| Age | Commit message (Expand) | Author |
|---|
| 2016-09-10 | Add a noperm mount flag for FFS to be used for building release sets | Martin Natano |
| 2016-09-07 | Remove usermount remnants. ok tedu | Martin Natano |
| 2016-07-14 | kern.usermount=1 is unsafe for everyone, since it allows any non-pledged | Theo de Raadt |
| 2016-07-12 | The only valid flag for unmount(2) is MNT_FORCE, ignore any others. | Todd C. Miller |
| 2016-07-06 | Return EINVAL for mknod/mknodat when dev is -1 (aka VNOVAL). | Todd C. Miller |
| 2016-07-03 | introduces new promise "chown" to allow changing owner/group with *chown(2) f... | Sebastien Marie |
| 2016-06-27 | dovutimens: call vrele(9) before returning EINVAL | Sebastien Marie |
| 2016-06-27 | sys_revoke: call vrele() before returning ENOTTY | Sebastien Marie |
| 2016-06-26 | use error code path instead of return early without calling VOP_ABORTOP() and | Sebastien Marie |
| 2016-06-01 | rmdir(2) should return EINVAL not EBUSY when trying to remove ".". | Todd C. Miller |
| 2016-05-27 | W^X violations are no longer permitted by default. A kernel log message | Theo de Raadt |
| 2016-05-15 | remove chroot(2) from allowed syscalls under pledge(2). | Sebastien Marie |
| 2016-03-27 | When pulling and unmounting an umass USB stick, the file system | Alexander Bluhm |
| 2016-03-19 | Remove the unused flags argument from VOP_UNLOCK(). | natano |
| 2016-01-06 | remove unnecessary casts where the incoming type is void *. | Ted Unangst |
| 2016-01-02 | mmcc noticed that nd.ni_pledge was uninitialized in doopenat() for the | Theo de Raadt |
| 2015-12-16 | in pledged process, setuid/setgid/sticky bits should be ignored. | Sebastien Marie |
| 2015-12-16 | in pledged process, setuid/setgid/sticky bits should be ignored. | Sebastien Marie |
| 2015-12-05 | remove stale lint annotations | Ted Unangst |
| 2015-12-04 | Add pledge "dpath", which provides access to mknod(2) and mkfifo(2). | Theo de Raadt |
| 2015-11-20 | VISTTY check in revoke() is not working well for the non-indirected | Theo de Raadt |
| 2015-11-20 | Fix whitespace. No binary change. | Jonathan Gray |
| 2015-11-18 | In sys_revoke, inspect the VISTTY flag on the backside of VOP_GETATTR, | Theo de Raadt |
| 2015-11-16 | Permit revoke(2) for a pledge "rpath tty" | Theo de Raadt |
| 2015-11-16 | Only perform revoke(2) on tty cdevs. Others paths return ENOTTY. | Theo de Raadt |
| 2015-11-14 | Add pathconf() to pledge "rpath"; ok guenther | Theo de Raadt |
| 2015-11-02 | move the pledgenote annotation from `struct proc' to `struct nameidata' | Sebastien Marie |
| 2015-11-01 | refactor pledge_*_check and pledge_fail functions | Sebastien Marie |
| 2015-10-28 | mkdir is PLEDGE_CPATH, not PLEDGE_CPATH | PLEDGE_RPATH... | Theo de Raadt |
| 2015-10-28 | remove duplicate setting of p_pledgenote: | Sebastien Marie |
| 2015-10-28 | make sys_chroot() only allowed to be used when pledged, with "rpath id proc". | Sebastien Marie |
| 2015-10-28 | Set pledgenote to PLEDGE_RPATH in chdir & chroot | Theo de Raadt |
| 2015-10-25 | Fold "malloc" into "stdio" and -- recognizing that no program so far has | Theo de Raadt |
| 2015-10-20 | clear whitelisted-paths view in pledge. | Sebastien Marie |
| 2015-10-16 | Implement real "flock" request and add it to userland programs that | Todd C. Miller |
| 2015-10-14 | When pledged with "fattr", allow chown to supplimentary groups. This | Theo de Raadt |
| 2015-10-09 | Rename tame() to pledge(). This fairly interface has evolved to be more | Theo de Raadt |
| 2015-10-06 | rmdir() is just a CPATH operation; remove RPATH marker that snuck in. | Theo de Raadt |
| 2015-08-31 | In tame mode, return EPERM for *chown if uid/gid change is not towards | Theo de Raadt |
| 2015-08-31 | Rather than killing when *chmod is asked to do setuid/setgid, clear | Theo de Raadt |
| 2015-08-31 | KNF | Theo de Raadt |
| 2015-08-30 | For *chmod, allow S_ISTXT in tame mode. I am evaluating what to | Theo de Raadt |
| 2015-08-22 | Move to tame(int flags, char *paths[]) API/ABI. | Theo de Raadt |
| 2015-07-20 | Move the construction of p_tamenote from sys_open() to doopenat(), so that | Theo de Raadt |
| 2015-07-19 | tame(2) is a subsystem which restricts programs into a "reduced feature | Theo de Raadt |
| 2015-05-07 | Pass a thread pointer instead of its file descriptor table to getvnode(9). | Martin Pieuchot |
| 2015-04-30 | Indroduce fd_getfile_mode() and use it were fd_getfile() is directly | Martin Pieuchot |
| 2015-04-17 | Tweaks utimensat/futimens handling to always update ctime, even when both | Philip Guenther |
| 2015-03-14 | Remove some includes include-what-you-use claims don't | Jonathan Gray |
| 2014-12-16 | primary change: move uvm_vnode out of vnode, keeping only a pointer. | Ted Unangst |
