aboutsummaryrefslogtreecommitdiff
path: root/sys/security
Commit message (Expand)AuthorAgeFilesLines
* vfs: introduce V_PCATCH to stop abusing PCATCHMateusz Guzik2022-09-171-2/+2
* mac_veriexec_parser: fix build after 7e1d3eefd410.Dag-Erling Smørgrav2022-09-091-1/+1
* protosw: refactor protosw and domain static declaration and loadGleb Smirnoff2022-08-171-2/+2
* mac: cheaper check for mac_pipe_check_readMateusz Guzik2022-08-173-2/+20
* mac_ddb: Fix the show rman validator.John Baldwin2022-08-121-1/+1
* mac: s/0/false/ in macros denoting probe enablementMateusz Guzik2022-08-111-14/+14
* AST: reworkKonstantin Belousov2022-08-021-4/+15
* Revert "mac_ddb: Make db_show_vnet_valid() handle !VIMAGE"Allan Jude2022-07-211-4/+0
* mac_ddb: Make db_show_vnet_valid() handle !VIMAGEAllan Jude2022-07-211-0/+4
* mac_ddb: Only include the vnet validator in VIMAGE kernels.John Baldwin2022-07-201-0/+6
* mac_ddb: add some validation functionsMitchell Horne2022-07-181-0/+101
* mac: add new mac_ddb(4) policyMitchell Horne2022-07-181-0/+266
* mac: kdb/ddb framework hooksMitchell Horne2022-07-185-0/+166
* mac_veriexec: Authorize reads of secured sysctlsWojciech Macek2022-06-291-1/+1
* sysent: Get rid of bogus sys/sysent.h include.Dmitry Chagin2022-05-281-1/+0
* mac_pimd: Support for privilege drop in pimdWojciech Macek2022-04-201-0/+75
* audit: Initialize vattr fields before calling VOP_GETATTRMark Johnston2022-03-281-0/+1
* mac_veriexec: Fix a typo in a source code commentGordon Bergling2022-03-271-1/+1
* vfs: NDFREE(&nd, NDF_ONLY_PNBUF) -> NDFREE_PNBUF(&nd)Mateusz Guzik2022-03-243-4/+4
* Thread creation privilege for realtime groupFlorian Walpen2021-12-141-2/+2
* Add idle priority scheduling privilege group to MAC/priorityFlorian Walpen2021-12-101-1/+16
* Add PRIV_SCHED_IDPRIOFlorian Walpen2021-12-102-0/+2
* MAC/priority module for realtime privilege groupFlorian Walpen2021-12-041-0/+68
* vfs: remove the unused thread argument from NDINIT*Mateusz Guzik2021-11-253-5/+5
* Add fspacectl(2), vn_deallocate(9) and VOP_DEALLOCATE(9).Ka Ho Ng2021-08-051-0/+12
* Fix mac_veriexec version mismatchWojciech Macek2021-07-291-1/+1
* mac: cheaper check for ifnet_create_mbuf and ifnet_check_transmitMateusz Guzik2021-06-293-10/+40
* tcp_input/syncache: acquire only read lock on PCB for SYN,!ACK packetsGleb Smirnoff2021-04-121-1/+1
* Add a comment on why the call to mac_vnode_relabel() might be in the wrongRobert Watson2021-02-271-3/+12
* close_range: add audit supportAlex Richardson2021-02-231-0/+15
* Convert remaining cap_rights_init users to cap_rights_init_oneMateusz Guzik2021-01-122-4/+6
* mac: cheaper check for mac_vnode_check_readlinkMateusz Guzik2021-01-083-2/+20
* cache: combine fast path enabled status into one flagMateusz Guzik2021-01-061-0/+3
* audit: rework AUDIT_SYSCLOSEMateusz Guzik2020-12-172-8/+4
* pipe: allow for lockless pipe_statMateusz Guzik2020-11-193-3/+30
* mac_framework.h: fix build with DEBUG_VFS_LOCKS and !MACAndriy Gapon2020-09-031-1/+1
* security: clean up empty lines in .c and .h filesMateusz Guzik2020-09-0113-22/+4
* cache: drop the always curthread argument from reverse lookup routinesMateusz Guzik2020-08-241-1/+1
* vfs: add VOP_STATMateusz Guzik2020-08-071-1/+1
* mac: even up all entry points to the same schemeMateusz Guzik2020-08-061-7/+38
* vfs: add a cheaper entry for mac_vnode_check_accessMateusz Guzik2020-08-053-2/+17
* Fix tinderbox build after r363714Mateusz Guzik2020-07-301-0/+8
* vfs: elide MAC-induced locking on rename if there are no relevant hoooksMateusz Guzik2020-07-292-0/+7
* vfs: add the infrastructure for lockless lookupMateusz Guzik2020-07-251-1/+2
* vfs: fix vn_poll performance with either MAC or AUDITMateusz Guzik2020-07-162-1/+16
* vfs: fix MAC/AUDIT mismatch in vn_pollMateusz Guzik2020-07-161-0/+10
* audit: provide AUDITING_TD for !AUDIT caseMateusz Guzik2020-07-041-0/+2
* mac_veriexec_fingerprint_check_vnode: v_writecount > 0 means active writersSimon J. Gerraty2020-06-121-1/+1
* Deduplicate fsid comparisonsRyan Moeller2020-05-212-4/+3
* Add BSM record conversion for a number of syscalls:Christian S.J. Peron2020-05-161-0/+34