Joerg Wunsch [Sun, 6 Oct 2002 18:48:20 +0000 (18:48 +0000)]
When considering temporary files for deletion, don't examine the mtime
and atime only, but also the ctime. Otherwise, files extracted from
tar or zip archives will immediately be declared stale since they've
got their mtime reset to the original mtime.
Thomas Quinot [Sun, 6 Oct 2002 16:24:36 +0000 (16:24 +0000)]
Set only the RB_POWEROFF flag (not the RB_HALT flag) when
'-p' is used on the reboot(8) command line.
This is intended for use when you want to attempt a power down
action, but you want the system to reboot (not halt) if the
power down action fails.
This is typically useful when the power-off action performed by
the kernel consists in signalling an uninterrupted power supply
that it should shut down its inverter if mains power has not returned.
The behaviour of shutdown(8) and init(8) is not modified;
only the behaviour of invoking 'reboot -p' manually is
modified, and then only in the case when a power-down action
fails.
Sounded reasonable to: phk
Approved by: roberto (mentor)
Robert Watson [Sun, 6 Oct 2002 14:39:15 +0000 (14:39 +0000)]
Integrate mac_check_socket_send() and mac_check_socket_receive()
checks from the MAC tree: allow policies to perform access control
for the ability of a process to send and receive data via a socket.
At some point, we might also pass in additional address information
if an explicit address is requested on send.
Tim J. Robbins [Sun, 6 Oct 2002 10:15:38 +0000 (10:15 +0000)]
Add a note to the Compatiblity section suggesting that these functions
only be used for byte values. Add cross-references to the wide-char
counterparts.
While removing a memory leak, rev 1.32 introduced a
free-memory-and-reuse-it-after. Correct both problems and
make rcp -r work again under /etc/malloc.conf -> AJ.
Hajimu UMEMOTO [Sun, 6 Oct 2002 08:43:35 +0000 (08:43 +0000)]
Put giant locks due to make getaddrinfo(), getnameinfo()
and getipnodeby*() thread-safe.
Our res_*() is not thread-safe. So, we share lock between
getaddrinfo() and getipnodeby*(). Still, we cannot use
getaddrinfo() and getipnodeby*() in conjunction with other
functions which call res_*().
Tim J. Robbins [Sun, 6 Oct 2002 06:35:51 +0000 (06:35 +0000)]
Disallow empty condition parts of "if", "while" and "until" compound
commands. Commands like "if then ... fi" and "while do ... done" are no
longer accepted. Bodies of compound commands are still allowed to be
empty, because even though POSIX does not allow them, most shells do.
Robert Watson [Sun, 6 Oct 2002 02:46:26 +0000 (02:46 +0000)]
Sync from MAC tree: break out the single mmap entry point into
seperate entry points for each occasion:
mac_check_vnode_mmap() Check at initial mapping
mac_check_vnode_mprotect() Check at mapping protection change
mac_check_vnode_mmap_downgrade() Determine if a mapping downgrade
should take place following
subject relabel.
Implement mmap() and mprotect() entry points for labeled vnode
policies. These entry points are currently not hooked up to the
VM system in the base tree. These changes improve the consistency
of the access control interface and offer more flexibility regarding
limiting access to vnode mmaping.
Robert Watson [Sat, 5 Oct 2002 21:23:47 +0000 (21:23 +0000)]
Modify label allocation semantics for sockets: pass in soalloc's malloc
flags so that we can call malloc with M_NOWAIT if necessary, avoiding
potential sleeps while holding mutexes in the TCP syncache code.
Similar to the existing support for mbuf label allocation: if we can't
allocate all the necessary label store in each policy, we back out
the label allocation and fail the socket creation. Sync from MAC tree.
Maxime Henrion [Sat, 5 Oct 2002 20:14:49 +0000 (20:14 +0000)]
Add two extern's for adjkerntz and wall_cmos_clock, all other
archs have them there, alghough the variable are declared in
subr_clock.c. These should probably be moved into some MI
place.
Robert Watson [Sat, 5 Oct 2002 20:05:23 +0000 (20:05 +0000)]
Make sure that the accounting credential is saved along with the vp
when accounting is suspended--otherwise when accounting is restored,
we may incorrectly assume the credential is valid.
Robert Watson [Sat, 5 Oct 2002 18:40:10 +0000 (18:40 +0000)]
Integrate a devfs/MAC fix from the MAC tree: avoid a race condition during
devfs VOP symlink creation by introducing a new entry point to determine
the label of the devfs_dirent prior to allocation of a vnode for the
symlink.
Robert Watson [Sat, 5 Oct 2002 18:11:36 +0000 (18:11 +0000)]
Merge support for mac_check_vnode_link(), a MAC framework/policy entry
point that instruments the creation of hard links. Policy implementations
to follow.
Robert Watson [Sat, 5 Oct 2002 17:44:49 +0000 (17:44 +0000)]
While the MAC API has supported the ability to handle M_NOWAIT passed
to mbuf label initialization, that functionality was never merged to
the main tree. Go ahead and merge that functionality now. Note that
this requires policy modules to accept the case where the label
element may be destroyed even if init has not succeeded on it (in
the event that policy failed the init). This will shortly also
apply to sockets.
Robert Watson [Sat, 5 Oct 2002 17:38:45 +0000 (17:38 +0000)]
Rearrange object and label init/destroy functions to match the
order used in mac_policy.h and elsewhere. Sort order is basically
"by operation category", then "alphabetically by object". Sync to
MAC tree.
Robert Watson [Sat, 5 Oct 2002 16:57:16 +0000 (16:57 +0000)]
Another big diff, little functional change: move label internalization,
externalization, and cred label life cycle events to entirely above
devfs and vnode events. Sync from MAC tree.
Robert Watson [Sat, 5 Oct 2002 16:54:59 +0000 (16:54 +0000)]
Move all object label init/destroy routines to the head of the
entry points to better match the entry point ordering in mac_policy.h.
Big diff, no functional change; merge from the MAC tree.
Robert Watson [Sat, 5 Oct 2002 15:10:00 +0000 (15:10 +0000)]
Begin another merge from the TrustedBSD MAC branch:
- Change mpo_init_foo(obj, label) and mpo_destroy_foo(obj, label) policy
entry points to mpo_init_foo_label(label) and
mpo_destroy_foo_label(label). This will permit the use of the same
entry points for holding temporary type-specific label during
internalization and externalization, as well as for caching purposes.
- Because of this, break out mpo_{init,destroy}_socket() and
mpo_{init,destroy}_mount() into seperate entry points for socket
main/peer labels and mount main/fs labels.
- Since the prototype for label initialization is the same across almost
all entry points, implement these entry points using common
implementations for Biba, MLS, and Test, reducing the number of
almost identical looking functions.
This simplifies policy implementation, as well as preparing us for the
merge of the new flexible userland API for managing labels on objects.
Daniel Eischen [Sat, 5 Oct 2002 14:36:14 +0000 (14:36 +0000)]
Fix building of minimal kernels without npx by rearranging ifdefs.
Also fix some style bugs in surrounding code, and add a comment
about FP state restoral that seems questionable.
Juli Mallett [Sat, 5 Oct 2002 04:49:46 +0000 (04:49 +0000)]
Put an easy-to-miss assignment into the proper place. It was stray in the
middle of a block of code, with no clear assignment. While here, move one
nearby assignment out of declaration.
Robert Watson [Sat, 5 Oct 2002 03:44:00 +0000 (03:44 +0000)]
Get Vinum up and running with GEOM:
(1) Use namei() and devfs to discover devices rather than a hard-coded
MAKEDEV implementation. Once rootfs is in place, this will allow
Vinum to be used for the root file system partition.
(2) Pass FREAD to device opens so that GEOM will return sector size
rather than an error on attempts to read label data.
(3) Avoid clobbering return values from close_drive() and masking this
failure, resulting in a later divide by zero due to not having
updated the Vinum-cached sector size.
(4) Ignore failures from DIOCWLABEL as that appears not to be required
in the GEOM environment.
We've done testing in simple Vinum environments, but those with more
complex environments might want to give this a spin in DP2 and make
sure everything is up to speed.
Fixes in collaboration with: iedowse
Reviewed by: grog
Robert Watson [Sat, 5 Oct 2002 03:07:23 +0000 (03:07 +0000)]
Remove a panic on vinum module unload: make sure to destroy all mutexes
before freeing so that WITNESS doesn't dereference mutex data pointers
and page fault. It's now possible to unload vinum.ko with a GENERIC
kernel on 5.0-CURRENT without panic.
Daniel Eischen [Sat, 5 Oct 2002 02:22:26 +0000 (02:22 +0000)]
Once again, remove the i386-specific hacks to save and restore
the FPU state on receiving and returning from a signal.
The FPU save and restore macros are no longer needed, but
remain defined in case we need to use them again (something
else breaks). They'll be removed permanently once new
syscalls are added to handle the new i386 ucontext size.
Mitsuru IWASAKI [Sat, 5 Oct 2002 02:01:05 +0000 (02:01 +0000)]
Add code for ACPI PCI link object manipulation.
This allocate the best IRQ to boot-disable devices (have IRQ 0).
Allocated IRQ will be used for PCI interrupt routing when ACPI is
enabled.
Note that verbose messaging enabled for the time being so that
people can easily notice the strange behavior if it happened.
Mike Barcroft [Fri, 4 Oct 2002 21:31:33 +0000 (21:31 +0000)]
o Adjust the SEM_VALUE_MAX macro so that <machine/limits.h> isn't
needed.
o Remove unneeded includes which only add namespace pollution.
o Sort function prototypes.
o Add restrict type-qualifier to sem_getvalue().
Sam Leffler [Fri, 4 Oct 2002 20:31:23 +0000 (20:31 +0000)]
In-kernel crypto framework derived from openbsd. This facility provides
a consistent interface to h/w and s/w crypto algorithms for use by the
kernel and (for h/w at least) by user-mode apps. Access for user-level
code is through a /dev/crypto device that'll eventually be used by openssl
to (potentially) accelerate many applications. Coming soon is an IPsec
that makes use of this service to accelerate ESP, AH, and IPCOMP protocols.
Included here is the "core" crypto support, /dev/crypto driver, various
crypto algorithms that are not already present in the KAME crypto area,
and support routines used by crypto device drivers.
John Baldwin [Fri, 4 Oct 2002 20:19:36 +0000 (20:19 +0000)]
Fix a bogon in previous commit. bcopy() from the malloc'd memory that we
already copied into, rather than doing the bcopy() from the userland
pointer. "Oops."