upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-22 01:11:30 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/security
History
Wojciech Macek 15c362aeb7 mac_veriexec: Authorize reads of secured sysctls 
Writes to sysctls flagged with CTLFLAG_SECURE are blocked if the appropriate secure level is set. mac_veriexec does not behave this way, it blocks such sysctls in read-only mode as well.

This change aims to make mac_veriexec behave like secure levels, as it was meant by the original commit ed377cf41.

Reviewed by:		sjg
Differential revision:	https://reviews.freebsd.org/D34327
Obtained from:		Stormshield
2022-06-29 10:48:01 +02:00
..
audit audit: Initialize vattr fields before calling VOP_GETATTR 2022-03-28 11:23:45 -04:00
mac sysent: Get rid of bogus sys/sysent.h include. 2022-05-28 20:52:17 +03:00
mac_biba Add PRIV_SCHED_IDPRIO 2021-12-10 04:54:48 +02:00
mac_bsdextended Deduplicate fsid comparisons 2020-05-21 01:55:35 +00:00
mac_ifoff
mac_lomac Add PRIV_SCHED_IDPRIO 2021-12-10 04:54:48 +02:00
mac_mls security: clean up empty lines in .c and .h files 2020-09-01 21:26:00 +00:00
mac_none
mac_ntpd
mac_partition
mac_pimd mac_pimd: Support for privilege drop in pimd 2022-04-20 08:07:37 +02:00
mac_portacl
mac_priority Thread creation privilege for realtime group 2021-12-15 00:01:58 +02:00
mac_seeotheruids
mac_stub security: clean up empty lines in .c and .h files 2020-09-01 21:26:00 +00:00
mac_test
mac_veriexec mac_veriexec: Authorize reads of secured sysctls 2022-06-29 10:48:01 +02:00
mac_veriexec_parser vfs: NDFREE(&nd, NDF_ONLY_PNBUF) -> NDFREE_PNBUF(&nd) 2022-03-24 10:20:51 +00:00