| Commit message (Expand) | Author | Age | Files | Lines |
* | mac_policy: Remove mac_policy_sx | Jason A. Harmening | 2020-04-04 | 1 | -8/+3 |
* | Make sure we convert internal audit records for thr_new | Christian S.J. Peron | 2020-03-30 | 1 | -0/+3 |
* | In r358471, we interrupted the case block that would eventually lead | Christian S.J. Peron | 2020-03-03 | 1 | -9/+10 |
* | fd: move vnodes out of filedesc into a dedicated structure | Mateusz Guzik | 2020-03-01 | 1 | -15/+12 |
* | Currently kernel audit events for jail_set(2), jail_get(2), jail_attach(2), | Christian S.J. Peron | 2020-02-29 | 1 | -0/+16 |
* | Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) | Pawel Biernacki | 2020-02-26 | 15 | -19/+36 |
* | audit: provide audit_canon_path variant which accepts vnodes | Mateusz Guzik | 2020-02-21 | 4 | -23/+103 |
* | audit: simplify path resolving logic | Mateusz Guzik | 2020-02-21 | 1 | -49/+26 |
* | audit: rely on use count instead of hold count in audit_canon_path | Mateusz Guzik | 2020-02-21 | 1 | -9/+6 |
* | vfs: add realpathat syscall | Mateusz Guzik | 2020-02-20 | 1 | -0/+1 |
* | Merge audit and systrace checks | Mateusz Guzik | 2020-02-14 | 1 | -3/+6 |
* | Annotate branches in the syscall path | Mateusz Guzik | 2020-02-14 | 1 | -1/+1 |
* | vfs: use mac fastpath for lookup, open, read, write, mmap | Mateusz Guzik | 2020-02-13 | 3 | -15/+124 |
* | mac: implement fast path for checks | Mateusz Guzik | 2020-02-13 | 3 | -4/+118 |
* | vfs: eliminate v_tag from struct vnode | Mateusz Guzik | 2020-01-07 | 1 | -9/+22 |
* | vfs: drop the mostly unused flags argument from VOP_UNLOCK | Mateusz Guzik | 2020-01-03 | 7 | -13/+13 |
* | mac: use a sleepable rmlock instead of an sx lock | Mateusz Guzik | 2019-12-27 | 1 | -2/+6 |
* | Instead of looking up a predecessor or successor to the current map | Doug Moore | 2019-11-20 | 1 | -4/+5 |
* | Jail and capability mode for shm_rename; add audit support for shm_rename | David Bright | 2019-11-18 | 1 | -0/+10 |
* | Define wrapper functions vm_map_entry_{succ,pred} to act as wrappers | Doug Moore | 2019-11-13 | 1 | -1/+2 |
* | Define macro VM_MAP_ENTRY_FOREACH for enumerating the entries in a vm_map. | Doug Moore | 2019-10-08 | 1 | -1/+1 |
* | vm_map_simplify_entry considers merging an entry with its two | Doug Moore | 2019-08-25 | 1 | -1/+1 |
* | Fix mac_veriexec_parser build after r347938 | Marcin Wojtas | 2019-08-08 | 1 | -1/+3 |
* | Extract eventfilter declarations to sys/_eventfilter.h | Conrad Meyer | 2019-05-20 | 2 | -0/+3 |
* | Add a new ioctl for the larger params struct that includes the label. | Stephen J. Kiernan | 2019-05-17 | 3 | -53/+117 |
* | Obtain a shared lock instead of exclusive in the MAC/veriexec | Stephen J. Kiernan | 2019-05-17 | 1 | -1/+2 |
* | sysctls which should be restricted when securelevel is raised should also | Stephen J. Kiernan | 2019-05-17 | 1 | -2/+20 |
* | Fix format strings for some debug messages that could have arguments that | Stephen J. Kiernan | 2019-05-17 | 1 | -9/+12 |
* | Ensure we have obtained a lock on the process before calling | Stephen J. Kiernan | 2019-05-17 | 1 | -1/+10 |
* | When MAC is enabled and a policy module is loaded, don't unconditionally | Robert Watson | 2019-05-03 | 3 | -26/+51 |
* | Create kernel module to parse Veriexec manifest based on envs | Marcin Wojtas | 2019-04-03 | 1 | -0/+474 |
* | Create new EINTEGRITY error with message "Integrity check failed". | Kirk McKusick | 2019-01-17 | 1 | -0/+7 |
* | mac: reduce pessimization of sdt probe handling | Mateusz Guzik | 2018-12-19 | 1 | -12/+16 |
* | Remove unused argument to priv_check_cred. | Mateusz Guzik | 2018-12-11 | 7 | -14/+13 |
* | audi: replace open-coded TDP_AUDITREC checks with the macro | Mateusz Guzik | 2018-12-11 | 1 | -2/+2 |
* | audit: predict AUDITING_TD as false | Mateusz Guzik | 2018-11-29 | 1 | -1/+1 |
* | audit: change audit_syscalls_enabled type to bool | Mateusz Guzik | 2018-11-29 | 2 | -6/+6 |
* | Add const to input-only char * arguments. | Brooks Davis | 2018-11-02 | 2 | -2/+2 |
* | Rework the logic around quick checks for auditing that take place at | Robert Watson | 2018-10-02 | 6 | -44/+103 |
* | The kernel DTrace audit provider (dtaudit) relies on auditd(8) to load | Robert Watson | 2018-09-03 | 1 | -8/+83 |
* | Require that MAC label buffers be able to store a non-empty string. | Mark Johnston | 2018-08-01 | 1 | -1/+3 |
* | fix incorrect operator in the AUDITPIPE_SET_QLIMIT bounds check | Andriy Gapon | 2018-07-23 | 1 | -1/+1 |
* | Fix audit of chflagsat, lgetfh, and setfib | Alan Somers | 2018-07-22 | 1 | -0/+3 |
* | Make it possible to run ntpd as a non-root user, add ntpd uid and gid. | Ian Lepore | 2018-07-19 | 1 | -0/+77 |
* | auditon(2): fix A_SETPOLICY with 64-bit values | Alan Somers | 2018-07-15 | 1 | -1/+1 |
* | Add mpo_vnode_check_setmode MAC method to MAC/veriexec. | Stephen J. Kiernan | 2018-07-14 | 1 | -0/+33 |
* | Fix a typo which could cause a build breakage when building with MAC/veriexec | Stephen J. Kiernan | 2018-07-14 | 2 | -2/+1 |
* | Remove RIPEMD-160 fingerprint modules for veriexec, since it has very | Stephen J. Kiernan | 2018-07-14 | 1 | -45/+0 |
* | Fix build breakage in veriexec for 32-bit architectures. | Stephen J. Kiernan | 2018-06-20 | 2 | -23/+28 |
* | MAC/veriexec implements a verified execution environment using the MAC | Stephen J. Kiernan | 2018-06-20 | 10 | -0/+2454 |