| Commit message (Expand) | Author | Age | Files | Lines |
* | [net80211] Add new privileges; restrict what can be done in a jail. | Adrian Chadd | 2020-07-19 | 1 | -4/+2 |
* | vfs: add restrictions to read(2) of a directory [2/2] | Kyle Evans | 2020-06-04 | 1 | -0/+8 |
* | ethersubr: Make the mac address generation more robust | Kristof Provost | 2020-04-18 | 1 | -0/+9 |
* | Preload hostuuid for early-boot use | Kyle Evans | 2020-04-16 | 1 | -0/+31 |
* | kern_jail: missing \0 termination check on osrelease parameter | Bjoern A. Zeeb | 2020-03-14 | 1 | -3/+9 |
* | Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) | Pawel Biernacki | 2020-02-26 | 1 | -3/+3 |
* | Partially decompose priv_check by adding priv_check_cred_vfs_generation | Mateusz Guzik | 2020-02-13 | 1 | -0/+10 |
* | Inline jailed(). | Mateusz Guzik | 2020-02-13 | 1 | -10/+0 |
* | vfs: remove now useless ENODEV handling from vn_fullpath consumers | Mateusz Guzik | 2020-02-08 | 1 | -23/+2 |
* | Remove duplicated empty lines from kern/*.c | Mateusz Guzik | 2020-01-30 | 1 | -6/+0 |
* | vfs: drop the mostly unused flags argument from VOP_UNLOCK | Mateusz Guzik | 2020-01-03 | 1 | -3/+3 |
* | Split gigantic rtsock route_output() into smaller functions. | Alexander V. Chernikov | 2019-12-31 | 1 | -5/+5 |
* | Replace hand-rolled unrefs if > 1 with refcount_release_if_not_last | Mateusz Guzik | 2018-12-07 | 1 | -3/+1 |
* | In hardened systems, where the security.bsd.unprivileged_proc_debug sysctl | Jamie Gritton | 2018-11-27 | 1 | -2/+16 |
* | Allow set ether/vlan PCP operation from the VNET jails. | Konstantin Belousov | 2018-11-12 | 1 | -0/+1 |
* | Fix typos from r339409. | Jamie Gritton | 2018-10-18 | 1 | -1/+1 |
* | Add a new jail permission, allow.read_msgbuf. When true, jailed processes | Jamie Gritton | 2018-10-17 | 1 | -0/+12 |
* | Fix the test prohibiting jails from sharing IP addresses. | Jamie Gritton | 2018-10-06 | 1 | -4/+6 |
* | Revert r337922, except for some documention-only bits. This needs to wait | Jamie Gritton | 2018-08-16 | 1 | -95/+57 |
* | Put jail(2) under COMPAT_FREEBSD11. It has been the "old" way of creating | Jamie Gritton | 2018-08-16 | 1 | -57/+95 |
* | Add allow.mlock to jail parameters | Antoine Brodin | 2018-07-29 | 1 | -0/+14 |
* | Change prison_add_vfs() to the more generic prison_add_allow(), which | Jamie Gritton | 2018-07-06 | 1 | -37/+64 |
* | Silence warnings about unused variables when RACCT is defined but RCTL | Konstantin Belousov | 2018-07-05 | 1 | -0/+2 |
* | Instead of using hand-rolled loops where not needed switch them | Bjoern A. Zeeb | 2018-06-20 | 1 | -1/+1 |
* | Try to be consistent and spell "vnet" lower case like all the | Bjoern A. Zeeb | 2018-05-24 | 1 | -1/+1 |
* | Improve the KASSERT to also have the prison pointer. | Bjoern A. Zeeb | 2018-05-24 | 1 | -1/+1 |
* | Make it easier for filesystems to count themselves as jail-enabled, | Jamie Gritton | 2018-05-04 | 1 | -65/+112 |
* | call racct_proc_ucred_changed() under the proc lock | Andriy Gapon | 2018-04-20 | 1 | -2/+10 |
* | Move most of the contents of opt_compat.h to opt_global.h. | Brooks Davis | 2018-04-06 | 1 | -1/+0 |
* | Represent boolean jail options as an array of structures containing the | Jamie Gritton | 2018-03-20 | 1 | -122/+114 |
* | sys/kern: adoption of SPDX licensing ID tags. | Pedro F. Giffuni | 2017-11-27 | 1 | -0/+2 |
* | Jails: Optionally prevent jailed root from binding to privileged ports | Allan Jude | 2017-06-06 | 1 | -3/+14 |
* | Use inet_ntoa_r() instead of inet_ntoa() throughout the kernel | Eric van Gyzen | 2017-02-16 | 1 | -1/+4 |
* | Move IPv4-specific jail functions to new file netinet/in_jail.c | Stephen J. Kiernan | 2016-08-09 | 1 | -738/+8 |
* | Fix a vnode leak when giving a child jail a too-long path when | Jamie Gritton | 2016-06-09 | 1 | -0/+1 |
* | Re-order some jail parameter reading to prevent a vnode leak. | Jamie Gritton | 2016-06-09 | 1 | -40/+40 |
* | Clean up some logic in jail error messages, replacing a missing test and | Jamie Gritton | 2016-06-09 | 1 | -12/+10 |
* | Make sure the OSD methods for jail set and remove can't run concurrently, | Jamie Gritton | 2016-06-09 | 1 | -9/+13 |
* | Mark jail(2), and the sysctls that it (and only it) uses as deprecated. | Jamie Gritton | 2016-05-30 | 1 | -17/+17 |
* | sys/kern: spelling fixes in comments. | Pedro F. Giffuni | 2016-04-29 | 1 | -2/+2 |
* | Delay revmoing the last jail reference in prison_proc_free, and instead | Jamie Gritton | 2016-04-27 | 1 | -10/+34 |
* | Use crcopysafe in jail_attach. | Jamie Gritton | 2016-04-26 | 1 | -7/+5 |
* | Pass the current/new jail to PR_METHOD_CHECK, which pushes the call | Jamie Gritton | 2016-04-25 | 1 | -47/+58 |
* | Add a new jail OSD method, PR_METHOD_REMOVE. It's called when a jail is | Jamie Gritton | 2016-04-25 | 1 | -8/+41 |
* | Remove the PR_REMOVE flag, which was meant as a temporary marker for | Jamie Gritton | 2016-04-25 | 1 | -3/+1 |
* | kernel: use our nitems() macro when it is available through param.h. | Pedro F. Giffuni | 2016-04-19 | 1 | -24/+13 |
* | Fix jail name checking that disallowed anything that starts with '0'. | Jamie Gritton | 2015-12-15 | 1 | -3/+6 |
* | Speed up rctl operation with large rulesets, by holding the lock | Edward Tomasz Napierala | 2015-11-15 | 1 | -1/+6 |
* | Add support to the jail framework to be able to mount linsysfs(5) and | Marcelo Araujo | 2015-07-19 | 1 | -0/+16 |
* | Move chdir/chroot-related fdp manipulation to kern_descrip.c | Mateusz Guzik | 2015-07-11 | 1 | -1/+1 |