| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Declare pledgenames[] as const. |   visa | 2020-04-05 | 1 | -2/+2 |
| * | Consistently perform atomic writes to the ps_flags field of struct |   anton | 2020-02-15 | 1 | -3/+3 |
| * | the pledge_ioctl() rule checker is written in a style which could read |   deraadt | 2020-02-11 | 1 | -18/+19 |
| * | Allow programs with the "audio" promise to use the AUDIO_MIXER_xxx ioctls. |   ratchov | 2020-02-05 | 1 | -1/+4 |
| * | allow reading of sysctl kern.somaxconn in "inet", due to | deraadt | 2020-02-04 | 1 | -1/+7 |
| * | add /etc/protocols to the magic unveil whitelist that the dns pledge has |   dlg | 2020-01-23 | 1 | -2/+6 |
| * | msyscall(2) is like kbind(2), and should be always permitted. it does | deraadt | 2019-12-08 | 1 | -1/+2 |
| * | Add SIOCDIFADDR_IN6 to the wroute pledge to allow removal of IPv6 addresses |   pamela | 2019-08-25 | 1 | -1/+2 |
| * | allow more video(4) ioctls for the video pledge (required by chromium) |   robert | 2019-06-26 | 1 | -1/+14 |
| * | SYS___realpath is legitimately PLEDGE_STDIO, because the other pledge | deraadt | 2019-06-16 | 1 | -2/+2 |
| * | Add a kernel implementation of realpath() as __realpath(). |   beck | 2019-05-13 | 1 | -1/+2 |
| * | Allow *at variant of mkfifo and mknod, too. |   florian | 2019-02-14 | 1 | -1/+3 |
| * | #ifdef video junk as required. | deraadt | 2019-01-22 | 1 | -2/+4 |
| * | Add "video" promise. |   landry | 2019-01-21 | 1 | -1/+31 |
| * | delete vmm(4) in i386 |   pd | 2019-01-18 | 1 | -2/+2 |
| * | the pledge handing for access(2) of /var/run/ypbind.lock is artificially | deraadt | 2019-01-06 | 1 | -2/+3 |
| * | fold a bunch of similar sysctl cases into a switch. |   tedu | 2019-01-06 | 1 | -53/+43 |
| * | Add new KERN_CPUSTATS sysctl(2) so we can identify offline CPUs. |   cheloha | 2018-11-17 | 1 | -1/+4 |
| * | new sysctl for userland malloc flags, kernel part. ok millert@ deraadt@ |   otto | 2018-11-06 | 1 | -1/+4 |
| * | When unveil(2) was introduced one break from SYS_access case was removed |   mestre | 2018-09-13 | 1 | -1/+2 |
| * | Preparations for arm64 radeondrm(4) support. |   kettenis | 2018-08-20 | 1 | -4/+4 |
| * | The first panic in pledge_namei should only be for ni_pledge == 0 | deraadt | 2018-08-13 | 1 | -3/+3 |
| * | Get rid of PLEDGE_STAT, which was a hack used for unveil. | beck | 2018-08-11 | 1 | -7/+7 |
| * | Grammar fix in comment. |   rob | 2018-08-02 | 1 | -2/+2 |
| * | Add SIOCSIFMTU to the wroute pledge. |   bket | 2018-07-27 | 1 | -1/+5 |
| * | Restore correct behaviour to pledge for access and stat, which was broken | beck | 2018-07-15 | 1 | -12/+8 |
| * | Unveiling unveil(2). | beck | 2018-07-13 | 1 | -17/+68 |
| * | Add hw.ncpuonline to count the number of online CPUs. | cheloha | 2018-07-12 | 1 | -3/+3 |
| * | Implement DRI3/prime support. This allows graphics buffers to be passed | kettenis | 2018-06-25 | 1 | -1/+3 |
| * | Grab and/or assert for the KERNEL_LOCK() in in ktrace & pledge. |   mpi | 2018-06-20 | 1 | -1/+3 |
| * | Introduce "wroute" promise. | florian | 2018-06-16 | 1 | -1/+18 |
| * | on i386, libm does sysctl to discover is the system has SSE. Whitelist | deraadt | 2018-06-03 | 1 | -1/+6 |
| * | Remove redundant error check |   kn | 2018-04-28 | 1 | -2/+2 |
| * | Make sure that programs violating a pledge(2) promise or some memory | mpi | 2018-03-27 | 1 | -1/+3 |
| * | Change `so_state' and `so_error' to unsigned int such that they can | mpi | 2018-01-09 | 1 | -2/+2 |
| * | Allow TIOCUCNTL issued on a pty(4) master in promise "tty". | mpi | 2018-01-08 | 1 | -1/+9 |
| * | pledge()'s 2nd argument becomes char *execpromises, which becomes the | deraadt | 2017-12-12 | 1 | -48/+81 |
| * | More precision in pledge sysctl report | deraadt | 2017-12-09 | 1 | -2/+2 |
| * | permit IPV6_V6ONLY in sockopt |   abieber | 2017-11-17 | 1 | -3/+1 |
| * | Print the word pledge in the kernel log when there is a violation. |   bluhm | 2017-10-12 | 1 | -3/+3 |
| * | In "tty", permitting TIOCSTART is fine | deraadt | 2017-10-07 | 1 | -1/+2 |
| * | permit SYS___set_tcb, upcoming code will require this | deraadt | 2017-10-07 | 1 | -1/+2 |
| * | If you use sys/param.h, you don't need sys/types.h | deraadt | 2017-09-08 | 1 | -2/+1 |
| * | Remove old deactivated pledge path code. A replacement mechanism is | deraadt | 2017-08-29 | 1 | -335/+2 |
| * | Allow SIOCGIFAFLAG_IN6 and SIOCGIFALIFETIME_IN6 ioctls with | florian | 2017-08-21 | 1 | -1/+3 |
| * | Allow SIOCGIFDESCR with "route" promise in preparation for pledging snmpd. | rob | 2017-07-28 | 1 | -1/+2 |
| * | Due to risks known for decades, TIOCSTI now performs no action, and simply | deraadt | 2017-06-29 | 1 | -6/+1 |
| * | Permit TIOCSTAT on a tty. | deraadt | 2017-06-21 | 1 | -1/+2 |
| * | Terminate pledge log(9) with newline. This fixes dmesg(8) output. | bluhm | 2017-06-19 | 1 | -3/+3 |
| * | Pledge is fairly done, so the kernel printf's can be converted to log() | deraadt | 2017-06-12 | 1 | -7/+12 |
