| Age | Commit message (Collapse) | Author |
|---|
|
setgid/setegid/setresgid, setgroups, setlogin, and setpriority.
setrlimit and getpriority are also allowed (they are also in "proc")
some of these were previously permitted in "proc" but have been removed.
this seperation is intentional. "proc" is intended for reasoning about
the relationship of a process "with other processes", whereas "id" deals
the powerful/dangerous concept of unix ids. "id" will see some action
very soon.
ok gilles tedu semarie doug
|
|
ok deraadt@
|
|
ok deraadt@
|
|
Prevent a deadlock from occuring when intr_barrier() is called from
a non-primary CPU in the watchdog task, also enqueued on ``systq''.
ok kettenis@
|
|
|
|
checking cdevsw. ok deraadt
|
|
pattern is common, especially because of daemon(3) usage. Will probably
help some daemons move their pledge() calls further upwards.
ok doug,
|
|
sys_bind().
bind(2) still require PLEDGE_INET or PLEDGE_UNIX in order to be called, due to
SYS_bind entry in pledge_syscalls array. The diff restores also the ability for
PLEDGE_UNIX to call bind(2) (pledge_bind_check function missed that).
problem spotted by doug@
OK deraadt@
|
|
|
|
returning ENOTTY instead of killing the process.
|
|
use pledge and file locking. OK deraadt@
|
|
simply use it.
In most of the cases doing a route lookup at this point is a noop as
it will return you the same DOWN entry you already have.
The exception is the case where the route has been removed from tree
since your kernel looked for it. So what? It's just a blue packet.
Note that this "exception" can only happen if your sending path does
not run under the KERNEL_LOCK.
ok mikeb@
|
|
ok mpi@
|
|
iwm_mvm_scan_request() and always call ieee80211_end_scan() when done.
ok mpi@
|
|
|
|
Fixes occasional firmware errors while bringing the interface up or scanning.
ok phessler@
|
|
currently needing them. delete 'em for now.
ok doug
|
|
cu(1) uses these.
ok deraadt@
|
|
that the nated source port was reused as destination port. Do not
initialize nport at the beginning of the function, but where it is
needed.
OK sashan@
|
|
way to install boot blocks.
|
|
|
|
safe uses of it
|
|
of a mutex, the path no longer cleans up the queue of tx requests.
ok mpi@
|
|
checked already at beginning of the loop.
ok reyk
|
|
all the ports in the range portfirst .. portlast
are in use.
ok millert@, mpi@
|
|
|
|
ok jung@
|
|
|
|
not currently enforced but we want the kernel to be able to parse
it for an upcoming diff in the next few days.
|
|
came out of a discussion regarding "sort foo -o foo".
ok semarie
|
|
and mpi believe could be used uninitialised.
ok mpi@
|
|
While here check for RTF_CLONED insted of RTM_RESOLVE when adding an
entry.
Found while debugging naddy@'s NFS vs em(4) vs rtisvalid(9) issue.
|
|
turning rtable_get(9) MP-safe.
Use only one per-AF array, as suggested by claudio@, pointing to an
array of pointers to the routing table heads.
Routing tables are now allocated/initialized per-AF. This will let
us allocate routing table on-demand instead of always having an
AF_INET, AF_MPLS and AF_INET table as soon as a new rtableID is used.
This also get rid of the "void ***" madness.
ok dlg@, jmatthew@
|
|
|
|
refactoring inverted the checks; spotted by sthen in ping6.
|
|
in case the kernel failed to change the interface of a device.
Found the hardway by okan
|
|
|
|
always gets pointer to rule.
- pf_remove_src_node(): function should always remove matching src node,
regardless the sn->rule.ptr being NULL or valid rule
- sn->rule.ptr is never NULL, spotted by mpi and Richard Procter _von_ gmail.com
OK mpi@, OK mikeb@
|
|
|
|
|
|
|
|
configured addressses.
ok mikeb@
|
|
ARP entries with an expired timeout are now removed from the tree even
if they are cached somehwere else. This also reduces differences with
NDP.
ok bluhm@
|
|
Note that after calling rtalloc(9) we only check if a route has been
returned or not and do not check for its validity. This cannot be
improved without a massive refactoring.
The kernel currently *do* use !RTF_UP route due to a mismatch between
the value of ifp->if_link_state and the IFF_UP|IFF_RUNNING code.
I'd explain the RTF_UP flag as follow:
. If a cached route entry w/o RTF_UP is passed to ip{6,}_output(),
. call rtalloc(9) to see if a better entry is present in the tree.
This is enough to support MPATH and route cache invalidation.
ok bluhm@
|
|
This is required to maintain the original BSD behavior of locally
configured addresses being always reacheable.
Some interfaces are^w^W^Wem(4) is special and generally has a DOWN
link state when configured by netstart(8). As a result all the
route entries cloned/added before its link state goes to UP are also
marked as DOWN.
Note that this problem was not present when local addresses were
attached to lo0.
ok mikeb@
|
|
problem pointed out by Martin Natano (natano (at) natano.net)
Also, stop chaining assignments (foo = bar = baz) in vattr_null().
The exact meaning of those depends on the order of the sizes-and-
signednesses of the lvalues, making them fragile: a statement here
mixed *six* types, but managed to get them in a safe order. Delete
a 20+ year old XXX comment that was almost certainly bemoaning a bug
from when they were in an unsafe order.
ok deraadt@ miod@
|
|
ok kettenis@ miod@
|
|
"add it" deraadt@
|
|
|
|
depending on what you need. inet/inet6 cmsg's come through unmolested --
that is something to consider later.
|
