 Warner Losh
|
685dc743dc
sys: Remove $FreeBSD$: one-line .c pattern
|
hai 1 ano |
 Shivank Garg
|
215bab7924
mac_ipacl: new MAC policy module to limit jail/vnet IP configuration
|
hai 1 ano |
 Justin Hibbits
|
30af2c131b
IfAPI: Add if_get/setmaclabel() and use it.
|
hai 1 ano |
 Gleb Smirnoff
|
08d9c92027
tcp_input/syncache: acquire only read lock on PCB for SYN,!ACK packets
|
%!s(int64=3) %!d(string=hai) anos |
 Robert Watson
|
5c95417dad
When MAC is enabled and a policy module is loaded, don't unconditionally
|
%!s(int64=5) %!d(string=hai) anos |
 Bryan Drewery
|
28323add09
Fix improper use of "its".
|
%!s(int64=7) %!d(string=hai) anos |
 Attilio Rao
|
54366c0bd7
- For kernel compiled only with KDTRACE_HOOKS and not any lock debugging
|
%!s(int64=10) %!d(string=hai) anos |
|
Robert Watson
|
3de4046939
Continue work to optimize performance of "options MAC" when no MAC policy
|
%!s(int64=15) %!d(string=hai) anos |
|
Robert Watson
|
fa76567150
Rename MAC Framework-internal macros used to invoke policy entry points:
|
%!s(int64=15) %!d(string=hai) anos |
|
Robert Watson
|
4020272933
Rework MAC Framework synchronization in a number of ways in order to
|
%!s(int64=15) %!d(string=hai) anos |
|
Robert Watson
|
2087a58ca2
Add static DTrace probes for MAC Framework access control checks and
|
%!s(int64=15) %!d(string=hai) anos |
 Bjoern A. Zeeb
|
37ee72936b
Add mac_inpcb_check_visible MAC Framework entry point, which is similar
|
%!s(int64=16) %!d(string=hai) anos |
|
Robert Watson
|
6356dba0b4
Introduce two related changes to the TrustedBSD MAC Framework:
|
%!s(int64=16) %!d(string=hai) anos |
|
Robert Watson
|
37f44cb428
The TrustedBSD MAC Framework named struct ipq instances 'ipq', which is the
|
%!s(int64=16) %!d(string=hai) anos |
 Christian S.J. Peron
|
1f84ab0f2a
Plug a memory leak which can occur when multiple MAC policies are loaded
|
%!s(int64=16) %!d(string=hai) anos |
|
Robert Watson
|
211b72ad2f
When propagating a MAC label from an inpcb to an mbuf, allow read and
|
%!s(int64=16) %!d(string=hai) anos |
|
Robert Watson
|
8501a69cc9
Convert pcbinfo and inpcb mutexes to rwlocks, and modify macros to
|
%!s(int64=16) %!d(string=hai) anos |
|
Robert Watson
|
a13e21f7bc
Continue to move from generic network entry points in the TrustedBSD MAC
|
%!s(int64=17) %!d(string=hai) anos |
|
Robert Watson
|
b9b0dac33b
Move towards more explicit support for various network protocol stacks
|
%!s(int64=17) %!d(string=hai) anos |
|
Robert Watson
|
8640764682
Rename 'mac_mbuf_create_from_firewall' to 'mac_netinet_firewall_send' as
|
%!s(int64=17) %!d(string=hai) anos |
|
Robert Watson
|
02be6269c3
Normalize TCP syncache-related MAC Framework entry points to match most
|
%!s(int64=17) %!d(string=hai) anos |
|
Robert Watson
|
30d239bc4c
Merge first in a series of TrustedBSD MAC Framework KPI changes
|
%!s(int64=17) %!d(string=hai) anos |
|
Robert Watson
|
26ae2b86b6
Normalize variable naming in the MAC Framework by adopting the normal
|
%!s(int64=17) %!d(string=hai) anos |
|
Robert Watson
|
c96ae1968a
Continue 7-CURRENT MAC Framework rearrangement and cleanup:
|
%!s(int64=17) %!d(string=hai) anos |
|
Robert Watson
|
c982ffa42a
In mac_inpcb_sosetlabel(), assert the socket lock rather than commenting
|
%!s(int64=17) %!d(string=hai) anos |
|
Robert Watson
|
0efd6615cd
Move src/sys/sys/mac_policy.h, the kernel interface between the MAC
|
%!s(int64=18) %!d(string=hai) anos |
|
Robert Watson
|
e66fe0e1db
Remove mac_enforce_subsystem debugging sysctls. Enforcement on
|
%!s(int64=18) %!d(string=hai) anos |
|
Robert Watson
|
95c8c170f3
Re-wrap comment at 77 character columns.
|
%!s(int64=18) %!d(string=hai) anos |
|
Christian S.J. Peron
|
826cef3d75
Fix LOR between the syncache and inpcb locks when MAC is present in the
|
%!s(int64=18) %!d(string=hai) anos |
|
Robert Watson
|
aed5570872
Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h
|
%!s(int64=18) %!d(string=hai) anos |
