Juli Mallett [Wed, 23 Oct 2002 23:16:43 +0000 (23:16 +0000)]
Remove efree(), it isn't used consistently enough to even pretend that it
might help on the systems it could possibly be used as a bandaid for. In
fact, the only thing it's useful for is instrumenting free(3) calls, and in
that capacity, it's better served as a local patch, than a public wrapper.
Robert Watson [Wed, 23 Oct 2002 22:50:04 +0000 (22:50 +0000)]
Rename ifconfig's "mac" argument to "maclabel" to prevent confusion
regarding 802.1 MAC and Mandatory Access Control (MAC). Some
potential for confusion remains further in other areas of the
system regarding Message Authentication Codes (MAC).
More lobotomy:
remove CHUNK_BSD_COMPAT, it was a bad idea, and now its gone.
remove DOSPTYP_ONTRACK, missed in OnTrack removal commit.
unifdef -DHAVE_GEOM
make tst01 compile again.
Rely on sysctl kern.disks to be there, and get rid of one of the far too
many lists of disk device driver names in the system. At this point
we should really get the names from the XML, but hey...
John Baldwin [Wed, 23 Oct 2002 15:53:09 +0000 (15:53 +0000)]
- New-bussify the rc(4) device driver.
- Add detach support to the driver so that you can kldunload the module.
Note that currently rc_detach() fails to detach a unit if any of its
child devices are open, thus a kldunload will fail if any of the tty
devices are currently open.
- sys/i386/isa/ic/cd180.h was moved to sys/dev/ic/cd180.h as part of
this change.
Tim J. Robbins [Wed, 23 Oct 2002 10:52:04 +0000 (10:52 +0000)]
Reimplement more efficiently, using a single forward scan (like strrchr(3))
instead of scanning forwards to find the end of the string then scanning
backwards to find the character.
Tim J. Robbins [Wed, 23 Oct 2002 10:16:21 +0000 (10:16 +0000)]
Add a Standards section, claiming conformance to IEEE Std. 1003.1-2001.
Also add a note to the Bugs section pointing out that strerror() and
perror() share the same static buffer.
Tim J. Robbins [Wed, 23 Oct 2002 04:35:25 +0000 (04:35 +0000)]
Replace this wcsncpy() implementation with one based on strncpy.c to fix
two major bugs:
- off-by-one overflow when the length of the source string exceeds or
equals the destination buffer size.
- old version was not padding the destination buffer with null wide chars
Robert Watson [Wed, 23 Oct 2002 03:40:47 +0000 (03:40 +0000)]
Teach ifconfig(8) how to print and set the MAC labels on network
interfaces using the 'mac' argument. Without MAC support in the
kernel, this does not change the behavior of ifconfig.
Marcel Moolenaar [Wed, 23 Oct 2002 03:33:06 +0000 (03:33 +0000)]
Don't complain if we have an inconsistent map that may be the
result of an incomplete migration. An incomplete migration is
one where the MBR is not turned into a PMBR after creating the
GPT. This early in the game it's more convenient to allow the
inconsistency, because that avoids that we have to destroy the
MBR partitioning for now.
Robert Watson [Wed, 23 Oct 2002 03:19:34 +0000 (03:19 +0000)]
Add a new '-s' option to su(1): if the flag is present, attempt to
also set the user's MAC label as part of the user credential setup
by setting setusercontext(3)'s SETMAC flag. By default, change only
traditional process properties.
Robert Watson [Wed, 23 Oct 2002 03:17:22 +0000 (03:17 +0000)]
If LOGIN_SETMAC is set and MAC is enabled in the kernel, then see
if the user has a 'label' entry in their login class. If so, attempt
to set that label on the process as part of the credential setup. If
we're unable to parse the label, or unable to set the label, fail.
In the future, we may also want to warn if a label is set but the
kernel doesn't support MAC.
Robert Watson [Wed, 23 Oct 2002 03:15:24 +0000 (03:15 +0000)]
Introduce simple command line tools to manage MAC labels on processes and
files. Basically wrappers for mac_{get,set}_{file,link,pid,proc}(3).
Man pages to be updated shortly.
Thomas Quinot [Tue, 22 Oct 2002 20:18:51 +0000 (20:18 +0000)]
Fill in missing parts of the ATAPI/CAM XPT: implement XPT_RESET_BUS
and XPT_RESET_DEV.
In order to properly handle reset requests whether they originate in the
ATA layer (atacontrol reinit) or from the CAM layer (camcontrol reset)
ata_reinit does not cause the SIM to be deallocated anymore. The SIM
is now unconditionnally created for each ATAPI bus.
This change may cause existing bus ids to change on some setups.
John Baldwin [Tue, 22 Oct 2002 18:44:59 +0000 (18:44 +0000)]
Don't dereference the 'x' pointer if it is NULL, instead skip the
assignment. The netsmb code likes to call these functions with a NULL
x argument a lot.
Jake Burkholder [Tue, 22 Oct 2002 18:03:15 +0000 (18:03 +0000)]
- Expand struct trapframe to 256 bytes, make all fields fixed width and the
same size. Add some fields that previously overlapped with something else
or were missing.
- Make struct regs and struct mcontext (minus floating point) the same as
struct trapframe so converting between them is easy (null).
- Add space for saving floating point state to struct mcontext. This requires
that it be 64 byte aligned.
- Add assertions that none of these structures change size, as they are part
of the ABI.
- Remove some dead code in sendsig().
- Save and restore %gsr in struct trapframe. Remember to restore %fsr.
- Add some comments to exception.S.
Robert Watson [Tue, 22 Oct 2002 17:19:06 +0000 (17:19 +0000)]
Remove the mac_te policy bits from 'struct oldmac' -- we're not going
to merge mac_te, since the SEBSD port of SELinux/FLASK provides a much
more mature Type Enforcement implementation. This changes the size
of the on-disk 'struct oldmac' EA labels, which may require regeneration.
Robert Drehmel [Tue, 22 Oct 2002 16:06:28 +0000 (16:06 +0000)]
Change the `mutex_prof' structure to use three variables contained
in an anonymous structure as counters, instead of an array with
preprocessor-defined names for indices. Remove the associated XXX-
comment.
Robert Watson [Tue, 22 Oct 2002 15:56:44 +0000 (15:56 +0000)]
Invoke mac_check_vnode_mmap() during mmap operations on vnodes,
permitting policies to restrict access to memory mapping based on
the credential requesting the mapping, the target vnode, the
requested rights, or other policy considerations.
Robert Watson [Tue, 22 Oct 2002 15:53:43 +0000 (15:53 +0000)]
Introduce MAC_CHECK_VNODE_SWAPON, which permits MAC policies to
perform authorization checks during swapon() events; policies
might choose to enforce protections based on the credential
requesting the swap configuration, the target of the swap operation,
or other factors such as internal policy state.