| Age | Commit message (Expand) | Author |
|---|
| 2024-10-06 | remove unused DEBUG_PLEDGE lines; ok deraadt@ | Jonathan Gray |
| 2024-09-24 | for sysctl on arm64, handle CPU_ID_AA64ISAR1 same as CPU_ID_AA64ISAR0 | Theo de Raadt |
| 2024-09-04 | make psp attach to ccp as a different driver | Jonathan Gray |
| 2024-09-02 | simplify ccp ifdef; ok bluhm@ | Jonathan Gray |
| 2024-09-01 | Pledge "vmm" for ccp(4) ioctl(2). | Alexander Bluhm |
| 2024-06-03 | avoid shadowing a local variable in a lower scope | Theo de Raadt |
| 2024-06-02 | pledge, MAP_STACK, and pinsyscall failures have been providing failure | Theo de Raadt |
| 2024-05-18 | Add pathconfat(2): pathconf(2) but with at-fd and flags arguments, | Philip Guenther |
| 2024-04-05 | noone calls msyscall() anymore. | Theo de Raadt |
| 2024-03-28 | Delete pinsyscall(2) [which was specific only to SYS_execve] now | Theo de Raadt |
| 2024-03-22 | pledge: Allow the AUDIO_GETDEV ioctl in "audio" | Alexandre Ratchov |
| 2023-12-12 | put pinsyscalls(2) into the "always" group | Theo de Raadt |
| 2023-09-29 | Extend single_thread_set() mode with additional flag attributes. | Claudio Jeker |
| 2023-09-19 | Before coredump or in pledge_fail use SINGLE_UNWIND to stop all threads. | Claudio Jeker |
| 2023-08-20 | Add kqueue1() system call | Visa Hankala |
| 2023-06-02 | pledge(2): stdio: permit restricted profil(2) for moncontrol(3) | Scott Soule Cheloha |
| 2023-05-19 | Since waitid(2) shares code with wait4(2) and doesn't expose any | Philip Guenther |
| 2023-02-19 | Make pinsyscall(2) always available for pledged processes. Needed by pledge | Anton Lindqvist |
| 2023-02-11 | non-padded 64-bit system calls arrived 2021/12/23, over a year ago. | Theo de Raadt |
| 2023-01-07 | Add {get,set}thrname(2) for putting thread names in the kernel and | Philip Guenther |
| 2022-12-23 | wrap a line better | Theo de Raadt |
| 2022-12-05 | zap a pile of dangling tabs | Theo de Raadt |
| 2022-11-10 | fix build after 1.298 | Jonathan Gray |
| 2022-11-09 | Some limited setsockopt/getsockopt are allowed in pledge "stdio". | Theo de Raadt |
| 2022-11-08 | allow the KERN_AUTOCONF_SERIAL sysctl in pledge'd processes | Robert Nagy |
| 2022-10-07 | Add mimmutable(2) system call which locks the permissions (PROT_*) of | Theo de Raadt |
| 2022-09-05 | Pledge sendmmsg and recvmmsg with stdio similar to their non-loop | Moritz Buhl |
| 2022-08-14 | remove unneeded includes in sys/kern | Jonathan Gray |
| 2022-08-11 | Add TCP_INFO support to getsockopt for tcp sessions. | Claudio Jeker |
| 2022-08-08 | Before ypconnect(2) addition, "getpw" was a horrible "hole" that triggered | Theo de Raadt |
| 2022-08-02 | some ports bootstraps, and go internals, need a bit more time to adapt | Theo de Raadt |
| 2022-07-18 | Restrict pledge("vminfo") callers to read-only swapctl(2) operations. | Jeremie Courreges-Anglas |
| 2022-07-18 | Delete the YPACTIVE toggling code when "getpw" code access/open are done to | Theo de Raadt |
| 2022-07-17 | backout last step: the path checks are too strong until everyone has a | Theo de Raadt |
| 2022-07-17 | the PLEDGE_YPACTIVE "hack" bit related to "getpw" pledge goes away. libc | Theo de Raadt |
| 2022-07-15 | Allow ypconnect() in "getpw" | Theo de Raadt |
| 2022-06-30 | Allow sysctl mib CTL_NET.PF_INET6 with a length of 3 in PLEDGE_VMINFO. | Claudio Jeker |
| 2022-06-29 | Unlock the pledge(2) system call | Jeremie Courreges-Anglas |
| 2022-06-29 | Use READ_ONCE() when saving pr->ps_pledge to a local variable | Jeremie Courreges-Anglas |
| 2022-06-26 | allow HW_USERMEM64 in sysctl pledge | Jonathan Gray |
| 2022-03-25 | add an exception to the CPU_ID_AA64ISAR0 in pledged applications so that | Robert Nagy |
| 2022-02-25 | add setrtable to pledge("id"). from Matthew Martin | Ted Unangst |
| 2022-02-04 | whitelist resolv.conf for stat. go dns library does this. | Ted Unangst |
| 2022-01-20 | initial support for drm sync files, fences associated with file | Jonathan Gray |
| 2021-12-23 | Roll the syscalls that have an off_t argument to remove the explicit padding. | Philip Guenther |
| 2021-11-15 | Copy p_p->ps_pledge into a local variable (called pledge) in every function | Theo de Raadt |
| 2021-06-29 | remove arch ifdefs around drm.h include | Jonathan Gray |
| 2021-06-26 | Add powerpc64 and riscv64 to the list of architectures that have DRM. | Mark Kettenis |
| 2021-06-09 | unveil: small cleanup for UNVEIL_INSPECT | Sebastien Marie |
| 2021-04-30 | When terminating via pledge_fail() stop all threads, before issuing a | Theo de Raadt |
