Age | Commit message (Expand) | Author |
2024-04-05 | noone calls msyscall() anymore. | Theo de Raadt |
2024-03-28 | Delete pinsyscall(2) [which was specific only to SYS_execve] now | Theo de Raadt |
2024-03-22 | pledge: Allow the AUDIO_GETDEV ioctl in "audio" | Alexandre Ratchov |
2023-12-12 | put pinsyscalls(2) into the "always" group | Theo de Raadt |
2023-09-29 | Extend single_thread_set() mode with additional flag attributes. | Claudio Jeker |
2023-09-19 | Before coredump or in pledge_fail use SINGLE_UNWIND to stop all threads. | Claudio Jeker |
2023-08-20 | Add kqueue1() system call | Visa Hankala |
2023-06-02 | pledge(2): stdio: permit restricted profil(2) for moncontrol(3) | Scott Soule Cheloha |
2023-05-19 | Since waitid(2) shares code with wait4(2) and doesn't expose any | Philip Guenther |
2023-02-19 | Make pinsyscall(2) always available for pledged processes. Needed by pledge | Anton Lindqvist |
2023-02-11 | non-padded 64-bit system calls arrived 2021/12/23, over a year ago. | Theo de Raadt |
2023-01-07 | Add {get,set}thrname(2) for putting thread names in the kernel and | Philip Guenther |
2022-12-23 | wrap a line better | Theo de Raadt |
2022-12-05 | zap a pile of dangling tabs | Theo de Raadt |
2022-11-10 | fix build after 1.298 | Jonathan Gray |
2022-11-09 | Some limited setsockopt/getsockopt are allowed in pledge "stdio". | Theo de Raadt |
2022-11-08 | allow the KERN_AUTOCONF_SERIAL sysctl in pledge'd processes | Robert Nagy |
2022-10-07 | Add mimmutable(2) system call which locks the permissions (PROT_*) of | Theo de Raadt |
2022-09-05 | Pledge sendmmsg and recvmmsg with stdio similar to their non-loop | Moritz Buhl |
2022-08-14 | remove unneeded includes in sys/kern | Jonathan Gray |
2022-08-11 | Add TCP_INFO support to getsockopt for tcp sessions. | Claudio Jeker |
2022-08-08 | Before ypconnect(2) addition, "getpw" was a horrible "hole" that triggered | Theo de Raadt |
2022-08-02 | some ports bootstraps, and go internals, need a bit more time to adapt | Theo de Raadt |
2022-07-18 | Restrict pledge("vminfo") callers to read-only swapctl(2) operations. | Jeremie Courreges-Anglas |
2022-07-18 | Delete the YPACTIVE toggling code when "getpw" code access/open are done to | Theo de Raadt |
2022-07-17 | backout last step: the path checks are too strong until everyone has a | Theo de Raadt |
2022-07-17 | the PLEDGE_YPACTIVE "hack" bit related to "getpw" pledge goes away. libc | Theo de Raadt |
2022-07-15 | Allow ypconnect() in "getpw" | Theo de Raadt |
2022-06-30 | Allow sysctl mib CTL_NET.PF_INET6 with a length of 3 in PLEDGE_VMINFO. | Claudio Jeker |
2022-06-29 | Unlock the pledge(2) system call | Jeremie Courreges-Anglas |
2022-06-29 | Use READ_ONCE() when saving pr->ps_pledge to a local variable | Jeremie Courreges-Anglas |
2022-06-26 | allow HW_USERMEM64 in sysctl pledge | Jonathan Gray |
2022-03-25 | add an exception to the CPU_ID_AA64ISAR0 in pledged applications so that | Robert Nagy |
2022-02-25 | add setrtable to pledge("id"). from Matthew Martin | Ted Unangst |
2022-02-04 | whitelist resolv.conf for stat. go dns library does this. | Ted Unangst |
2022-01-20 | initial support for drm sync files, fences associated with file | Jonathan Gray |
2021-12-23 | Roll the syscalls that have an off_t argument to remove the explicit padding. | Philip Guenther |
2021-11-15 | Copy p_p->ps_pledge into a local variable (called pledge) in every function | Theo de Raadt |
2021-06-29 | remove arch ifdefs around drm.h include | Jonathan Gray |
2021-06-26 | Add powerpc64 and riscv64 to the list of architectures that have DRM. | Mark Kettenis |
2021-06-09 | unveil: small cleanup for UNVEIL_INSPECT | Sebastien Marie |
2021-04-30 | When terminating via pledge_fail() stop all threads, before issuing a | Theo de Raadt |
2021-03-25 | Permit kern.somaxconn when the unix pledge is used. Previously this was only | Aaron Bieber |
2021-02-03 | Add SIOCAIFADDR_IN and SIOCDIFADDR_IN to the wroute pledge | tobhe |
2021-01-20 | If pledge "wroute" is missing for setsockopt SO_RTABLE, print failure | Alexander Bluhm |
2021-01-19 | /etc/malloc.conf path-approval in pledge is no longer needed since 6.5 | Theo de Raadt |
2020-10-29 | Add feature to force the selection of source IP address | denis |
2020-09-16 | Move duplicated code to send an uncatchable SIGABRT into a function. | Martin Pieuchot |
2020-09-16 | put HW_PHYSMEM64 case under CTL_HW not CTL_KERN | Jonathan Gray |
2020-09-16 | As discovered by kettenis, recent mesa wants sysctl hw.physmem64, and | Theo de Raadt |