src/sys/security, branch releng/8.1

Merge r204581 from head to stable/8:

2010-05-31T22:27:08Z

Update device-labeling logic for Biba, LOMAC, and MLS to recognize new-style pts devices when various policy ptys_equal flags are enabled. Submitted by: Estella Mystagic Approved by: re (kib)

MFC r201438:

2010-03-27T15:05:06Z

Make mac_lomac(4) able to interpret NFSv4 access bits. Reviewed by: rwatson

MFC r202143,202163,202341,202342,204278

2010-02-24T22:16:16Z

Replace the static NGROUPS=NGROUPS_MAX+1=1024 with a dynamic kern.ngroups+1. kern.ngroups can range from NGROUPS_MAX=1023 to somewhere in the neighborhood of INT_MAX/4 one a system with sufficent RAM and memory bandwidth. Given that the Windows group limit is 1024, this range should be sufficient for most applications r202342: Only allocate the space we need before calling kern_getgroups instead of allocating what ever the user asks for up to "ngroups_max + 1". On systems with large values of kern.ngroups this will be more efficient. The now redundant check that the array is large enough in kern_getgroups() is deliberate to allow this change to be merged to stable/8 without breaking potential third party consumers of the API.

Merge r196122 from head to stable/8:

2009-08-13T15:01:50Z

Correctly audit real gids following changes to the audit record argument interface. Approved by: re (kib)

Eliminate ARG_UPATH[12] arguments to AUDIT_ARG_UPATH() and instead

2009-07-29T07:44:43Z

provide specific macros, AUDIT_ARG_UPATH1() and AUDIT_ARG_UPATH2() to capture path information for audit records. This allows us to move the definitions of ARG_* out of the public audit header file, as they are an implementation detail of our current kernel-internal audit record, which may change. Approved by: re (kensmith) Obtained from: TrustedBSD Project MFC after: 1 month

Rework vnode argument auditing to follow the same structure, in order

2009-07-28T21:52:24Z

to avoid exposing ARG_ macros/flag values outside of the audit code in order to name which one of two possible vnodes will be audited for a system call. Approved by: re (kib) Obtained from: TrustedBSD Project MFC after: 1 month

Audit file descriptors passed to fooat(2) system calls, which are used

2009-07-28T21:39:58Z

instead of the root/current working directory as the starting point for lookups. Up to two such descriptors can be audited. Add audit record BSM encoding for fooat(2). Note: due to an error in the OpenBSM 1.1p1 configuration file, a further change is required to that file in order to fix openat(2) auditing. Approved by: re (kib) Reviewed by: rdivacky (fooat(2) portions) Obtained from: TrustedBSD Project MFC after: 1 month

Import OpenBSM 1.1p1 from vendor branch to 8-CURRENT, populating

2009-07-17T14:02:20Z

contrib/openbsm and a subset also imported into sys/security/audit. This patch release addresses several minor issues: - Fixes to AUT_SOCKUNIX token parsing. - IPv6 support for au_to_me(3). - Improved robustness in the parsing of audit_control, especially long flags/naflags strings and whitespace in all fields. - Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM error number space. MFC after: 3 weeks Obtained from: TrustedBSD Project Sponsored by: Apple, Inc. Approved by: re (kib)

Create audit records for AUE_POSIX_OPENPT, currently w/o arguments.

2009-07-02T16:33:38Z

Approved by: re (audit argument blanket)

Fix comment misthink.

2009-07-02T09:50:13Z

Submitted by: b. f. Approved by: re (audit argument blanket) MFC after: 1 week