summaryrefslogtreecommitdiff
path: root/sys/kern/kern_pledge.c
AgeCommit message (Expand)Author
2024-06-03avoid shadowing a local variable in a lower scopeTheo de Raadt
2024-06-02pledge, MAP_STACK, and pinsyscall failures have been providing failureTheo de Raadt
2024-05-18Add pathconfat(2): pathconf(2) but with at-fd and flags arguments,Philip Guenther
2024-04-05noone calls msyscall() anymore.Theo de Raadt
2024-03-28Delete pinsyscall(2) [which was specific only to SYS_execve] nowTheo de Raadt
2024-03-22pledge: Allow the AUDIO_GETDEV ioctl in "audio"Alexandre Ratchov
2023-12-12put pinsyscalls(2) into the "always" groupTheo de Raadt
2023-09-29Extend single_thread_set() mode with additional flag attributes.Claudio Jeker
2023-09-19Before coredump or in pledge_fail use SINGLE_UNWIND to stop all threads.Claudio Jeker
2023-08-20Add kqueue1() system callVisa Hankala
2023-06-02pledge(2): stdio: permit restricted profil(2) for moncontrol(3)Scott Soule Cheloha
2023-05-19Since waitid(2) shares code with wait4(2) and doesn't expose anyPhilip Guenther
2023-02-19Make pinsyscall(2) always available for pledged processes. Needed by pledgeAnton Lindqvist
2023-02-11non-padded 64-bit system calls arrived 2021/12/23, over a year ago.Theo de Raadt
2023-01-07Add {get,set}thrname(2) for putting thread names in the kernel andPhilip Guenther
2022-12-23wrap a line betterTheo de Raadt
2022-12-05zap a pile of dangling tabsTheo de Raadt
2022-11-10fix build after 1.298Jonathan Gray
2022-11-09Some limited setsockopt/getsockopt are allowed in pledge "stdio".Theo de Raadt
2022-11-08allow the KERN_AUTOCONF_SERIAL sysctl in pledge'd processesRobert Nagy
2022-10-07Add mimmutable(2) system call which locks the permissions (PROT_*) ofTheo de Raadt
2022-09-05Pledge sendmmsg and recvmmsg with stdio similar to their non-loopMoritz Buhl
2022-08-14remove unneeded includes in sys/kernJonathan Gray
2022-08-11Add TCP_INFO support to getsockopt for tcp sessions.Claudio Jeker
2022-08-08Before ypconnect(2) addition, "getpw" was a horrible "hole" that triggeredTheo de Raadt
2022-08-02some ports bootstraps, and go internals, need a bit more time to adaptTheo de Raadt
2022-07-18Restrict pledge("vminfo") callers to read-only swapctl(2) operations.Jeremie Courreges-Anglas
2022-07-18Delete the YPACTIVE toggling code when "getpw" code access/open are done toTheo de Raadt
2022-07-17backout last step: the path checks are too strong until everyone has aTheo de Raadt
2022-07-17the PLEDGE_YPACTIVE "hack" bit related to "getpw" pledge goes away. libcTheo de Raadt
2022-07-15Allow ypconnect() in "getpw"Theo de Raadt
2022-06-30Allow sysctl mib CTL_NET.PF_INET6 with a length of 3 in PLEDGE_VMINFO.Claudio Jeker
2022-06-29Unlock the pledge(2) system callJeremie Courreges-Anglas
2022-06-29Use READ_ONCE() when saving pr->ps_pledge to a local variableJeremie Courreges-Anglas
2022-06-26allow HW_USERMEM64 in sysctl pledgeJonathan Gray
2022-03-25add an exception to the CPU_ID_AA64ISAR0 in pledged applications so thatRobert Nagy
2022-02-25add setrtable to pledge("id"). from Matthew MartinTed Unangst
2022-02-04whitelist resolv.conf for stat. go dns library does this.Ted Unangst
2022-01-20initial support for drm sync files, fences associated with fileJonathan Gray
2021-12-23Roll the syscalls that have an off_t argument to remove the explicit padding.Philip Guenther
2021-11-15Copy p_p->ps_pledge into a local variable (called pledge) in every functionTheo de Raadt
2021-06-29remove arch ifdefs around drm.h includeJonathan Gray
2021-06-26Add powerpc64 and riscv64 to the list of architectures that have DRM.Mark Kettenis
2021-06-09unveil: small cleanup for UNVEIL_INSPECTSebastien Marie
2021-04-30When terminating via pledge_fail() stop all threads, before issuing aTheo de Raadt
2021-03-25Permit kern.somaxconn when the unix pledge is used. Previously this was onlyAaron Bieber
2021-02-03Add SIOCAIFADDR_IN and SIOCDIFADDR_IN to the wroute pledgetobhe
2021-01-20If pledge "wroute" is missing for setsockopt SO_RTABLE, print failureAlexander Bluhm
2021-01-19/etc/malloc.conf path-approval in pledge is no longer needed since 6.5Theo de Raadt
2020-10-29Add feature to force the selection of source IP addressdenis