| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Rename tame() to pledge(). This fairly interface has evolved to be more |   deraadt | 2015-10-09 | 1 | -1241/+0 |
| * | Rename tame() to pledge(). This fairly interface has evolved to be more | deraadt | 2015-10-09 | 1 | -328/+328 |
| * | Expose a small set of multicast join operators under the request "mcast". | deraadt | 2015-10-08 | 1 | -2/+18 |
| * | setsockopt has a small list of options it can set. If we find ourselves | deraadt | 2015-10-08 | 1 | -1/+8 |
| * | Only in TAME_ROUTE, allow ioctl SIOCGIFADDR/SIOCGIFFLAGS/SIOCGIFRDOMAIN, | deraadt | 2015-10-08 | 1 | -1/+12 |
| * | Split out routing sysctl's from tame "inet", and put them into the | deraadt | 2015-10-07 | 1 | -44/+55 |
| * | Add the tame "exec" request. This allows processes which request | deraadt | 2015-10-07 | 1 | -1/+18 |
| * | A process should be able to do sigpending for itself | deraadt | 2015-10-06 | 1 | -1/+2 |
| * | For TAME_PROC, allow setrlimit() | deraadt | 2015-10-06 | 1 | -1/+2 |
| * | When "proc" is requested, allow setpgid() and sigsuspend(). | deraadt | 2015-10-06 | 1 | -1/+7 |
| * | Add new "tty" request, which allows TIOCGETA, TIOCGPGRP, TIOCGWINSZ, | deraadt | 2015-10-06 | 1 | -22/+36 |
| * | Rework the tame cmsg handler to make it work both ways. While on recv one |   claudio | 2015-10-06 | 1 | -19/+10 |
| * | oops, namei was never allowing through valid CPATH operations | deraadt | 2015-10-06 | 1 | -2/+3 |
| * | Add getrusage() to the TAME_SELF catagory. | deraadt | 2015-10-06 | 1 | -1/+2 |
| * | Enable ioctl() in the "rw" request, to support FIONREAD/FIONBIO easier | deraadt | 2015-10-06 | 1 | -60/+48 |
| * | Move getcwd to a seperate area, with a hand-waving explanation for why | deraadt | 2015-10-04 | 1 | -2/+7 |
| * | Allow sysctl read of vm.vm_psstrings, as setproctitle() uses this to | deraadt | 2015-10-04 | 1 | -1/+7 |
| * | spelling | deraadt | 2015-10-04 | 1 | -2/+2 |
| * | Add ktracing of tame()'s arguments' values |   guenther | 2015-10-03 | 1 | -1/+9 |
| * | I see no evidence that lstat() is being done for /etc/resolv.conf, nor | deraadt | 2015-10-02 | 1 | -2/+2 |
| * | kern_tame.c | deraadt | 2015-10-02 | 1 | -2/+3 |
| * | Actually, open of /etc/spwd.db must be handled by returning EPERM, not | deraadt | 2015-10-02 | 1 | -1/+3 |
| * | mention these pathname calls are checked in namei | deraadt | 2015-10-02 | 1 | -5/+5 |
| * | remove some debug printf no longer needed | deraadt | 2015-10-02 | 1 | -15/+4 |
| * | changed my mind; block spwd.db, force drop-through to pwd.db for processes under tame | deraadt | 2015-10-02 | 1 | -3/+1 |
| * | Fix tame(2) setsockopt check for TCP level. |   doug | 2015-10-01 | 1 | -1/+3 |
| * | add IPv6 equivalents for the permitted IPv4 setsockopts, noticed by doug@, |   sthen | 2015-10-01 | 1 | -1/+9 |
| * | implement new "prot_exec" tame(2) request: |   semarie | 2015-09-30 | 1 | -2/+3 |
| * | Reluctantly classify statfs and fstatfs as RPATH for now, because they | deraadt | 2015-09-29 | 1 | -3/+4 |
| * | make using tame path "/" work. | semarie | 2015-09-28 | 1 | -2/+3 |
| * | In the internal conversion of _TM_* to TAME_*, some bits were lost for | semarie | 2015-09-19 | 1 | -3/+3 |
| * | Rename __sysctl syscall to just sysctl, as the userland wrapper is no longer | guenther | 2015-09-13 | 1 | -2/+2 |
| * | Convert _TM_ flags to TAME_ flags, collapsing the entire mapping | deraadt | 2015-09-11 | 1 | -200/+200 |
| * | Only include <sys/tame.h> in the .c files that need it | guenther | 2015-09-11 | 1 | -1/+2 |
| * | Move to next tame() API. The flags are now passed as a very simple string, | deraadt | 2015-09-09 | 1 | -3/+63 |
| * | the special check logic for /usr/share/nls/../libc.cat became failure | deraadt | 2015-09-01 | 1 | -3/+3 |
| * | Corrects a use-after-free in tame_namei(). | semarie | 2015-09-01 | 1 | -2/+2 |
| * | Consider getfsstat() a RPATH, even though it has no path in it. We may | deraadt | 2015-08-31 | 1 | -1/+5 |
| * | spaces snuck in | deraadt | 2015-08-31 | 1 | -13/+12 |
| * | use ENAMETOOLONG instead of EINVAL for errno when string overflow occurs. | semarie | 2015-08-26 | 1 | -3/+3 |
| * | After a report from jsg about a memory leak (or was it a double free?), | deraadt | 2015-08-26 | 1 | -38/+26 |
| * | Add TIOCGETA to the tame list for TAME_IOCTL. | doug | 2015-08-26 | 1 | -1/+2 |
| * | Convert paths argument of tame(2) to const char **. | doug | 2015-08-26 | 1 | -3/+3 |
| * | remove duplicate SYS_utimes entry |   jsg | 2015-08-25 | 1 | -2/+1 |
| * | corrects two potential double-free on `cwdpath'. The variable will be free'ed | semarie | 2015-08-24 | 1 | -3/+1 |
| * | Initialize cwdpath so free() is properly handled. | doug | 2015-08-24 | 1 | -2/+2 |
| * | fix /tmp handling of unlink(); from Caspar Schutijser | deraadt | 2015-08-23 | 1 | -2/+2 |
| * | Perform maximum one cwd lookup in tame(), also make namei version look the | deraadt | 2015-08-23 | 1 | -36/+47 |
| * | Canonicalize non-rooted paths after cwd prepend. | deraadt | 2015-08-23 | 1 | -30/+51 |
| * | check correct offset for terminator; with semarie | deraadt | 2015-08-23 | 1 | -2/+2 |
