aboutsummaryrefslogtreecommitdiff
path: root/sys/security
Commit message (Expand)AuthorAgeFilesLines
...
* MAC/do: Better parsing for IDs (strtoui_strict())Olivier Certner2024-12-161-6/+49
* MAC/do: 'struct rule': IDs and types as 'u_int', rename fieldsOlivier Certner2024-12-161-59/+43
* MAC/do: parse_rule_element(): Bug in parsing the origin IDOlivier Certner2024-12-161-1/+1
* MAC/do: parse_rule_element(): Style, more clarityOlivier Certner2024-12-161-5/+9
* MAC/do: jail_check()/jail_set(): RevampOlivier Certner2024-12-161-17/+111
* MAC/do: Fix jail_get() (PR_METHOD_GET)Olivier Certner2024-12-161-4/+10
* MAC/do: Sysctl knobs/jail parameters under MAC's common nodesOlivier Certner2024-12-161-10/+8
* MAC/do: Prefix internal functions used as hooks/callbacksOlivier Certner2024-12-161-12/+12
* MAC/do: Re-order jail methods more logically, renameOlivier Certner2024-12-161-42/+45
* MAC/do: parse_rule_element(): Fix a panic, harden, simplifyOlivier Certner2024-12-161-15/+23
* MAC/do: Move destroy() to a better placeOlivier Certner2024-12-161-6/+6
* MAC/do: Remove the 'prison0' special cases in the common pathsOlivier Certner2024-12-161-17/+10
* MAC/do: Enable changing 'security.mac.do.rules' from a jailOlivier Certner2024-12-161-1/+1
* MAC/do: sysctl_rules(): Set the requesting's thread's jail's rulesOlivier Certner2024-12-161-2/+4
* MAC/do: sysctl_rules(): Always copy the rules specification stringOlivier Certner2024-12-161-14/+6
* MAC/do: Remove PR_METHOD_REMOVE methodOlivier Certner2024-12-161-17/+15
* MAC/do: Allocate/deallocate rules as a wholeOlivier Certner2024-12-161-98/+75
* MAC/do: Factor out setting/destroying rule structuresOlivier Certner2024-12-161-79/+156
* MAC/do: find_rules(): Clarify the contractOlivier Certner2024-12-161-8/+16
* MAC/do: Use prison_lock()/prison_unlock()Olivier Certner2024-12-161-23/+23
* MAC/do: Rename internal mac_do_rule_find() => find_rules()Olivier Certner2024-12-161-8/+8
* MAC/do: Rename private struct 'mac_do_rule' => 'rules'Olivier Certner2024-12-161-14/+14
* MAC/do: Rename rule_is_valid() => rule_applies()Olivier Certner2024-12-161-3/+3
* MAC/do: parse_rules(): Copy input string on its ownOlivier Certner2024-12-161-14/+13
* MAC/do: Sort header inclusionsOlivier Certner2024-12-161-2/+2
* MAC: syscalls: mac_label_copyin(): 32-bit compatibilityOlivier Certner2024-12-162-6/+51
* MAC: syscalls: Split mac_set_proc() into reusable piecesOlivier Certner2024-12-162-20/+128
* MAC: syscalls: Factor out common label copy-in codeOlivier Certner2024-12-161-118/+83
* MAC: mac_policy.h: Declare common MAC sysctl and jail parameters' nodesOlivier Certner2024-12-1618-38/+15
* MAC: Define a common 'mac' node for MAC's jail parametersOlivier Certner2024-12-161-0/+6
* MAC: 'kernel_mac_support' module: Make an outdated comment more genericOlivier Certner2024-12-161-1/+1
* kern: Make fileops and filterops tables const where possibleMark Johnston2024-11-261-1/+1
* mac_bsdextended: Remove \n from sysctl descriptionsEd Maste2024-11-211-3/+3
* cred: kern_setgroups(): Internally use int as number of groups' typeOlivier Certner2024-11-022-5/+5
* mac_do(4): Enhance GID rule validation to check all groups in cr_groupsLi-Wen Hsu2024-10-281-2/+2
* MAC: improve handling of listening socketsMichael Tuexen2024-09-262-6/+14
* MAC: improve consistency in error handlingMichael Tuexen2024-09-261-0/+1
* mac_veriexec_parser: Fix open_file error handlingHeyang Zhou2024-09-201-2/+1
* procfs require PRIV_PROC_MEM_WRITE to write memSimon J. Gerraty2024-09-192-0/+3
* MAC/do: allow to call setuid if real user id is 0Baptiste Daroussin2024-05-231-1/+1
* mac_do: add a new MAC/do policy and mdo(1) utilityBaptiste Daroussin2024-05-221-0/+545
* sys: Automated cleanup of cdefs and other formattingWarner Losh2023-11-2718-18/+0
* Remove gratuitous copyouts of unchanged struct mac.Brooks Davis2023-11-134-9/+10
* veriexec: Simplify the initialization of loader tunableZhenlei Huang2023-11-031-6/+2
* cr_canseejailproc(): New privilege, no direct check for UID 0Olivier Certner2023-09-282-0/+2
* mac_ipacl: Use IfAPIJustin Hibbits2023-08-251-4/+4
* Add mac_grantbylabelSimon J. Gerraty2023-08-252-0/+569
* sys: Remove $FreeBSD$: one-line .c patternWarner Losh2023-08-1635-70/+0
* sys: Remove $FreeBSD$: two-line .h patternWarner Losh2023-08-1628-56/+0
* mac_ipacl: new MAC policy module to limit jail/vnet IP configurationShivank Garg2023-07-265-0/+496
generated by cgit v1.3 (git 2.53.0) at 2026-03-28 14:22:59 +0000