| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Permit kern.somaxconn when the unix pledge is used. Previously this was only |   abieber | 2021-03-25 | 1 | -2/+2 |
| * | Add SIOCAIFADDR_IN and SIOCDIFADDR_IN to the wroute pledge |   tobhe | 2021-02-03 | 1 | -1/+3 |
| * | If pledge "wroute" is missing for setsockopt SO_RTABLE, print failure |   bluhm | 2021-01-20 | 1 | -2/+2 |
| * | /etc/malloc.conf path-approval in pledge is no longer needed since 6.5 |   deraadt | 2021-01-19 | 1 | -9/+1 |
| * | Add feature to force the selection of source IP address |   denis | 2020-10-29 | 1 | -2/+2 |
| * | Move duplicated code to send an uncatchable SIGABRT into a function. |   mpi | 2020-09-16 | 1 | -7/+2 |
| * | put HW_PHYSMEM64 case under CTL_HW not CTL_KERN |   jsg | 2020-09-16 | 1 | -2/+2 |
| * | As discovered by kettenis, recent mesa wants sysctl hw.physmem64, and | deraadt | 2020-09-16 | 1 | -4/+2 |
| * | Allow setsockopt SO_RTABLE when pleding "wroute" soon to be needed |   florian | 2020-07-17 | 1 | -1/+11 |
| * | Declare pledgenames[] as const. |   visa | 2020-04-05 | 1 | -2/+2 |
| * | Consistently perform atomic writes to the ps_flags field of struct |   anton | 2020-02-15 | 1 | -3/+3 |
| * | the pledge_ioctl() rule checker is written in a style which could read | deraadt | 2020-02-11 | 1 | -18/+19 |
| * | Allow programs with the "audio" promise to use the AUDIO_MIXER_xxx ioctls. |   ratchov | 2020-02-05 | 1 | -1/+4 |
| * | allow reading of sysctl kern.somaxconn in "inet", due to | deraadt | 2020-02-04 | 1 | -1/+7 |
| * | add /etc/protocols to the magic unveil whitelist that the dns pledge has |   dlg | 2020-01-23 | 1 | -2/+6 |
| * | msyscall(2) is like kbind(2), and should be always permitted. it does | deraadt | 2019-12-08 | 1 | -1/+2 |
| * | Add SIOCDIFADDR_IN6 to the wroute pledge to allow removal of IPv6 addresses |   pamela | 2019-08-25 | 1 | -1/+2 |
| * | allow more video(4) ioctls for the video pledge (required by chromium) |   robert | 2019-06-26 | 1 | -1/+14 |
| * | SYS___realpath is legitimately PLEDGE_STDIO, because the other pledge | deraadt | 2019-06-16 | 1 | -2/+2 |
| * | Add a kernel implementation of realpath() as __realpath(). |   beck | 2019-05-13 | 1 | -1/+2 |
| * | Allow *at variant of mkfifo and mknod, too. | florian | 2019-02-14 | 1 | -1/+3 |
| * | #ifdef video junk as required. | deraadt | 2019-01-22 | 1 | -2/+4 |
| * | Add "video" promise. |   landry | 2019-01-21 | 1 | -1/+31 |
| * | delete vmm(4) in i386 |   pd | 2019-01-18 | 1 | -2/+2 |
| * | the pledge handing for access(2) of /var/run/ypbind.lock is artificially | deraadt | 2019-01-06 | 1 | -2/+3 |
| * | fold a bunch of similar sysctl cases into a switch. |   tedu | 2019-01-06 | 1 | -53/+43 |
| * | Add new KERN_CPUSTATS sysctl(2) so we can identify offline CPUs. |   cheloha | 2018-11-17 | 1 | -1/+4 |
| * | new sysctl for userland malloc flags, kernel part. ok millert@ deraadt@ |   otto | 2018-11-06 | 1 | -1/+4 |
| * | When unveil(2) was introduced one break from SYS_access case was removed |   mestre | 2018-09-13 | 1 | -1/+2 |
| * | Preparations for arm64 radeondrm(4) support. |   kettenis | 2018-08-20 | 1 | -4/+4 |
| * | The first panic in pledge_namei should only be for ni_pledge == 0 | deraadt | 2018-08-13 | 1 | -3/+3 |
| * | Get rid of PLEDGE_STAT, which was a hack used for unveil. | beck | 2018-08-11 | 1 | -7/+7 |
| * | Grammar fix in comment. |   rob | 2018-08-02 | 1 | -2/+2 |
| * | Add SIOCSIFMTU to the wroute pledge. |   bket | 2018-07-27 | 1 | -1/+5 |
| * | Restore correct behaviour to pledge for access and stat, which was broken | beck | 2018-07-15 | 1 | -12/+8 |
| * | Unveiling unveil(2). | beck | 2018-07-13 | 1 | -17/+68 |
| * | Add hw.ncpuonline to count the number of online CPUs. | cheloha | 2018-07-12 | 1 | -3/+3 |
| * | Implement DRI3/prime support. This allows graphics buffers to be passed | kettenis | 2018-06-25 | 1 | -1/+3 |
| * | Grab and/or assert for the KERNEL_LOCK() in in ktrace & pledge. | mpi | 2018-06-20 | 1 | -1/+3 |
| * | Introduce "wroute" promise. | florian | 2018-06-16 | 1 | -1/+18 |
| * | on i386, libm does sysctl to discover is the system has SSE. Whitelist | deraadt | 2018-06-03 | 1 | -1/+6 |
| * | Remove redundant error check |   kn | 2018-04-28 | 1 | -2/+2 |
| * | Make sure that programs violating a pledge(2) promise or some memory | mpi | 2018-03-27 | 1 | -1/+3 |
| * | Change `so_state' and `so_error' to unsigned int such that they can | mpi | 2018-01-09 | 1 | -2/+2 |
| * | Allow TIOCUCNTL issued on a pty(4) master in promise "tty". | mpi | 2018-01-08 | 1 | -1/+9 |
| * | pledge()'s 2nd argument becomes char *execpromises, which becomes the | deraadt | 2017-12-12 | 1 | -48/+81 |
| * | More precision in pledge sysctl report | deraadt | 2017-12-09 | 1 | -2/+2 |
| * | permit IPV6_V6ONLY in sockopt | abieber | 2017-11-17 | 1 | -3/+1 |
| * | Print the word pledge in the kernel log when there is a violation. | bluhm | 2017-10-12 | 1 | -3/+3 |
| * | In "tty", permitting TIOCSTART is fine | deraadt | 2017-10-07 | 1 | -1/+2 |
