src - FreeBSD source tree

	Commit message (Collapse)	Author	Age	Files	Lines
*	lib: Automated cleanup of cdefs and other formatting	Warner Losh	2023-11-27	2	-2/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Apply the following automated changes to try to eliminate no-longer-needed sys/cdefs.h includes as well as now-empty blank lines in a row. Remove /^#if.\n#endif.\n#include\s+<sys/cdefs.h>.\n/ Remove /\n+#include\s+<sys/cdefs.h>.\n+#if.\n#endif.\n+/ Remove /\n+#if.\n#endif.\n+/ Remove /^#if.\n#endif.\n/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/ Sponsored by: Netflix
*	Add mac_grantbylabel	Simon J. Gerraty	2023-08-25	5	-25/+450
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This module allows controlled privilege escallation via mac labels securely associated with a process via mac_veriexec. There are over 700 PRIV_* but we can compress many of them into a single GBL_* thus constraining the size of gbl labels. The goal is to allow a daemon to run as an unprivileged process while still being able a set of privileged operations needed. We add APIs to libveriexec so that userland processes can check labels and an exec_script API that allows a suitably labeled process to run something like a python interpreter directly if necessary; overcomming the 'indirect' flag applied to the interpreter. Add -l option to sbin/veriexec to report labels. Reviewed by: stevek Sponsored by: Juniper Networks, Inc. Differential Revision: https://reviews.freebsd.org/D41431
*	Remove $FreeBSD$: two-line nroff pattern	Warner Losh	2023-08-16	1	-2/+0
\| \| \| \|	Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
*	Remove $FreeBSD$: one-line sh pattern	Warner Losh	2023-08-16	2	-2/+0
\| \| \| \|	Remove /^\s#[#!]?\s\$FreeBSD\$.*$\n/
*	Remove $FreeBSD$: one-line .c pattern	Warner Losh	2023-08-16	1	-1/+0
\| \| \| \|	Remove /^[\s]__FBSDID$"\$FreeBSD\$"$;?\s*\n/
*	libveriexec: add function to check a label based on a path	Steve Kiernan	2023-04-17	2	-1/+31
\| \| \| \| \| \| \| \|	veriexec_check_path_label() can be used to check if a specified path has a label associated with it that contains the what we want. Obtained from: Juniper Networks, Inc.
*	veriexec: Additional functionality for MAC/veriexec	Steve Kiernan	2023-04-17	3	-1/+195
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Ensure veriexec opens the file before doing any read operations. When the MAC_VERIEXEC_CHECK_PATH_SYSCALL syscall is requested, veriexec needs to open the file before calling mac_veriexec_check_vp. This is to ensure any set up is done by the file system. Most file systems do not explicitly need an open, but some (e.g. virtfs) require initialization of access tokens (file identifiers, etc.) before doing any read or write operations. The evaluate_fingerprint() function needs to ensure it has an open file for reading in order to evaluate the fingerprint. The ideal solution is to have a hook after the VOP_OPEN call in vn_open. For now, we open the file for reading, envaluate the fingerprint, and close the file. While this leaves a potential hole that could possibly be taken advantage of by a dedicated aversary, this code path is not typically visited often in our use cases, as we primarily encounter verified mounts and not individual files. This should be considered a temporary workaround until discussions about the post-open hook have concluded and the hook becomes available. Add MAC_VERIEXEC_GET_PARAMS_PATH_SYSCALL and MAC_VERIEXEC_GET_PARAMS_PID_SYSCALL to mac_veriexec_syscall so we can fetch and check label contents in an unconstrained manner. Add a check for PRIV_VERIEXEC_CONTROL to do ioctl on /dev/veriexec Make it clear that trusted process cannot be debugged. Attempts to debug a trusted process already fail, but the failure path is very obscure. Add an explicit check for VERIEXEC_TRUSTED in mac_veriexec_proc_check_debug. We need mac_veriexec_priv_check to not block PRIV_KMEM_WRITE if mac_priv_gant() says it is ok. Reviewed by: sjg Obtained from: Juniper Networks, Inc.
*	veriexec: Add SPDX-License-Identifier	Stephen J. Kiernan	2023-04-17	2	-4/+4
\|
*	Do not claim libbearssl et al are INTERNALLIB	Simon J. Gerraty	2020-04-01	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \|	If INTERNALLIB is defined we need PIE and bsd.incs.mk is not included. PR: 245189 Reviewed by: emaste MFC after: 1 week Differential Revision: https://reviews.freebsd.org//D24233 Notes: svn path=/head/; revision=359502
*	Update Makefile.depend files	Simon J. Gerraty	2019-12-11	1	-0/+16
\| \| \| \| \| \| \| \| \| \| \| \| \|	Update a bunch of Makefile.depend files as a result of adding Makefile.depend.options files Reviewed by: bdrewery MFC after: 1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D22494 Notes: svn path=/head/; revision=355617
*	This library allows for user space applications to check file descriptors	Stephen J. Kiernan	2018-06-20	4	-0/+262
	or paths to see if they can be verified by MAC/veriexec. Reviewed by: jtl, wblock Obtained from: Juniper Networks, Inc. Differential Revision: https://reviews.freebsd.org/D8562 Notes: svn path=/head/; revision=335401