| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Instrument sysarch() MD privileged I/O access interfaces with a MAC | Robert Watson | 2003-03-06 | 1 | -0/+12 |
| * | Provide a mac_check_system_swapoff() entry point, which permits MAC | Robert Watson | 2003-03-05 | 1 | -0/+14 |
| * | Replace calls to WITNESS_SLEEP() and witness_list() with equivalent calls | John Baldwin | 2003-03-04 | 1 | -2/+3 |
| * | Back out M_* changes, per decision of the TRB. | Warner Losh | 2003-02-19 | 1 | -34/+34 |
| * | Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0. | Alfred Perlstein | 2003-01-21 | 1 | -34/+34 |
| * | Bow to the whining masses and change a union back into void *. Retain | Matthew Dillon | 2003-01-13 | 1 | -4/+4 |
| * | Change struct file f_data to un_data, a union of the correct struct | Matthew Dillon | 2003-01-12 | 1 | -4/+4 |
| * | SCARGS removal take II. | Alfred Perlstein | 2002-12-14 | 1 | -5/+5 |
| * | Backout removal SCARGS, the code freeze is only "selectively" over. | Alfred Perlstein | 2002-12-13 | 1 | -5/+5 |
| * | Remove SCARGS. | Alfred Perlstein | 2002-12-13 | 1 | -5/+5 |
| * | Remove dm_root entry from struct devfs_mount. It's never set, and is | Robert Watson | 2002-12-09 | 1 | -9/+11 |
| * | Un-staticize mac_cred_mmapped_drop_perms() so that it may be used | Robert Watson | 2002-11-26 | 1 | -1/+1 |
| * | Introduce p_label, extensible security label storage for the MAC framework | Robert Watson | 2002-11-20 | 1 | -1/+25 |
| * | Merge kld access control checks from the MAC tree: these access control | Robert Watson | 2002-11-19 | 1 | -0/+46 |
| * | Introduce a condition variable to avoid returning EBUSY when | Robert Watson | 2002-11-13 | 1 | -29/+52 |
| * | Garbage collect mac_create_devfs_vnode() -- it hasn't been used since | Robert Watson | 2002-11-12 | 1 | -7/+0 |
| * | Garbage collect definition of M_MACOPVEC -- we no longer perform a | Robert Watson | 2002-11-11 | 1 | -2/+0 |
| * | Add an explicit execlabel argument to exec-related MAC policy entry | Robert Watson | 2002-11-08 | 1 | -3/+4 |
| * | Bring in two sets of changes: | Robert Watson | 2002-11-05 | 1 | -6/+56 |
| * | Assert that appropriate vnodes are locked in mac_execve_will_transition(). | Robert Watson | 2002-11-05 | 1 | -0/+8 |
| * | Permit MAC policies to instrument the access control decisions for | Robert Watson | 2002-11-04 | 1 | -0/+31 |
| * | Remove mac_cache_fslabel_in_vnode sysctl -- with the new VFS/MAC | Robert Watson | 2002-11-04 | 1 | -6/+0 |
| * | License clarification and wording changes: NAI has approved removal of | Robert Watson | 2002-11-04 | 1 | -7/+4 |
| * | Introduce mac_check_system_settime(), a MAC check allowing policies to | Robert Watson | 2002-11-03 | 1 | -0/+13 |
| * | Add MAC checks for various kenv() operations: dump, get, set, unset, | Robert Watson | 2002-11-01 | 1 | -0/+52 |
| * | Move to C99 sparse structure initialization for the mac_policy_ops | Robert Watson | 2002-10-30 | 1 | -583/+0 |
| * | While 'mode_t' seemed like a good idea for the access mode argument for | Robert Watson | 2002-10-30 | 1 | -3/+3 |
| * | An inappropriate ASSERT slipped in during the recent merge of the | Robert Watson | 2002-10-28 | 1 | -2/+0 |
| * | Centrally manage enforcement of {reboot,swapon,sysctl} using the | Robert Watson | 2002-10-27 | 1 | -13/+9 |
| * | Implement mac_check_system_sysctl(), a MAC Framework entry point to | Robert Watson | 2002-10-27 | 1 | -0/+28 |
| * | Hook up mac_check_system_reboot(), a MAC Framework entry point that | Robert Watson | 2002-10-27 | 1 | -0/+23 |
| * | Merge from MAC tree: rename mac_check_vnode_swapon() to | Robert Watson | 2002-10-27 | 1 | -18/+18 |
| * | Slightly change the semantics of vnode labels for MAC: rather than | Robert Watson | 2002-10-26 | 1 | -486/+90 |
| * | Comment describing the semantics of mac_late. | Robert Watson | 2002-10-25 | 1 | -1/+6 |
| * | Introduce MAC_CHECK_VNODE_SWAPON, which permits MAC policies to | Robert Watson | 2002-10-22 | 1 | -0/+22 |
| * | Missed in previous merge: export sizeof(struct oldmac) rather than | Robert Watson | 2002-10-22 | 1 | -1/+1 |
| * | Support the new MAC user API in kernel: modify existing system calls | Robert Watson | 2002-10-22 | 1 | -169/+917 |
| * | Use if_printf(ifp, "blah") instead of | Brooks Davis | 2002-10-21 | 1 | -2/+1 |
| * | If MAC_MAX_POLICIES isn't defined, don't try to define it, just let the | Robert Watson | 2002-10-20 | 1 | -3/+1 |
| * | Make sure to clear the 'registered' flag for MAC policies when they | Robert Watson | 2002-10-19 | 1 | -0/+1 |
| * | Integrate mac_check_socket_send() and mac_check_socket_receive() | Robert Watson | 2002-10-06 | 1 | -0/+34 |
| * | Sync from MAC tree: break out the single mmap entry point into | Robert Watson | 2002-10-06 | 1 | -18/+63 |
| * | Modify label allocation semantics for sockets: pass in soalloc's malloc | Robert Watson | 2002-10-05 | 1 | -13/+69 |
| * | Integrate a devfs/MAC fix from the MAC tree: avoid a race condition during | Robert Watson | 2002-10-05 | 1 | -0/+13 |
| * | Merge support for mac_check_vnode_link(), a MAC framework/policy entry | Robert Watson | 2002-10-05 | 1 | -0/+30 |
| * | While the MAC API has supported the ability to handle M_NOWAIT passed | Robert Watson | 2002-10-05 | 1 | -3/+11 |
| * | Rearrange object and label init/destroy functions to match the | Robert Watson | 2002-10-05 | 1 | -101/+101 |
| * | Sync to MAC tree: use 'flag' instead of 'how' for mac_init_mbuf(); | Robert Watson | 2002-10-05 | 1 | -3/+3 |
| * | Another big diff, little functional change: move label internalization, | Robert Watson | 2002-10-05 | 1 | -65/+65 |
| * | Move all object label init/destroy routines to the head of the | Robert Watson | 2002-10-05 | 1 | -285/+285 |
