| #
2b3f93ea |
| 13-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restrictions
are inherited by sub-processes recursively. Once set, restrictions cannot
be removed.
Basic restrictions that mimic an unadorned jail can be enabled without
creating a jail, but generally speaking real security also requires
creating a chrooted filesystem topology, and a jail is still needed
to really segregate processes from each other. If you do so, however,
you can (for example) disable mount/umount and most global root-only
features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with
a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to
improve jailess security in the near future, and to optimize the
priv_check code.
show more ...
|
|
Revision tags: v6.4.0, v6.4.0rc1, v6.5.0, v6.2.2, v6.2.1, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0 |
|
| #
3f2dd94a |
| 19-Dec-2020 |
François Tigeot <ftigeot@wolfpond.org> |
drm: Update to Linux 4.15.18
* Create /dev/dri/renderD* devices
Generally handle /dev entries creation as close to Linux as possible.
* Add drm master support
Sync authentification code with Li
drm: Update to Linux 4.15.18
* Create /dev/dri/renderD* devices
Generally handle /dev entries creation as close to Linux as possible.
* Add drm master support
Sync authentification code with Linux 4.15.18
* handle vm_mm->mmap_sem in ttm page fault operations
* Update dma-fence code from OpenBSD
* This commit contains sleep/wakeup and other changes
from Matthew Dillon <dillon@apollo.backplane.com>
show more ...
|
|
Revision tags: v5.8.3, v5.8.2, v5.8.1, v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3, v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2, v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1 |
|
| #
d6aa1cc5 |
| 06-May-2018 |
François Tigeot <ftigeot@wolfpond.org> |
drm: Sync include directives with Linux
* Add a few key include/asm or include/linux headers
* Move some code from .h to .c files in order to avoid clashes
between the DragonFly and Linux variant
drm: Sync include directives with Linux
* Add a few key include/asm or include/linux headers
* Move some code from .h to .c files in order to avoid clashes
between the DragonFly and Linux variants of kmalloc() and kfree()
show more ...
|
|
Revision tags: v5.2.0, v5.3.0, v5.2.0rc, v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1, v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0, v4.4.3, v4.4.2, v4.4.1, v4.4.0, v4.5.0, v4.4.0rc |
|
| #
59812b22 |
| 16-Aug-2015 |
zrj <rimvydas.jasinskas@gmail.com> |
drm/linux: Implement simple capable() priv helper
|