src/sys/security/mac_seeotheruids, branch main FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=main 2024-12-16T14:42:28Z MAC: mac_policy.h: Declare common MAC sysctl and jail parameters' nodes 2024-12-16T14:42:28Z Olivier Certner olce@FreeBSD.org 2024-07-04T14:08:20Z urn:sha1:db33c6f3ae9d1231087710068ee4ea5398aacca7 Do this only when the headers for these functionalities were included prior to this one. Indeed, if they need to be included, style(9) mandates they should have been so before this one. Remove the common MAC sysctl declaration from <security/mac/mac_internal.h>, as it is now redundant (all its includers also include <security/mac/mac_policy.h>). Remove local such declarations from all policies' files. Reviewed by: jamie Approved by: markj (mentor) MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46903 sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16T17:54:11Z Warner Losh imp@FreeBSD.org 2023-08-16T17:54:11Z urn:sha1:95ee2897e98f5d444f26ed2334cc7c439f9c16c6 Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/ Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26T14:26:36Z Pawel Biernacki kaktus@FreeBSD.org 2020-02-26T14:26:36Z urn:sha1:7029da5c36f2d3cf6bb6c81bf551229f416399e8 r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are still not MPSAFE (or already are but aren’t properly marked). Use it in preparation for a general review of all nodes. This is non-functional change that adds annotations to SYSCTL_NODE and SYSCTL_PROC nodes using one of the soon-to-be-required flags. Mark all obvious cases as MPSAFE. All entries that haven't been marked as MPSAFE before are by default marked as NEEDGIANT Approved by: kib (mentor, blanket) Commented by: kib, gallatin, melifaro Differential Revision: https://reviews.freebsd.org/D23718 Remove unused argument to priv_check_cred. 2018-12-11T19:32:16Z Mateusz Guzik mjg@FreeBSD.org 2018-12-11T19:32:16Z urn:sha1:cc426dd31990b8b50b210efc450e404596548ca1 Patch mostly generated with cocinnelle: @@ expression E1,E2; @@ - priv_check_cred(E1,E2,0) + priv_check_cred(E1,E2) Sponsored by: The FreeBSD Foundation Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs. 2011-11-07T15:43:11Z Ed Schouten ed@FreeBSD.org 2011-11-07T15:43:11Z urn:sha1:6472ac3d8a86336899b6cfb789a4cd9897e3fab5 The SYSCTL_NODE macro defines a list that stores all child-elements of that node. If there's no SYSCTL_DECL macro anywhere else, there's no reason why it shouldn't be static. sysctl(9) cleanup checkpoint: amd64 GENERIC builds cleanly. 2011-01-12T19:54:14Z Matthew D Fleming mdf@FreeBSD.org 2011-01-12T19:54:14Z urn:sha1:123d2cb7e93fe24ee075a1e3b52ba42bfeff8862 Commit the security directory. Rather than having MAC policies explicitly declare what object types 2009-01-10T10:58:41Z Robert Watson rwatson@FreeBSD.org 2009-01-10T10:58:41Z urn:sha1:9162f64b58d01ec01481d60b6cdc06ffd8e8c7fc they label, derive that information implicitly from the set of label initializers in their policy operations set. This avoids a possible class of programmer errors, while retaining the structure that allows us to avoid allocating labels for objects that don't need them. As before, we regenerate a global mask of labeled objects each time a policy is loaded or unloaded, stored in mac_labeled. Discussed with: csjp Suggested by: Jacques Vidrine <nectar at apple.com> Obtained from: TrustedBSD Project Sponsored by: Apple, Inc. Add a mac_inpcb_check_visible implementation to all MAC policies 2008-10-17T15:11:12Z Bjoern A. Zeeb bz@FreeBSD.org 2008-10-17T15:11:12Z urn:sha1:7fb179ba7e6d3d82bddcd292bad1e1b7b4aef95e that handle mac_socket_check_visible. Reviewed by: rwatson MFC after: 3 months (set timer; decide then) Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23T15:26:36Z Robert Watson rwatson@FreeBSD.org 2008-08-23T15:26:36Z urn:sha1:6356dba0b403daa023dec24559ab1f8e602e4f14 (1) Abstract interpreter vnode labeling in execve(2) and mac_execve(2) so that the general exec code isn't aware of the details of allocating, copying, and freeing labels, rather, simply passes in a void pointer to start and stop functions that will be used by the framework. This change will be MFC'd. (2) Introduce a new flags field to the MAC_POLICY_SET(9) interface allowing policies to declare which types of objects require label allocation, initialization, and destruction, and define a set of flags covering various supported object types (MPC_OBJECT_PROC, MPC_OBJECT_VNODE, MPC_OBJECT_INPCB, ...). This change reduces the overhead of compiling the MAC Framework into the kernel if policies aren't loaded, or if policies require labels on only a small number or even no object types. Each time a policy is loaded or unloaded, we recalculate a mask of labeled object types across all policies present in the system. Eliminate MAC_ALWAYS_LABEL_MBUF option as it is no longer required. MFC after: 1 week ((1) only) Reviewed by: csjp Obtained from: TrustedBSD Project Sponsored by: Apple, Inc. Resort TrustedBSD MAC Framework policy entry point implementations and 2007-10-29T13:33:06Z Robert Watson rwatson@FreeBSD.org 2007-10-29T13:33:06Z urn:sha1:eb320b0ee7503d0bf2b7c0ecdc59c2d82cf301d0 declarations to match the object, operation sort order in the framework itself. Obtained from: TrustedBSD Project