#
95ee2897 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: two-line .h pattern Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
|
#
88640c0e |
|
16-Jan-2019 |
Kirk McKusick <mckusick@FreeBSD.org> |
Create new EINTEGRITY error with message "Integrity check failed". An integrity check such as a check-hash or a cross-correlation failed. The integrity error falls between EINVAL that identifies errors in parameters to a system call and EIO that identifies errors with the underlying storage media. EINTEGRITY is typically raised by intermediate kernel layers such as a filesystem or an in-kernel GEOM subsystem when they detect inconsistencies. Uses include allowing the mount(8) command to return a different exit value to automate the running of fsck(8) during a system boot. These changes make no use of the new error, they just add it. Later commits will be made for the use of the new error number and it will be added to additional manual pages as appropriate. Reviewed by: gnn, dim, brueffer, imp Discussed with: kib, cem, emaste, ed, jilles Differential Revision: https://reviews.freebsd.org/D18765
|
#
51369649 |
|
20-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
sys: further adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 3-Clause license. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point.
|
#
8a0f5c0b |
|
20-Dec-2015 |
Christian Brueffer <brueffer@FreeBSD.org> |
Merge from contrib/openbsm to bring the kernel audit bits up to date with OpenBSM 1.2 alpha 4: - remove $P4$ - fix a comment
|
#
97aa9e73 |
|
08-Dec-2015 |
Christian Brueffer <brueffer@FreeBSD.org> |
Vendor import of OpenBSM 1.2-alpha4.
|
#
d0c2e5bd |
|
01-Dec-2012 |
Robert Watson <rwatson@FreeBSD.org> |
Merge OpenBSM 1.2-alpha2 changes from contrib/openbsm to src/sys/{bsm,security/audit}. There are a few tweaks to help with the FreeBSD build environment that will be merged back to OpenBSM. No significant functional changes appear on the kernel side. Obtained from: TrustedBSD Project Sponsored by: The FreeBSD Foundation (auditdistd)
|
#
c5119f5d |
|
30-Nov-2012 |
Robert Watson <rwatson@FreeBSD.org> |
Import OpenBSM 1.2-alpha2: OpenBSM 1.2 alpha 2 - auditdistd, a distributed audit trail management daemon, has now been merged. This allows trail files to be securely and reliably synced from audited hosts to an audit server, and employs TLS encryption. Where available, it uses Capsicum to sandbox the service. This work was contributed by Pawel Jakub Dawidek under sponsorship from the FreeBSD Foundation. OpenBSM 1.2 alpha 1 - Add Capsicum-related error numbers for FreeBSD: ENOTCAPABLE, ECAPMODE. - Add Capsicum, process descriptor audit events for FreeBSD. - Allow 0% minspace. - Fixes from the clang static analyser. - Fix expiration of trail files when the host parameter is used. - Various typo fixes. - Support for Solaris privilege and privilege set tokens. - Documentation for getachost(), improvements for getacfilesz(). - Fix a directory descriptor leak that happened when audit trail partitions filled. - Support for more Linux distributions with a partial contemporary endian.h. - Improved escaping of XML-encapsulated BSM. - A variety of minor documentation, style, and functional. Obtained from: TrustedBSD Project Sponsored by: The FreeBSD Foundation (auditdistd)
|
#
25122f5c |
|
01-Mar-2011 |
Robert Watson <rwatson@FreeBSD.org> |
Add ECAPMODE, "Not permitted in capability mode", a new kernel errno constant to indicate that a system call (or perhaps an operation requested via a system call) is not permitted for a capability mode process. Submitted by: anderson Sponsored by: Google, Inc. Obtained from: Capsicum Project MFC after: 1 week
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
a4bd1344 |
|
11-Jan-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Vendor import of OpenBSM 1.1 alpha5, which incorporates the following changes since the last imported OpenBSM release: OpenBSM 1.1 alpha 5 - Stub libauditd(3) man page added. - All BSM error number constants with BSM_ERRNO_. - Interfaces to convert between local and BSM socket types and protocol families have been added: au_bsm_to_domain(3), au_bsm_to_socket_type(3), au_domain_to_bsm(3), and au_socket_type_to_bsm(3), along with definitions of constants in audit_domain.h and audit_socket_type.h. This improves interoperability by converting local constant spaces, which vary by OS, to and from Solaris constants (where available) or OpenBSM constants for protocol domains not present in Solaris (a fair number). These routines should be used when generating and interpreting extended socket tokens. - Fix build warnings with full gcc warnings enabled on most supported platforms. - Don't compile error strings into bsm_errno.c when building it in the kernel environment. - When started by launchd, use the label com.apple.auditd rather than org.trustedbsd.auditd. Obtained from: TrustedBSD Project Sponsored by: Apple Inc.
|
#
980b6e45 |
|
28-Dec-2008 |
Robert Watson <rwatson@FreeBSD.org> |
Vendor import of OpenBSM 1.1 alpha4, which incorporates the following changes since the last imported OpenBSM release: OpenBSM 1.1 alpha 4 - With the addition of BSM error number mapping, we also need to map the local error number passed to audit_submit(3) to a BSM error number, rather than have the caller perform that conversion. - Reallocate user audit events to avoid collisions with Solaris; adopt a more formal allocation scheme, and add some events allocated in Solaris that will be of immediate use on other platforms. - Add an event for Calife. - Add au_strerror(3), which allows generating strings for BSM errors directly, rather than requiring applications to map to the local error space, which might not be able to entirely represent the BSM error number space. - Major auditd rewrite for launchd(8) support. Add libauditd library that is shared between launchd and auditd. - Add AUDIT_TRIGGER_INITIALIZE trigger (sent via 'audit -i') for (re)starting auditing under launchd(8) on Mac OS X. - Add 'current' symlink to active audit trail. - Add crash recovery of previous audit trail file when detected on audit startup that it has not been properly terminated. - Add the event AUE_audit_recovery to indicated when an audit trail file has been recovered from not being properly terminated. This event is stored in the new audit trail file and includes the path of recovered audit trail file. - Mac OS X and FreeBSD dependent code in auditd.c is separated into auditd_darwin.c and auditd_fbsd.c files. - Add an event for the posix_spawn(2) and fsgetpath(2) Mac OS X system calls. - For Mac OS X, we use ASL(3) instead of syslog(3) for logging. - Add support for NOTICE level logging. OpenBSM 1.1 alpha 3 - Add two new functions, au_bsm_to_errno() and au_errno_to_bsm(), to map between BSM error numbers (largely the Solaris definitions) and local errno(2) values for 32-bit and 64-bit return tokens. This is required as operating systems don't agree on some of the values of more recent error numbers. - Fix a bug how au_to_exec_args(3) and au_to_exec_env(3) calculates the total size for the token. This bug resulted in "unknown" tokens being printed after the exec args/env tokens. - Support for AUT_SOCKET_EX extended socket tokens, which describe a socket using a pair of IPv4/IPv6 and port tuples. - OpenBSM BSM file header version bumped for 1.1 release. - Deprecated Darwin constants, such as TRAILER_PAD_MAGIC, removed. Obtained from: TrustedBSD Project Sponsored by: Apple Inc.
|