aboutsummaryrefslogtreecommitdiff
path: root/sys/security/mac
Commit message (Expand)AuthorAgeFilesLines
* Convert remaining cap_rights_init users to cap_rights_init_oneMateusz Guzik2021-01-121-2/+4
* mac: cheaper check for mac_vnode_check_readlinkMateusz Guzik2021-01-083-2/+20
* cache: combine fast path enabled status into one flagMateusz Guzik2021-01-061-0/+3
* pipe: allow for lockless pipe_statMateusz Guzik2020-11-193-3/+30
* mac_framework.h: fix build with DEBUG_VFS_LOCKS and !MACAndriy Gapon2020-09-031-1/+1
* security: clean up empty lines in .c and .h filesMateusz Guzik2020-09-013-3/+1
* mac: even up all entry points to the same schemeMateusz Guzik2020-08-061-7/+38
* vfs: add a cheaper entry for mac_vnode_check_accessMateusz Guzik2020-08-053-2/+17
* Fix tinderbox build after r363714Mateusz Guzik2020-07-301-0/+8
* vfs: elide MAC-induced locking on rename if there are no relevant hoooksMateusz Guzik2020-07-292-0/+7
* vfs: add the infrastructure for lockless lookupMateusz Guzik2020-07-251-1/+2
* vfs: fix vn_poll performance with either MAC or AUDITMateusz Guzik2020-07-162-1/+16
* vfs: fix MAC/AUDIT mismatch in vn_pollMateusz Guzik2020-07-161-0/+10
* mac_policy: Remove mac_policy_sxJason A. Harmening2020-04-041-8/+3
* Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many)Pawel Biernacki2020-02-261-1/+1
* vfs: use mac fastpath for lookup, open, read, write, mmapMateusz Guzik2020-02-133-15/+124
* mac: implement fast path for checksMateusz Guzik2020-02-133-4/+118
* vfs: drop the mostly unused flags argument from VOP_UNLOCKMateusz Guzik2020-01-032-4/+4
* mac: use a sleepable rmlock instead of an sx lockMateusz Guzik2019-12-271-2/+6
* Instead of looking up a predecessor or successor to the current mapDoug Moore2019-11-201-4/+5
* Define wrapper functions vm_map_entry_{succ,pred} to act as wrappersDoug Moore2019-11-131-1/+2
* Define macro VM_MAP_ENTRY_FOREACH for enumerating the entries in a vm_map.Doug Moore2019-10-081-1/+1
* vm_map_simplify_entry considers merging an entry with its twoDoug Moore2019-08-251-1/+1
* When MAC is enabled and a policy module is loaded, don't unconditionallyRobert Watson2019-05-033-26/+51
* mac: reduce pessimization of sdt probe handlingMateusz Guzik2018-12-191-12/+16
* Remove unused argument to priv_check_cred.Mateusz Guzik2018-12-111-1/+1
* Require that MAC label buffers be able to store a non-empty string.Mark Johnston2018-08-011-1/+3
* Use an accessor function to access ifr_data.Brooks Davis2018-03-301-2/+2
* Reduce duplication in __mac_*_(file|link)(2) implementation.Brooks Davis2018-02-151-97/+27
* Do pass removing some write-only variables from the kernel.Alexander Kabaev2017-12-251-2/+0
* Fix improper use of "its".Bryan Drewery2016-11-081-1/+1
* sys/security: minor spelling fixes.Pedro F. Giffuni2016-05-062-2/+2
* Fix style issues around existing SDT probes.Mark Johnston2015-12-162-22/+22
* cred: add proc_set_cred helperMateusz Guzik2015-03-161-1/+1
* Update kernel inclusions of capability.h to use capsicum.h instead; someRobert Watson2014-03-161-1/+1
* Remove AppleTalk support.Gleb Smirnoff2014-03-143-81/+0
* As constantly reported during kernel compilation, m_buflen is unsigned soBjoern A. Zeeb2013-12-251-2/+1
* dtrace sdt: remove the ugly sname parameter of SDT_PROBE_DEFINEAndriy Gapon2013-11-262-27/+27
* - For kernel compiled only with KDTRACE_HOOKS and not any lock debuggingAttilio Rao2013-11-2516-17/+0
* Fix some typos that were causing probe argument types to show up as unknown.Mark Johnston2013-10-014-4/+4
* Make the mac_policy_rm lock recursable, which allows reentrance intoKonstantin Belousov2013-09-291-1/+2
* Change the cap_rights_t type from uint64_t to a structure that we can extendPawel Jakub Dawidek2013-09-051-2/+4
* Implement read(2)/write(2) and neccessary lseek(2) for posix shmfd.Konstantin Belousov2013-08-213-0/+46
* Relax the vm object locking in mac_proc_vm_revoke_recurse(). A read lockAlan Cox2013-06-041-4/+4
* Switch the vm_object mutex to be a rwlock. This will enable in theAttilio Rao2013-03-091-7/+7
* Remove the support for using non-mpsafe filesystem modules.Konstantin Belousov2012-10-222-29/+12
* When allocation of labels on files is implicitly disabled due to MACRobert Watson2012-04-081-14/+27
* - Improve BPF locking model.Alexander V. Chernikov2012-04-061-0/+2
* Revert the approach for skipping lockstat_probe_func call when doingAttilio Rao2011-12-121-1/+0
* put sys/systm.h at its proper place or add it if missingAndriy Gapon2011-12-122-1/+2
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-24 14:58:48 +0000