11842 Want audit events for auditon(A_SETPMASK) and friends
Reviewed by: John Levon <john.levon@joyent.com>
Reviewed by: Andy Fiddaman <andy@omniosce.org>
Approved by: Robert Mustacchi <r

11842 Want audit events for auditon(A_SETPMASK) and friends
Reviewed by: John Levon <john.levon@joyent.com>
Reviewed by: Andy Fiddaman <andy@omniosce.org>
Approved by: Robert Mustacchi <rm@fingolfin.org>

show more ...

11037 SMB File access audit logging (reserve IDs)
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Saso Kiselkov

11037 SMB File access audit logging (reserve IDs)
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Saso Kiselkov <saso.kiselkov@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Reviewed by: John Levon <john.levon@joyent.com>

show more ...

7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (ASLR)
7031 noexec_user_stack should be a security-flag
7032 want a means t

7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (ASLR)
7031 noexec_user_stack should be a security-flag
7032 want a means to forbid mappings around NULL
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
Reviewed by: Patrick Mooney <pmooney@joyent.com>
Approved by: Dan McDonald <danmcd@omniti.com>

show more ...

merge with onnv_147
Reviewed by: garrett@nexenta.com
Approved by: garrett@nexenta.com

PSARC/2009/636 Obsolete getacinfo(3bsm)
PSARC/2009/642 audit_control(4) EOL and removal
PSARC/2010/218 Audit subsystem Rights Profiles
PSARC/2010/220 svc:/system/auditset service
6875

PSARC/2009/636 Obsolete getacinfo(3bsm)
PSARC/2009/642 audit_control(4) EOL and removal
PSARC/2010/218 Audit subsystem Rights Profiles
PSARC/2010/220 svc:/system/auditset service
6875456 Solaris Audit configuration in SMF - phase 2 (PSARC/2009/636, PSARC/2009/642)
6942035 audit_binfile(5) leaves unfinished audit logs.
6942041 auditd(1) says "auditd refreshed" on startup.
6943275 audit_remote(5) leaks memory on audit service refresh
6955077 adt_get_mask_from_user() should regard _SC_GETPW_R_SIZE_MAX
6955117 $SRC/lib/libbsm/common/audit_ftpd.c shouldn't hardcode the lenght of usernames (8)
6956169 adt_audit_state() returns non-boolean values

--HG--
rename : usr/src/cmd/auditconfig/auditconfig_impl.h => usr/src/lib/libbsm/common/audit_policy.h
rename : usr/src/cmd/auditconfig/audit_scf.c => usr/src/lib/libbsm/common/audit_scf.c
rename : usr/src/cmd/auditconfig/audit_scf.h => usr/src/lib/libbsm/common/audit_scf.h

show more ...

PSARC 2010/235 POSIX 1003.1-2008 *at(2) syscalls
6910251 need support for all POSIX.1-2008 *at(2) syscalls
6964835 mknod(2) auditing omits the pathname for invalid arguments

PSARC 2009/377 In-kernel pfexec implementation.
PSARC 2009/378 Basic File Privileges
PSARC 2010/072 RBAC update: user attrs from profiles
4912090 pfzsh(1) should exist
4912093 pfbash(

PSARC 2009/377 In-kernel pfexec implementation.
PSARC 2009/378 Basic File Privileges
PSARC 2010/072 RBAC update: user attrs from profiles
4912090 pfzsh(1) should exist
4912093 pfbash(1) should exist
4912096 pftcsh(1) should exist
6440298 Expand the basic privilege set in order to restrict file access
6859862 Move pfexec into the kernel
6919171 cred_t sidesteps kmem_debug; we need to be able to detect bad hold/free when they occur
6923721 The new SYS_SMB privilege is not backward compatible
6937562 autofs doesn't remove its door when the zone shuts down
6937727 Zones stuck on deathrow; netstack_zone keeps a credential reference to the zone
6940159 Implement PSARC 2010/072

show more ...

PSARC 2009/657 delete obsolete system call traps
6906485 delete obsolete system call traps

--HG--
rename : usr/src/cmd/truss/xstat.c => usr/src/cmd/truss/stat.c
rename : usr/src/

PSARC 2009/657 delete obsolete system call traps
6906485 delete obsolete system call traps

--HG--
rename : usr/src/cmd/truss/xstat.c => usr/src/cmd/truss/stat.c
rename : usr/src/lib/libc/port/gen/dup2.c => usr/src/lib/libc/port/gen/dup.c
rename : usr/src/lib/libc/port/sys/libc_fcntl.c => usr/src/lib/libc/port/sys/fcntl.c
rename : usr/src/lib/libc/port/sys/libc_open.c => usr/src/lib/libc/port/sys/open.c

show more ...

PSARC/2009/284 faccessat(2) - determine accessibility of a file using file descriptors
6536147 accessat() should become a public interface after an agreement is reached on the function name

4987752 setpgrp(2) audit record seems to show failure.

6750410 audit configuration files do not align

6412948 There's cruft in the libbsm files that needs to be removed.

6753388 AUE_PORTFS should really be PORTFS_ASSOCIATE and PORTFS_DISSOCIATE

6680957 labelsys appears to be making policy decisions, but doesn't appear to be auditable
6701744 kernel au_to_in_addr_ex() bug in handling v4-mapped addresses

6638707 implement the removal of auditsvc(2) as noted in PSARC/2002/665

PSARC/2007/027 File Events Notification API
6367770 RFE: add userland interface to fem (file event monitoring)

--HG--
rename : deleted_files/usr/src/uts/common/fs/portfs/port_fop.c =

PSARC/2007/027 File Events Notification API
6367770 RFE: add userland interface to fem (file event monitoring)

--HG--
rename : deleted_files/usr/src/uts/common/fs/portfs/port_fop.c => usr/src/uts/common/fs/portfs/port_fop.c

show more ...

backout 6367770/6588702/6588839: needs work

--HG--
rename : usr/src/uts/common/fs/portfs/port_fop.c => deleted_files/usr/src/uts/common/fs/portfs/port_fop.c

PSARC/2007/027 File Events Notification API
6367770 RFE: add userland interface to fem (file event monitoring)

6528002 enable kernel auditing for PF_POLICY

4686423 undocumented interfaces are not used
6466722 audituser and AUDIT_USER are defined, unused, undocumented and should be removed.

PSARC/2005/471 BrandZ: Support for non-native zones
6374606 ::nm -D without an object may not work on processes in zones
6409350 BrandZ project integration into Solaris
6455289 pthread_se

PSARC/2005/471 BrandZ: Support for non-native zones
6374606 ::nm -D without an object may not work on processes in zones
6409350 BrandZ project integration into Solaris
6455289 pthread_setschedparam() should return EPERM rather than panic libc
6455591 setpriority(3C) gets errno wrong for deficient privileges failure
6458178 fifofs doesn't support lofs mounts of fifos
6460380 Attempted open() of a symlink with the O_NOFOLLOW flag set returns EINVAL, not ELOOP
6463857 renice(1) errors erroneously

--HG--
rename : usr/src/lib/libzonecfg/zones/SUNWblank.xml => usr/src/lib/brand/native/zone/SUNWblank.xml
rename : usr/src/lib/libzonecfg/zones/SUNWdefault.xml => usr/src/lib/brand/native/zone/SUNWdefault.xml

show more ...

6415535 audit_event TX code review issues

PSARC/2002/762 Layered Trusted Solaris
PSARC/2005/060 TSNET: Trusted Networking with Security Labels
PSARC/2005/259 Layered Trusted Solaris Label Interfaces
PSARC/2005/573 Solaris Trusted

PSARC/2002/762 Layered Trusted Solaris
PSARC/2005/060 TSNET: Trusted Networking with Security Labels
PSARC/2005/259 Layered Trusted Solaris Label Interfaces
PSARC/2005/573 Solaris Trusted Extensions for Printing
PSARC/2005/691 Trusted Extensions for Device Allocation
PSARC/2005/723 Solaris Trusted Extensions Filesystem Labeling
PSARC/2006/009 Labeled Auditing
PSARC/2006/155 Trusted Extensions RBAC Changes
PSARC/2006/191 is_system_labeled
6293271 Zone processes should use zone_kcred instead of kcred
6394554 integrate Solaris Trusted Extensions

--HG--
rename : usr/src/cmd/dminfo/Makefile => deleted_files/usr/src/cmd/dminfo/Makefile
rename : usr/src/cmd/dminfo/dminfo.c => usr/src/cmd/allocate/dminfo.c

show more ...

PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy
4931229 Kernel-level SSL proxy

OpenSolaris Launch