| Age | Commit message (Collapse) | Author |
|---|
|
mappings. This will be used by if_nameindex(3), if_nametoindex(3) and
if_indextoname(3) soon to fix the issues in pledge because of inet6 link
local addressing.
OK mpi@ benno@ deraadt@
The libc version will follow soon so better start updating your kernels
|
|
ok mlarkin@
|
|
used (ttm bo's have their own reference counts), we can't let the reference
count go negative as this will freak out the upper uvm layers. Since the
uvm_object reference count is still a useful debugging tool (ddb will display
it for example), adjust it such that the uvm_object reference count represents
the number of references held by the uvm layer.
tested by matthieu@
ok jsg@
|
|
ok kettenis@, deraadt@
|
|
|
|
make cl_actc in hfsc_class a TAILQ rather than a pointer to a TAILQ
that gets allocated seaprately.
|
|
make hif_eligible in hfsc_if a TAILQ rather than a pointer to a
TAILQ that gets allocated separately.
"look ma, i saved 4 or 8 bytes"
|
|
the ifqueue struct has the same information, and hif_packets is never
read separately. trim it.
|
|
the abstract vnetid is promoted to a uin32_t, and adds a SIOCDVNETID
ioctl so it can be cleared.
this is all because i set an assignment on implementing a virtual
network interface and the students got confused when vnetid 0 didnt
show up in ifconfig output.
the vnetid in the vxlan(4) protocol is optional, but the current
code confuses 0 with no vnetid being set. this makes it clear.
ok reyk@ who also simplified my diff
|
|
ps-style programs (there are quite a few in the tree, including tmux).
"vminfo" exposes a bit more system operation information, which many
observation programs want (such as top). settime allows setting the system
time, and will be used to pledge-protect the last ntpd process.
|
|
you get to hfsc_class via a hfsc_if, so just pass the hfsc_if around
on the stack when we need it rather than following the pointer back.
most of this change is passing the hif on the stack.
ok mpi@ henning@
|
|
|
|
ok mpi@ bluhm@
|
|
ok dlg@ krw@
|
|
|
|
|
|
of rt_getifa() when adding link level route from outside the
kernel.
ok claudio@
|
|
ok bluhm@, dlg@, claudio@
|
|
ok millert@, bluhm@
|
|
entry is attached to this entry.
ok phessler@, bluhm@
|
|
ok bluhm@
|
|
ok bluhm@
|
|
Instead of casts they check wether the incoming object has the
expected type. So introduce satosdl() and sdltosa() in the kernel.
OK mpi@
|
|
ok claudio@, bluhm@, jsg@
|
|
ok stsp@
|
|
With benno
|
|
|
|
Discussion with nicm.
|
|
|
|
During s2k15 we fixed this ugly 20+ years loopback hack of having a
rt_ifp different than rt_ifa->ifa_ifp.
ok millert@, bluhm@
|
|
ok millert@, bluhm@
|
|
|
|
for device. In sys_fcntl() the ioctl(TIOCSPGRP) is called, but the
pipe expects SIOCSPGRP. Sockets have a specal case for the same
reason, so adapt the special code for pipes.
OK millert@
|
|
|
|
|
|
ok tedu@, deraadt@, miod@
|
|
this can be used as an alternative to sysctl net.inet.ip.ttl, in
programs that use pledge().
ok reyk@, "Like this" deraadt@
|
|
socket(). Without pledge, all other socket behaviours become permitted,
except this one case: connect/send* only works to *:53. In pledge mode,
a very few are further restricted. Some backwards compatibility for
the dnssocket/dnsconnect calls will remain in the tree temporarily so
that people can build through the transition.
ok tedu guenther semarie
|
|
member of the given group). This is used by some parse.y.
OK deraadt@
|
|
Our in-kernel ether-vtag has a different layout to the vr TXSTAT register.
ok sthen@
|
|
the following diff adds a clear view of whitelisted-paths in pledge.
before, whitelisting "/usr/local/bin" path would make only "/usr/local/bin"
VNODE was present and let "/usr/local", "/usr", and "/" been ENOENT. It was a
somehow odd filesystem hierarchy, and it breaks realpath(3).
with this diff, the directories that are one of the parents of a
whitelisted-directory become visible to stat(2) related syscalls, but only
with restricted permissions: stat(2) will lie a bit, and saying they owned by
root:wheel and mode is --x--x--x. Note that only stat(2) is affected by this
"view", and the owner/mode aren't effectively changed: it is just a "lie".
while here, refactor a bit pledge_namei() in order to avoid multiple for-loop
on whitelisted-path array.
ok deraadt@
|
|
|
|
default case only allows SOL_SOCKET SO_RCVBUF which is very common in
network-facing daemons. Many of them manage this on a socket after
dropping abilities which can get them _new_ sockets.. syslogd, bgpd,
relayd, etc etc. Other sockopts still require specific pledges.
Tested by bluhm.
|
|
|
|
ok deraadt@
|
|
builtin. make a note that setpriority() should be weakened, unless "id"
is also present.
pointed out by Theo Buehler
|
|
work properly.
|
|
|
|
While here add two missing ``rtableid'' checks in in6_selectsrc().
ok bluhm@
|
|
While here add a missing ``rtableid'' check in in_selectsrc().
ok bluhm@
|
