Up to [cvs.NetBSD.org] / src / sys / secmodel
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: yamt-pdpolicy
Revision 18.104.22.168 / (download) - annotate - [select for diffs], Thu Sep 14 12:32:00 2006 UTC (16 years, 6 months ago) by yamt
Changes since 22.214.171.124: +11 -0 lines
Diff to previous 126.96.36.199 (colored) to branchpoint 1.1 (colored) next main 1.2 (colored)
sync with head.
Revision 188.8.131.52, Fri Sep 8 20:58:56 2006 UTC (16 years, 6 months ago) by yamt
Changes since 1.1: +0 -11 lines
file files.secmodel was added on branch yamt-pdpolicy on 2006-09-14 12:32:00 +0000
Revision 1.1 / (download) - annotate - [select for diffs], Fri Sep 8 20:58:56 2006 UTC (16 years, 6 months ago) by elad
CVS Tags: yamt-x86pmap-base4, yamt-x86pmap-base3, yamt-x86pmap-base2, yamt-x86pmap-base, yamt-x86pmap, yamt-splraiseipl-base5, yamt-splraiseipl-base4, yamt-splraiseipl-base3, yamt-splraiseipl-base2, yamt-splraiseipl-base, yamt-splraiseipl, yamt-pdpolicy-base9, yamt-idlelwp-base8, yamt-idlelwp, wrstuden-fixsa-newbase, wrstuden-fixsa-base-1, wrstuden-fixsa-base, wrstuden-fixsa, vmlocking-base, vmlocking, thorpej-atomic-base, thorpej-atomic, reinoud-bufcleanup, post-newlock2-merge, nick-csl-alignment-base5, nick-csl-alignment-base, nick-csl-alignment, newlock2-nbase, newlock2-base, netbsd-4-base, netbsd-4-0-RELEASE, netbsd-4-0-RC5, netbsd-4-0-RC4, netbsd-4-0-RC3, netbsd-4-0-RC2, netbsd-4-0-RC1, netbsd-4-0-1-RELEASE, netbsd-4-0, netbsd-4, mjf-ufs-trans-base, mjf-ufs-trans, matt-nb4-arm-base, matt-nb4-arm, matt-mips64-base, matt-mips64, matt-armv6-prevmlocking, jmcneill-base, hpcarm-cleanup, bouyer-xenamd64-base2, ad-audiomp-base, ad-audiomp
Branch point for: yamt-pdpolicy, yamt-lazymbuf, newlock2, mjf-devfs, matt-armv6, jmcneill-pm, bouyer-xenamd64
First take at security model abstraction. - Add a few scopes to the kernel: system, network, and machdep. - Add a few more actions/sub-actions (requests), and start using them as opposed to the KAUTH_GENERIC_ISSUSER place-holders. - Introduce a basic set of listeners that implement our "traditional" security model, called "bsd44". This is the default (and only) model we have at the moment. - Update all relevant documentation. - Add some code and docs to help folks who want to actually use this stuff: * There's a sample overlay model, sitting on-top of "bsd44", for fast experimenting with tweaking just a subset of an existing model. This is pretty cool because it's *really* straightforward to do stuff you had to use ugly hacks for until now... * And of course, documentation describing how to do the above for quick reference, including code samples. All of these changes were tested for regressions using a Python-based testsuite that will be (I hope) available soon via pkgsrc. Information about the tests, and how to write new ones, can be found on: http://kauth.linbsd.org/kauthwiki NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the following: - Uses a KAUTH_GENERIC_ISSUSER kauth(9) request, - Checks 'securelevel' directly, - Checks a uid/gid directly. (or if you feel you have to, contact me first) This is still work in progress; It's far from being done, but now it'll be a lot easier. Relevant mailing list threads: http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help stablizing kauth(9). Full credit for the regression tests, making sure these changes didn't break anything, goes to Matt Fleming and Jaime Fournier. Happy birthday Randi! :)
This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.