aboutsummaryrefslogtreecommitdiff
path: root/sys/security
Commit message (Expand)AuthorAgeFilesLines
...
* MAC/do: Sort header inclusionsOlivier Certner2025-04-031-2/+2
* mac_do(4): Enhance GID rule validation to check all groups in cr_groupsLi-Wen Hsu2025-04-031-2/+2
* MAC: mac_biba, mac_lomac: Fix setting loader tunablesZhenlei Huang2025-02-132-2/+4
* audit/audit.c: fix typo KERNEL_PANICED->KERNEL_PANICKEDKonstantin Belousov2025-02-081-1/+1
* audit(9): do not touch VFS if panicingKonstantin Belousov2025-02-081-1/+2
* audit: Fix short-circuiting in syscallenter()Mark Johnston2025-01-171-1/+4
* MAC: syscalls: mac_label_copyin(): 32-bit compatibilityOlivier Certner2025-01-162-6/+51
* MAC: syscalls: Split mac_set_proc() into reusable piecesOlivier Certner2025-01-162-20/+128
* MAC: syscalls: Factor out common label copy-in codeOlivier Certner2025-01-161-118/+83
* MAC: mac_policy.h: Declare common MAC sysctl and jail parameters' nodesOlivier Certner2025-01-1617-37/+15
* MAC: Define a common 'mac' node for MAC's jail parametersOlivier Certner2025-01-161-0/+6
* MAC: 'kernel_mac_support' module: Make an outdated comment more genericOlivier Certner2025-01-161-1/+1
* kern: Make fileops and filterops tables const where possibleMark Johnston2024-12-031-1/+1
* mac_bsdextended: Remove \n from sysctl descriptionsEd Maste2024-11-241-3/+3
* cred: kern_setgroups(): Internally use int as number of groups' typeOlivier Certner2024-11-152-5/+5
* MAC: improve handling of listening socketsMichael Tuexen2024-10-312-6/+14
* MAC: improve consistency in error handlingMichael Tuexen2024-10-311-0/+1
* MAC/do: allow to call setuid if real user id is 0Baptiste Daroussin2024-06-271-1/+1
* mac_do: add a new MAC/do policy and mdo(1) utilityBaptiste Daroussin2024-06-271-0/+545
* veriexec: Simplify the initialization of loader tunableZhenlei Huang2023-11-131-6/+2
* cr_canseejailproc(): New privilege, no direct check for UID 0Olivier Certner2023-10-172-0/+2
* sys: Remove $FreeBSD$: one-line .c patternWarner Losh2023-08-1635-70/+0
* sys: Remove $FreeBSD$: two-line .h patternWarner Losh2023-08-1628-56/+0
* mac_ipacl: new MAC policy module to limit jail/vnet IP configurationShivank Garg2023-07-265-0/+496
* mac_veriexec ensure label fields are initializedSimon J. Gerraty2023-07-061-4/+2
* veriexec: Do not save error from file info in fingerprint statusStephen J. Kiernan2023-06-091-3/+3
* mac: Honor order when registering MAC modules.Steve Kiernan2023-04-181-22/+16
* veriexec: Add function to get label associated with a fileSteve Kiernan2023-04-172-0/+27
* veriexec: Add option MAC_VERIEXEC_DEBUGSteve Kiernan2023-04-173-5/+6
* veriexec: mac_veriexec_syscall compat32 supportSimon J. Gerraty2023-04-171-0/+62
* veriexec: Additional functionality for MAC/veriexecSteve Kiernan2023-04-174-32/+144
* veriexec: Add SPDX-License-IdentifierStephen J. Kiernan2023-04-179-18/+18
* mac_veriexec: add mac_priv_grant check for NODEVSimon J. Gerraty2023-04-162-1/+38
* kdb: Modify securelevel policyMark Johnston2023-03-302-0/+10
* vfs: retire KERN_VNODEMateusz Guzik2023-03-171-1/+0
* veriexec: Improve commentsWarner Losh2023-03-151-14/+15
* Increase protection provided by veriexec with new unlink/rename hooks.dl2023-03-141-8/+155
* IfAPI: Add if_get/setmaclabel() and use it.Justin Hibbits2023-01-317-27/+27
* vfs: stop using NDFREEMateusz Guzik2022-12-191-3/+4
* mac_lomac: whack giant usageMateusz Guzik2022-11-151-7/+0
* Bump MAC_VERSION to 5Allan Jude2022-10-071-1/+2
* vfs: introduce V_PCATCH to stop abusing PCATCHMateusz Guzik2022-09-171-2/+2
* mac_veriexec_parser: fix build after 7e1d3eefd410.Dag-Erling Smørgrav2022-09-091-1/+1
* protosw: refactor protosw and domain static declaration and loadGleb Smirnoff2022-08-171-2/+2
* mac: cheaper check for mac_pipe_check_readMateusz Guzik2022-08-173-2/+20
* mac_ddb: Fix the show rman validator.John Baldwin2022-08-121-1/+1
* mac: s/0/false/ in macros denoting probe enablementMateusz Guzik2022-08-111-14/+14
* AST: reworkKonstantin Belousov2022-08-021-4/+15
* Revert "mac_ddb: Make db_show_vnet_valid() handle !VIMAGE"Allan Jude2022-07-211-4/+0
* mac_ddb: Make db_show_vnet_valid() handle !VIMAGEAllan Jude2022-07-211-0/+4
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-14 13:27:31 +0000