Age | Commit message (Collapse) | Author | |
---|---|---|---|
2005-04-23 | -c option may take either integer or name, not just integer; | Jason McIntyre | |
diff from ray; ok sturm@ | |||
2004-02-01 | make documentation of cradle mode (-C) clearer, and give an example of why | Jason McIntyre | |
it might be used; mostly based on sturm@'s explanation when i hassled him about it, and committed by niels@ to main systrace repository; | |||
2004-01-23 | support for cradle mode by marius at monkey.org; cradle mode allows the | Nikolay Sturm | |
systrace UI to be attached and re-attached, it also multiplexes across systrace process so that one UI can function as central notification from provos@, ok markus@ | |||
2004-01-07 | new command line option allows logging to stderr instead of syslog | Nikolay Sturm | |
"looks good" provos@, ok markus@ | |||
2003-11-20 | hyphenise compound adjective; from Jared Yanovich; | Jason McIntyre | |
2003-09-04 | - use .Bk/.Ek | Jason McIntyre | |
- kill bogus -offsets - escape `-' - .Ev for environment variables | |||
2003-08-20 | spelling; e@molioner.dk | Theo de Raadt | |
2003-07-19 | - sync with NetBSD or Niels' tarball where appropriate | Nikolay Sturm | |
- keeps local changes - fixes a bug in profile feedback optimization and avoids symbol conflicts with errno - new feature: "ask" action itojun@ ok | |||
2003-05-29 | >permit numberic values for uid and gid; allow "<" and ">" for less and | Jun-ichiro itojun Hagino | |
>greate; requested by dugsong@, strum ok | |||
2003-03-28 | little cleanup; | Jason McIntyre | |
systrace(1) ok provos@ | |||
2002-12-09 | Restriction that -c args must be numeric. Motivation on privilege elevation. | Ian Darwin | |
Environment variables (HOME,USER,CWD). File name details. Style fixes. ok provos@ | |||
2002-12-09 | add support for regular expressions and pidname translations. from provos | Jun-ichiro itojun Hagino | |
2002-10-31 | typo, reported by avsm@openbsd | Jun-ichiro itojun Hagino | |
2002-10-16 | support for privilege elevation. | Jun-ichiro itojun Hagino | |
with privilege elevation no suid or sgid binaries are necessary any longer. Applications can be executed completely unprivileged. Systrace raises the privileges for a single system call depending on the configured policy. Idea from discussions with Perry Metzger, Dug Song and Marcus Watts. from provos | |||
2002-08-05 | allow to specify an alternate directory for policy loading and writing | Niels Provos | |
2002-08-04 | keep track of ppid and allow matching rules to be logged via syslog. | Niels Provos | |
2002-07-31 | bring in doc updates from netbsd. niels ok | Jun-ichiro itojun Hagino | |
2002-07-30 | obey section order to mandoc. sync with netbsd. | Jun-ichiro itojun Hagino | |
2002-07-30 | use Nm | Jun-ichiro itojun Hagino | |
2002-07-16 | internal uid/gid tracking. permit can not detach systrace, useful for | Niels Provos | |
sshd. | |||
2002-07-09 | support for system call aliasing. stat/fstat/readlink/access etc... gets | Niels Provos | |
grouped into fsread, unlink/rmdir/mkdir goes to fswrite. open switches back between fsread and fswrite depending on oflags parameter. | |||
2002-06-21 | No .Pp before .Sh; from wiz@danbala.ifoer.tuwien.ac.at | Niels Provos | |
2002-06-21 | change BUGS section to mention that only clone is a problem now. | Niels Provos | |
2002-06-20 | mention shared memory races in bugs section. | Niels Provos | |
2002-06-18 | KNF | Theo de Raadt | |
2002-06-13 | explain filter operands | Niels Provos | |
2002-06-10 | document -p | Niels Provos | |
2002-06-09 | knf | Todd T. Fries | |
2002-06-07 | explain about permit[inherit] for execve | Niels Provos | |
2002-06-05 | append predicate, instead of prepending. makes rules sortable again. | Niels Provos | |
pointed out by dugsong@ | |||
2002-06-05 | support simple predicates to prefix rules. Allows global policies to be | Niels Provos | |
different for different users. | |||
2002-06-05 | stab at describing grammar | Niels Provos | |
2002-06-05 | introduce an automatic policy generation mode. it creates a policy based | Niels Provos | |
on what the application tries to do. the policy can be refined further on. | |||
2002-06-05 | My turn to help: | Mike Pechkin | |
o) start new sentence on a new line; | |||
2002-06-04 | document | Niels Provos | |
2002-06-04 | proper copyright | Niels Provos | |
2002-06-04 | files section | Niels Provos | |
2002-06-04 | add flag to ignore user specified policies | Niels Provos | |
2002-06-04 | spelling | Todd T. Fries | |
2002-06-04 | document | Niels Provos | |
2002-06-04 | first stab at man page. | Niels Provos | |