| Commit message (Expand) | Author | Age | Files | Lines |
* | jail: Add prison_isvalid() and prison_isalive() | Jamie Gritton | 2021-01-18 | 1 | -0/+2 |
* | jail: Consistently handle the pr_allow bitmask | Jamie Gritton | 2020-12-27 | 1 | -0/+1 |
* | jail: Make comments on struct prison locking more precise | Jamie Gritton | 2020-12-27 | 1 | -3/+5 |
* | jail: introduce per jail suser_enabled setting | Mariusz Zaborski | 2020-11-18 | 1 | -1/+2 |
* | Add __BEGIN_DECLS to jail.h to keep C++ happy. | Jamie Gritton | 2020-08-29 | 1 | -0/+2 |
* | ethersubr: Make the mac address generation more robust | Kristof Provost | 2020-04-18 | 1 | -0/+1 |
* | Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) | Pawel Biernacki | 2020-02-26 | 1 | -2/+4 |
* | Inline jailed(). | Mateusz Guzik | 2020-02-13 | 1 | -1/+6 |
* | Split gigantic rtsock route_output() into smaller functions. | Alexander V. Chernikov | 2019-12-31 | 1 | -1/+1 |
* | In hardened systems, where the security.bsd.unprivileged_proc_debug sysctl | Jamie Gritton | 2018-11-27 | 1 | -1/+8 |
* | Add a new jail permission, allow.read_msgbuf. When true, jailed processes | Jamie Gritton | 2018-10-17 | 1 | -1/+2 |
* | Revert r337922, except for some documention-only bits. This needs to wait | Jamie Gritton | 2018-08-16 | 1 | -2/+11 |
* | Put jail(2) under COMPAT_FREEBSD11. It has been the "old" way of creating | Jamie Gritton | 2018-08-16 | 1 | -11/+2 |
* | Add allow.mlock to jail parameters | Antoine Brodin | 2018-07-29 | 1 | -1/+2 |
* | Change prison_add_vfs() to the more generic prison_add_allow(), which | Jamie Gritton | 2018-07-06 | 1 | -0/+2 |
* | Make it easier for filesystems to count themselves as jail-enabled, | Jamie Gritton | 2018-05-04 | 1 | -10/+7 |
* | sys/sys: further adoption of SPDX licensing ID tags. | Pedro F. Giffuni | 2017-11-27 | 1 | -0/+2 |
* | - Extend pr_allow flags visually to 32 bits, to make it more obvious at firs... | Alexander Leidinger | 2017-07-09 | 1 | -17/+18 |
* | Jails: Optionally prevent jailed root from binding to privileged ports | Allan Jude | 2017-06-06 | 1 | -1/+2 |
* | Move IPv4-specific jail functions to new file netinet/in_jail.c | Stephen J. Kiernan | 2016-08-09 | 1 | -1/+7 |
* | Delay revmoing the last jail reference in prison_proc_free, and instead | Jamie Gritton | 2016-04-27 | 1 | -2/+1 |
* | Add a new jail OSD method, PR_METHOD_REMOVE. It's called when a jail is | Jamie Gritton | 2016-04-25 | 1 | -1/+2 |
* | Remove the PR_REMOVE flag, which was meant as a temporary marker for | Jamie Gritton | 2016-04-25 | 1 | -1/+0 |
* | Doh, commit in a wrong directory. Fix r290857. | Edward Tomasz Napierala | 2015-11-15 | 1 | -1/+2 |
* | Add support to the jail framework to be able to mount linsysfs(5) and | Marcelo Araujo | 2015-07-19 | 1 | -1/+3 |
* | Allow the kern.osrelease and kern.osreldate sysctl values to be set in a | Ian Lepore | 2015-02-27 | 1 | -1/+5 |
* | Add allow.mount.fdescfs jail flag. | Jamie Gritton | 2015-01-28 | 1 | -1/+2 |
* | Remove the prison flags PR_IP4_DISABLE and PR_IP6_DISABLE, which have been | Jamie Gritton | 2015-01-14 | 1 | -2/+0 |
* | Back out r261266 pending security buy-in. | Jamie Gritton | 2014-01-31 | 1 | -2/+1 |
* | Add a jail parameter, allow.kmem, which lets jailed processes access | Jamie Gritton | 2014-01-29 | 1 | -1/+2 |
* | prison_check_ip4() can take const arguments. | Gleb Smirnoff | 2013-11-01 | 1 | -1/+1 |
* | Allow tmpfs be mounted inside jail. | Xin LI | 2013-08-23 | 1 | -1/+2 |
* | Add procfs to jail-mountable filesystems. | Martin Matuska | 2012-02-29 | 1 | -1/+2 |
* | Analogous to r232059, add a parameter for the ZFS file system: | Martin Matuska | 2012-02-26 | 1 | -1/+2 |
* | To improve control over the use of mount(8) inside a jail(8), introduce | Martin Matuska | 2012-02-23 | 1 | -1/+5 |
* | Add support for mounting devfs inside jails. | Martin Matuska | 2012-02-09 | 1 | -1/+2 |
* | Change the way rctl interfaces with jails by introducing prison_racct | Edward Tomasz Napierala | 2011-05-03 | 1 | -1/+12 |
* | Add racct. It's an API to keep per-process, per-jail, per-loginclass | Edward Tomasz Napierala | 2011-03-29 | 1 | -1/+6 |
* | - Merge changes to the base system to support OFED. These include | Jeff Roberson | 2011-03-21 | 1 | -1/+1 |
* | Add ip4.saddrsel/ip4.nosaddrsel (and equivalent for ip6) to control | Bjoern A. Zeeb | 2010-01-17 | 1 | -0/+6 |
* | Throughout the network stack we have a few places of | Bjoern A. Zeeb | 2009-12-13 | 1 | -0/+1 |
* | Make it possible to change the vnet sysctl variables on jails | Bjoern A. Zeeb | 2009-08-13 | 1 | -0/+1 |
* | Some jail parameters (in particular, "ip4" and "ip6" for IP address | Jamie Gritton | 2009-07-25 | 1 | -7/+17 |
* | Clean up struct prison, with the recent fields in more logical places, | Jamie Gritton | 2009-06-24 | 1 | -13/+15 |
* | Add a limit for child jails via the "children.cur" and "children.max" | Jamie Gritton | 2009-06-23 | 1 | -4/+21 |
* | Manage vnets via the jail system. If a jail is given the boolean | Jamie Gritton | 2009-06-15 | 1 | -0/+2 |
* | Rename the host-related prison fields to be the same as the host.* | Jamie Gritton | 2009-06-13 | 1 | -3/+3 |
* | Add counterparts to getcredhostname: | Jamie Gritton | 2009-06-13 | 1 | -1/+4 |
* | Place hostnames and similar information fully under the prison system. | Jamie Gritton | 2009-05-29 | 1 | -0/+6 |
* | Add support for the arbitrary named jail parameters used by jail_set(2) | Jamie Gritton | 2009-05-27 | 1 | -13/+5 |