| Commit message (Expand) | Author | Age | Files | Lines |
* | Declare pledgenames[] as const. | visa | 2020-04-05 | 1 | -3/+3 |
* | the pledge STATLIE code is no longer needed, as discussed with beck. | deraadt | 2019-06-19 | 1 | -2/+1 |
* | Add "video" promise. | landry | 2019-01-21 | 1 | -1/+3 |
* | Get rid of PLEDGE_STAT, which was a hack used for unveil. | beck | 2018-08-11 | 1 | -2/+1 |
* | Unveiling unveil(2). | beck | 2018-07-13 | 1 | -1/+5 |
* | Introduce "wroute" promise. | florian | 2018-06-16 | 1 | -1/+3 |
* | prot_exec is the correct name; spotted by landry | deraadt | 2018-04-26 | 1 | -2/+2 |
* | Change `so_state' and `so_error' to unsigned int such that they can | mpi | 2018-01-09 | 1 | -2/+2 |
* | pledge()'s 2nd argument becomes char *execpromises, which becomes the | deraadt | 2017-12-12 | 1 | -1/+3 |
* | Remove old deactivated pledge path code. A replacement mechanism is | deraadt | 2017-08-29 | 1 | -15/+1 |
* | only 32 bits of the pledgecode were passed up via ktrace | deraadt | 2017-04-20 | 1 | -2/+2 |
* | Split pledge "ioctl" into "tape" and "bpf", and allow SIOCGIFGROUP only | deraadt | 2017-01-23 | 1 | -3/+5 |
* | introduces new promise "chown" to allow changing owner/group with *chown(2) family | semarie | 2016-07-03 | 1 | -1/+4 |
* | 1) Split pledge whitelist path handling out of pledge_namei() and into | beck | 2016-04-28 | 1 | -1/+2 |
* | drop "abort" promise, and make it the default behaviour. | semarie | 2016-01-09 | 1 | -3/+1 |
* | Add "vmm" pledge to allow restricted ioctl access to /dev/vmm. | reyk | 2016-01-08 | 1 | -1/+4 |
* | Add pledge "drm", which allows a subset of the drm(4) ioctls. These are | kettenis | 2016-01-06 | 1 | -1/+4 |
* | Change kernel internal pledge variables to 64bit (to prepare for more | deraadt | 2015-12-06 | 1 | -39/+43 |
* | Add pledge "dpath", which provides access to mknod(2) and mkfifo(2). | deraadt | 2015-12-04 | 1 | -2/+6 |
* | Add pledge "pf" which allows ioctls on pf(4). This will be used by | benno | 2015-11-29 | 1 | -1/+3 |
* | Add pledge "disklabel", which allows sysctl kern.rawpartition, a | deraadt | 2015-11-20 | 1 | -1/+3 |
* | remove pledge_aftersyscall() prototype as the function was been removed. | semarie | 2015-11-18 | 1 | -4/+3 |
* | check domain and state of socket against pledge promise. | semarie | 2015-11-18 | 1 | -2/+2 |
* | pledge_ioctl only takes files, adjust prototype. ok semarie | tedu | 2015-11-04 | 1 | -2/+2 |
* | move the pledgenote annotation from `struct proc' to `struct nameidata' | semarie | 2015-11-02 | 1 | -2/+3 |
* | refactor pledge_*_check and pledge_fail functions | semarie | 2015-11-01 | 1 | -15/+16 |
* | uniformize "always allowed syscalls" with pledge | semarie | 2015-11-01 | 1 | -1/+2 |
* | Prevent F_SETOWN, unless a "proc" pledge was made. | deraadt | 2015-10-28 | 1 | -1/+2 |
* | make pledge_check(), used for syscall check with pledge, returns an error and | semarie | 2015-10-26 | 1 | -2/+2 |
* | Fold "malloc" into "stdio" and -- recognizing that no program so far has | deraadt | 2015-10-25 | 1 | -18/+51 |
* | pledge_sockopt_check is shared between setsockopt/getsockopt. nicm | deraadt | 2015-10-25 | 1 | -2/+2 |
* | Add 3 new pledge requests. "ps" exposes enough sysctl information for | deraadt | 2015-10-23 | 1 | -1/+5 |
* | At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on | deraadt | 2015-10-20 | 1 | -3/+2 |
* | Always allow the setsockopt & getsockopt system calls... however, in the | deraadt | 2015-10-20 | 1 | -2/+2 |
* | Instead of fragile CMSG parsing, control pledge "sendfd" and "recvfd" | deraadt | 2015-10-18 | 1 | -3/+3 |
* | Add two new system calls: dnssocket() and dnsconnect(). This creates a | deraadt | 2015-10-18 | 1 | -6/+4 |
* | Add pledge "id" support. This request permits setuid/seteuid/setresuid, | deraadt | 2015-10-17 | 1 | -2/+2 |
* | delete pledge_bind_check() function and remove pledge_bind_check() call from sys_bind(). | semarie | 2015-10-16 | 1 | -2/+1 |
* | Implement real "flock" request and add it to userland programs that | millert | 2015-10-16 | 1 | -1/+3 |
* | When pledged with "fattr", allow chown to supplimentary groups. This | deraadt | 2015-10-14 | 1 | -1/+2 |
* | Rename tame() to pledge(). This fairly interface has evolved to be more | deraadt | 2015-10-09 | 1 | -0/+92 |