|
Revision tags: perseant-exfatfs-base-20250801 netbsd-11-base netbsd-10-1-RELEASE perseant-exfatfs-base-20240630 perseant-exfatfs-base netbsd-8-3-RELEASE netbsd-9-4-RELEASE netbsd-10-0-RELEASE netbsd-10-0-RC6 netbsd-10-0-RC5 netbsd-10-0-RC4 netbsd-10-0-RC3 netbsd-10-0-RC2 netbsd-10-0-RC1 netbsd-10-base netbsd-9-3-RELEASE cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 netbsd-9-2-RELEASE cjep_staticlib_x-base netbsd-9-1-RELEASE phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 netbsd-8-2-RELEASE netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 netbsd-8-1-RELEASE netbsd-8-1-RC1 pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 netbsd-7-2-RELEASE pgoyette-compat-0728 netbsd-8-0-RELEASE phil-wifi-base pgoyette-compat-0625 netbsd-8-0-RC2 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 netbsd-7-1-2-RELEASE pgoyette-compat-base netbsd-7-1-1-RELEASE matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 bouyer-socketcan-base pgoyette-localcount-20170107 netbsd-7-1-RC1 pgoyette-localcount-20161104 netbsd-7-0-2-RELEASE localcount-20160914 netbsd-7-nhusb-base pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 tls-maxphys-base
|
|
| #
1.17 |
|
18-Mar-2014 |
riastradh |
Merge riastradh-drm2 to HEAD.
|
|
Revision tags: riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1
|
|
| #
1.16 |
|
20-Jul-2013 |
wiz |
Use Mt for email addresses.
|
|
Revision tags: riastradh-drm2-base agc-symver-base yamt-pagecache-base8 yamt-pagecache-base7
|
|
| #
1.15 |
|
22-Nov-2012 |
abs |
branches: 1.15.2;
Punctuation and (non-)capitalization fixes.
From Bug Hunting.
|
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base
|
|
| #
1.14 |
|
04-Dec-2011 |
jym |
branches: 1.14.6;
Improvements in secmodel(9). Document secmodel_register(9), _deregister(9)
and _eval(9).
Add secmodel_extensions(9), and indicate the new sysctl(7) to let
ordinary users control the CPU affinity (user_set_cpu_affinity).
|
|
Revision tags: yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base uebayasi-xip-base7 bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231 uebayasi-xip-base6 uebayasi-xip-base5 uebayasi-xip-base4 uebayasi-xip-base3 uebayasi-xip-base2 uebayasi-xip-base1 matt-premerge-20091211
|
|
| #
1.13 |
|
02-Oct-2009 |
elad |
branches: 1.13.8;
Bump date to today's date (rather than when the changes were made).
|
| #
1.12 |
|
02-Oct-2009 |
elad |
First part of secmodel cleanup and other misc. changes:
- Separate the suser part of the bsd44 secmodel into its own secmodel
and directory, pending even more cleanups. For revision history
purposes, the original location of the files was
src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
src/sys/secmodel/bsd44/suser.h
- Add a man-page for secmodel_suser(9) and update the one for
secmodel_bsd44(9).
- Add a "secmodel" module class and use it. Userland program and
documentation updated.
- Manage secmodel count (nsecmodels) through the module framework.
This eliminates the need for secmodel_{,de}register() calls in
secmodel code.
- Prepare for secmodel modularization by adding relevant module bits.
The secmodels don't allow auto unload. The bsd44 secmodel depends
on the suser and securelevel secmodels. The overlay secmodel depends
on the bsd44 secmodel. As the module class is only cosmetic, and to
prevent ambiguity, the bsd44 and overlay secmodels are prefixed with
"secmodel_".
- Adapt the overlay secmodel to recent changes (mainly vnode scope).
- Stop using link-sets for the sysctl node(s) creation.
- Keep sysctl variables under nodes of their relevant secmodels. In
other words, don't create duplicates for the suser/securelevel
secmodels under the bsd44 secmodel, as the latter is merely used
for "grouping".
- For the suser and securelevel secmodels, "advertise presence" in
relevant sysctl nodes (sysctl.security.models.{suser,securelevel}).
- Get rid of the LKM preprocessor stuff.
- As secmodels are now modules, there's no need for an explicit call
to secmodel_start(); it's handled by the module framework. That
said, the module framework was adjusted to properly load secmodels
early during system startup.
- Adapt rump to changes: Instead of using empty stubs for securelevel,
simply use the suser secmodel. Also replace secmodel_start() with a
call to secmodel_suser_start().
- 5.99.20.
Testing was done on i386 ("release" build). Spearated module_init()
changes were tested on sparc and sparc64 as well by martin@ (thanks!).
Mailing list reference:
http://mail-index.netbsd.org/tech-kern/2009/09/25/msg006135.html
|
|
Revision tags: netbsd-5-2-3-RELEASE netbsd-5-1-5-RELEASE netbsd-5-2-2-RELEASE netbsd-5-1-4-RELEASE netbsd-5-2-1-RELEASE netbsd-5-1-3-RELEASE netbsd-5-2-RELEASE netbsd-5-2-RC1 netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 matt-nb5-pq3-base netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE jym-xensuspend-nbase netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 jym-xensuspend-base netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 wrstuden-revivesa-base yamt-pf42-base mjf-devfs2-base keiichi-mipv6-nbase keiichi-mipv6-base matt-armv6-nbase cube-autoconf-base matt-armv6-base hpcarm-cleanup-base
|
|
| #
1.11 |
|
21-Nov-2007 |
elad |
Make securelevel a "secmodel" of its own.
While it's true that it's part of the traditional 4.4BSD security model,
there may come a time where a different "primary" security model used for
fine-grained privileges (ie., splitting root's responsibilities to various
privileges that can be assigned) may want to still have a securelevel
setting.
Idea from Daniel Carosone:
http://mail-index.netbsd.org/tech-security/2006/08/25/0001.html
The location of the removed files, for reference, was:
src/secmodel/bsd44/secmodel_bsd44_securelevel.c
src/secmodel/bsd44/securelevel.h
|
|
Revision tags: matt-armv6-prevmlocking matt-mips64-base
|
|
| #
1.10 |
|
09-Jan-2007 |
elad |
branches: 1.10.4;
Remove advertising clause from all of my stuff.
|
| #
1.9 |
|
26-Dec-2006 |
elad |
Make machdep scope architecture-agnostic by removing all arch-specific
requests and centralizing them all. The result is that some of these
are not used on some architectures, but the documentation was updated
to reflect that.
|
|
Revision tags: netbsd-4-base
|
|
| #
1.8 |
|
22-Nov-2006 |
elad |
branches: 1.8.2;
Add missing items to the securelevel implications list.
Now it is complete.
|
| #
1.7 |
|
19-Sep-2006 |
elad |
Maintain list of security models we ship with NetBSD in secmodel(9), and
some tiny markup fix in secmodel_bsd44(9).
|
| #
1.6 |
|
17-Sep-2006 |
elad |
Add SYNOPSIS, after consulting wiz@, thanks!
|
| #
1.5 |
|
17-Sep-2006 |
elad |
Update kauth(9) that was forgotten in the big secmodel commit, and some
markup fixes.
|
| #
1.4 |
|
15-Sep-2006 |
wiz |
Sort sections, remove superfluous line.
|
| #
1.3 |
|
15-Sep-2006 |
elad |
Remove securelevel-related text from init(8) man-page as they're now in
secmodel_bsd44(9).
I'm not sure I agree with the BUGS section, but for now move it to
secmodel_bsd44(9) as well.
|
| #
1.2 |
|
15-Sep-2006 |
wiz |
Fix a typo, use \- for minus.
|
| #
1.1 |
|
15-Sep-2006 |
elad |
Add a man-page for secmodel_bsd44, describing a bit the concepts of
super-user and securelevel.
The securelevel part was compiled of text from both init(8) and OpenBSD's
securelevel(7), and brought in-sync with what we really do.
|