src-test2/sys/security, branch release/5.3.0

src-test2/sys/security, branch release/5.3.0 FreeBSD source tree https://cgit-dev.freebsd.org/src-test2/atom?h=release%2F5.3.0 2004-09-13T20:21:32Z MT5 or whatever: Set the first match ability as the default and remove the 2004-09-13T20:21:32Z Tom Rhodes trhodes@FreeBSD.org 2004-09-13T20:21:32Z urn:sha1:b71457fff5a235598787e215fa64ccd71641c6d5 debugging sysctl. Approved by: re (kensmith) Supported by: rwatson (in email and phone conversation) MT5: 1.20 Allow mac_bsdextended(4) to log policy violations via 2004-08-31T04:50:35Z Tom Rhodes trhodes@FreeBSD.org 2004-08-31T04:50:35Z urn:sha1:756b5e9447dd9de9ffed9bc5050100786c71f358 syslog(3)'s AUTHPRIV facility. Default is disabled but this can be altered with the mac_bsdextended_logging sysctl. Approved by: re (kensmith) MT5: 1.19 The ability to match first rule in place of all rules. 2004-08-31T04:48:04Z Tom Rhodes trhodes@FreeBSD.org 2004-08-31T04:48:04Z urn:sha1:40a8901f07a1a5f97929dfffa7f1dc813e069d9a Add the mac_bsdextended_firstmatch_enabled sysctl to permit the enable/disable of this feature. Default is disabled. Approved by: re (kensmith) This commit was manufactured by cvs2svn to create branch 'RELENG_5'. 2004-08-18T16:37:05Z cvs2svn cvs2svn@FreeBSD.org 2004-08-18T16:37:05Z urn:sha1:3c9270175d1bd3e7d0005e5f843a948f53ae77fb * Add a "how" argument to uma_zone constructors and initialization functions 2004-08-02T00:18:36Z Brian Feldman green@FreeBSD.org 2004-08-02T00:18:36Z urn:sha1:b23f72e98ae8164c07be4b3780a0b83e094844cf so that they know whether the allocation is supposed to be able to sleep or not. * Allow uma_zone constructors and initialation functions to return either success or error. Almost all of the ones in the tree currently return success unconditionally, but mbuf is a notable exception: the packet zone constructor wants to be able to fail if it cannot suballocate an mbuf cluster, and the mbuf allocators want to be able to fail in general in a MAC kernel if the MAC mbuf initializer fails. This fixes the panics people are seeing when they run out of memory for mbuf clusters. * Allow debug.nosleepwithlocks on WITNESS to be disabled, without changing the default. Both bmilekic and jeff have reviewed the changes made to make failable zone allocations work. Introduce SLOT_SET macro and use it in place of casts as lvalues. 2004-07-28T07:01:33Z Alexander Kabaev kan@FreeBSD.org 2004-07-28T07:01:33Z urn:sha1:1477f58850224383c64b156a745f64bdb9dda936 Allow an effective uid of root to bypass mac_bsdextended rules; the MAC 2004-07-23T01:53:28Z Robert Watson rwatson@FreeBSD.org 2004-07-23T01:53:28Z urn:sha1:56c38cd9678533d5ac4be68f1881b434be673ec7 Framework can restrict the root user, but this policy is not intended to support that. Stylish Swiss footwear provided for: trhodes Rename Biba and MLS _single label elements to _effective, which more 2004-07-16T02:03:50Z Robert Watson rwatson@FreeBSD.org 2004-07-16T02:03:50Z urn:sha1:dee57980c51a9a216b3c852db83c9548e954eeb5 accurately represents the intention of the 'single' label element in Biba and MLS labels. It also approximates the use of 'effective' in traditional UNIX credentials, and avoids confusion with 'singlelabel' in the context of file systems. Inspired by: trhodes Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15T08:26:07Z Poul-Henning Kamp phk@FreeBSD.org 2004-07-15T08:26:07Z urn:sha1:3e019deaed5ad0687ea53ed5b5ba3336dc0be3c4 for unknown events. A number of modules return EINVAL in this instance, and I have left those alone for now and instead taught MOD_QUIESCE to accept this as "didn't do anything". Update for the KDB framework: 2004-07-10T21:47:53Z Marcel Moolenaar marcel@FreeBSD.org 2004-07-10T21:47:53Z urn:sha1:32240d082c1c4a67407e39dee68e3e83b5ff2c51 o Call kdb_enter() instead of Debugger().