Robert Watson | 2006-08-26 | 2 | -3/+4 |
* | Remove $P4$ from this file; other then temporarily P4-local work in | Robert Watson | 2006-08-25 | 1 | -1/+0 |
* | Add kqueue support to audit pipe pseudo-devices. | Robert Watson | 2006-08-24 | 1 | -0/+84 |
* | Make mpo_associate_nfsd_label() return void, not int, to match | Robert Watson | 2006-08-06 | 2 | -3/+2 |
* | Remove the NDEVFSINO and NDEVFSOVERFLOW options which no longer exists in | Poul-Henning Kamp | 2006-07-17 | 3 | -3/+0 |
* | Implement mpo_associate_nfsd_label entry point for the BIBA security policy, | Christian S.J. Peron | 2006-07-10 | 1 | -0/+13 |
* | Audit the remaining parameters to the extattr system calls. Generate | Wayne Salamon | 2006-07-06 | 1 | -0/+59 |
* | Correct a number of problems that were previously commented on: | Robert Watson | 2006-07-03 | 2 | -49/+40 |
* | Make the size of the subject32_ex and process32_ex tokens depend on | Wayne Salamon | 2006-06-17 | 1 | -13/+25 |
* | Lock process when copying fields from process structure so as to | Robert Watson | 2006-06-08 | 1 | -3/+2 |
* | Prefer C to C++ comments per style(9). | Robert Watson | 2006-06-08 | 1 | -1/+1 |
* | Extract pointer value for mnt_stat from vp after the NULL check, not | Robert Watson | 2006-06-06 | 1 | -1/+2 |
* | Remove use of Giant around vn_open() in audit trail setup. | Robert Watson | 2006-06-05 | 1 | -15/+10 |
* | When generating BSM tokens for mkfifo(), include mode argument. | Robert Watson | 2006-06-05 | 1 | -1/+6 |
* | When generating the process token, need to check whether the | Robert Watson | 2006-06-05 | 2 | -15/+14 |
* | Consistently use audit_free() to free records, rather than | Robert Watson | 2006-06-05 | 1 | -2/+2 |
* | Introduce support for per-audit pipe preselection independent from the | Robert Watson | 2006-06-05 | 6 | -66/+519 |
* | Shorten audit record zone name. | Robert Watson | 2006-06-05 | 1 | -1/+1 |
* | No longer unconditionally drain the audit record queue if there is | Robert Watson | 2006-06-05 | 1 | -35/+5 |
* | Pull BSM conversion logic out of audit_record_write(), as well as | Robert Watson | 2006-06-05 | 1 | -84/+48 |
* | Assert audit mtx in audit_worker_drain(). | Robert Watson | 2006-06-05 | 1 | -11/+30 |