History log of /illumos-gate/usr/src/uts/common/sys/policy.h (Results 1 – 25 of 36)
Revision Date Author Comments
# 047043c2 09-Apr-2020 Robert Mustacchi

13144 refactor amdf17nbdf into a nexus
13145 rewrite amdf17nbdf to use the ksensor framework
13146 Want a driver for AMD SMN user access
Reviewed by: Patrick Mooney <pmooney@pfmooney.com>

13144 refactor amdf17nbdf into a nexus
13145 rewrite amdf17nbdf to use the ksensor framework
13146 Want a driver for AMD SMN user access
Reviewed by: Patrick Mooney <pmooney@pfmooney.com>
Reviewed by: Mike Zeller <mike.zeller@joyent.com>
Reviewed by: Robert French <robert@robertdfrench.me>
Approved by: Richard Lowe <richlowe@richlowe.net>

show more ...


# 993e3faf 01-Mar-2017 Robert Mustacchi

1979 USB 3.0 support
7918 want usb_pipe_xopen(9F)
7919 usbai burst macros for endpoint descriptor are wrong
7920 usba_hcdi_register() should fail if driver is using private data
7921

1979 USB 3.0 support
7918 want usb_pipe_xopen(9F)
7919 usbai burst macros for endpoint descriptor are wrong
7920 usba_hcdi_register() should fail if driver is using private data
7921 failing to load the usba root hub module destroys driver parent private data
7922 want ::hubd walker
7923 ::prtusb should include version
7924 usb_*_request(9S) manual pages should match structure names
Reviewed by: Patrick Mooney <patrick.mooney@joyent.com>
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: Bryan Cantrill <bryan@joyent.com>
Reviewed by: Dale Ghent <daleg@omniti.com>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Richard Lowe <richlowe@richlowe.net>

show more ...


# d2a70789 16-Apr-2014 Richard Lowe

7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (ASLR)
7031 noexec_user_stack should be a security-flag
7032 want a means t

7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (ASLR)
7031 noexec_user_stack should be a security-flag
7032 want a means to forbid mappings around NULL
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
Reviewed by: Patrick Mooney <pmooney@joyent.com>
Approved by: Dan McDonald <danmcd@omniti.com>

show more ...


# 37294019 30-Oct-2015 Jerry Jelinek

6417 Want a privilege for accessing information about physical memory
Reviewed by: Robert Mustacchi <rm@joyent.com>
Approved by: Gordon Ross <gordon.ross@nexenta.com>


# 24d819e6 28-Jul-2013 Jerry Jelinek

3923 Users should be able to lower nice value of processes within a zone
3924 privileges.5 man page missing PRIV_SYS_RES_BIND
Reviewed by: Robert Mustacchi <rm@joyent.com>
Approved by: Go

3923 Users should be able to lower nice value of processes within a zone
3924 privileges.5 man page missing PRIV_SYS_RES_BIND
Reviewed by: Robert Mustacchi <rm@joyent.com>
Approved by: Gordon Ross <gwr@nexenta.com>

show more ...


# 0fbb751d 16-Jun-2010 John Levon

PSARC 2010/144 lofi(7D) in non global zones
6354954 lofi support in non-global zones
6942891 prof_lookup_globaldev() leaks rootdir refs
6945005 lofiadm -a /dev/lofi/1: recursive mutex ent

PSARC 2010/144 lofi(7D) in non global zones
6354954 lofi support in non-global zones
6942891 prof_lookup_globaldev() leaks rootdir refs
6945005 lofiadm -a /dev/lofi/1: recursive mutex enter
6946486 lofi_ioctl() shouldn't allow disk ioctl()s on /dev/lofictl

show more ...


# bbf58fc5 25-May-2010

PSARC/2010/181 PRIV_SYS_RES_BIND privilege
6953849 need ability to bind to processor sets from within a zone


# 134a1f4e 28-Apr-2010 Casper H.S. Dik

PSARC 2009/377 In-kernel pfexec implementation.
PSARC 2009/378 Basic File Privileges
PSARC 2010/072 RBAC update: user attrs from profiles
4912090 pfzsh(1) should exist
4912093 pfbash(

PSARC 2009/377 In-kernel pfexec implementation.
PSARC 2009/378 Basic File Privileges
PSARC 2010/072 RBAC update: user attrs from profiles
4912090 pfzsh(1) should exist
4912093 pfbash(1) should exist
4912096 pftcsh(1) should exist
6440298 Expand the basic privilege set in order to restrict file access
6859862 Move pfexec into the kernel
6919171 cred_t sidesteps kmem_debug; we need to be able to detect bad hold/free when they occur
6923721 The new SYS_SMB privilege is not backward compatible
6937562 autofs doesn't remove its door when the zone shuts down
6937727 Zones stuck on deathrow; netstack_zone keeps a credential reference to the zone
6940159 Implement PSARC 2010/072

show more ...


# 634e26ec 18-Jan-2010 Casper H.S. Dik

PSARC 2009/686 Improving the use and debugging of the basic privilege set.
PSARC/2009/685 Basic Network Privilege
6434380 Expanding the basic privilege set in order to restrict network access

PSARC 2009/686 Improving the use and debugging of the basic privilege set.
PSARC/2009/685 Basic Network Privilege
6434380 Expanding the basic privilege set in order to restrict network access and IPC
6912229 Multiple applications mishandle privilege operations, particular they ignore the basic set
6915243 dladm mishandles basic privileges
6915244 in.tftpd mishandles privileges operations
6915250 NDMP mishandles basic privileges
6915257 smbd mishandles basic privileges
6915277 login audit mishandles basic privileges
6915284 su audit mishandles basic privileges
6915778 lpd-port mishandles basic privileges
6915782 zlogin mishandles basic privileges

show more ...


# 5d3b8cb7 02-Nov-2009 Bill Sommerfeld

PSARC/2008/252 Labeled IPsec phase 1
6886771 Labeled IPsec phase 1
6808727 Alignment error panic in tsol_can_accept_raw()
6894979 nightly -0 + -p builds then destroys SUNW0on


# 0a0e9771 24-Sep-2009 Darren Reed

PSARC/2009/232 Solaris Packet Capture
PSARC/2009/403 kstats for ipnet
6824047 every downcall function should have a "notsupported" function
6822740 RFE: provide PF_PACKET for developers o

PSARC/2009/232 Solaris Packet Capture
PSARC/2009/403 kstats for ipnet
6824047 every downcall function should have a "notsupported" function
6822740 RFE: provide PF_PACKET for developers on OpenSolaris
6822741 RFE: Solaris needs BPF to improve the packet capture story
6867683 RFE: need to be able to retrieve physical interface flags

show more ...


# 2b24ab6b 23-Sep-2009 Sebastien Roy

PSARC 2009/373 Clearview IP Tunneling
PSARC 2009/410 Datalink Administration from Non-Global Zones
6858533 Clearview IP Tunneling
4861777 *snoop* cannot snoop on tunnel interfaces
501

PSARC 2009/373 Clearview IP Tunneling
PSARC 2009/410 Datalink Administration from Non-Global Zones
6858533 Clearview IP Tunneling
4861777 *snoop* cannot snoop on tunnel interfaces
5010680 M_IOCTL interface between ip and tun is horribly wrong
5029727 tun prints bogus debug messages when receiving multicast packets on 6to4 tunnels
6835873 dlpi_walk() silently fails in an exclusive zone
4152864 must not allow two tunnels to have the same tsrc/tdst pair
6855902 link and flow kstats are too promiscuous
6218826 need to be able to tunnel into a zone
4505468 network interface names can confuse, lie, and deceive
4524756 tun_wproc() takes up too much stack
6417373 tun_wproc_mdata assertion failures
4627970 scalability problems with IP in IP tunnels
4674797 ifparse_ifspec() will not correctly parse ipv6 tunnels
6509231 dladm should show links in exclusive stack zone
4793233 tun driver should include addr in DL_PHYS_ADDR_ACK for non-zero lengths
6795831 ZONE_*_DATALINK syscalls should take datalink_id_t as argument
6791472 mac module doesn't allow MAC addresses < 6 bytes
6618091 Race condition trips ASSERT() in tun.c's SIOCSLIFNAME path
6837580 bogus mi_active check in mac_set_mtu()
6868083 libinetutil: ofmt_open()'s template argument should be const
6870313 libdladm: needless dladm_init_linkprop() in i_dladm_aggr_up()
6872221 panic in dls_devnet_close() if "mtu" property is being set
4289774 Change to the interface-id does not change IPv6 link-local address
6873561 unable to create links with 31 character link names
6874666 changing a link property can accidentally destroy it
6874682 removing a link attribute corrupts the attribute list
6875167 IPCL_ISV6 conn flag is set but never used
6881764 itp reference leak in ipsec_construct_inverse_acquire()
6881951 dladm delete-vlan can no longer delete persistent-only VLANs

--HG--
rename : usr/src/uts/common/inet/tun.h => usr/src/uts/common/inet/iptun.h
rename : usr/src/uts/common/inet/ip/tun.c => usr/src/uts/common/inet/iptun/iptun.c
rename : usr/src/uts/intel/tun/Makefile => usr/src/uts/intel/iptun/Makefile
rename : usr/src/uts/sparc/tun/Makefile => usr/src/uts/sparc/iptun/Makefile

show more ...


# 1c7cef2b 22-Jul-2009 Stan Studzinski

6636344 when low on swap, anon_resvmem() overly throttles root-owned processes


# e02bc683 15-Jun-2009 Mark Shellenbaum

6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership


# f53eecf5 29-May-2009 James Carlson

PSARC 2009/317 Solaris PPP/PPPoE Updates
4695172 3COM has its own incompatible dialect of PPPoE
4704518 security checks on chap peer name cause interoperability problems
4711045 pppd shou

PSARC 2009/317 Solaris PPP/PPPoE Updates
4695172 3COM has its own incompatible dialect of PPPoE
4704518 security checks on chap peer name cause interoperability problems
4711045 pppd should not be discarding debug information on fatal signals
4711046 pppoec should provide a way to limit match against wildcard service
4714306 sppptun should not use M_ERROR to signal protocol problems
4743677 pppd can trigger latent access server bug
4750809 pppd needs lint cleanup
4947676 spppcomp_wput() allows an unprivileged process to "hang" the system.
5058886 PPPD misses first LCP configuration request
5060749 need a way to log demand-dial action at higher priority
5093264 PPPoE server can omit Service-Name tag in PADS response
6291911 ugly preremove script in SUNWpppdt causes messages on pkgrm from zone
6589814 pppd disavows bad echo-reply count
6636684 PPP should work in non-global exclusive-stack zones
6637245 sppp driver has half-baked _mi_driver_info function
6704096 SUNWpppdu and SUNWpppdr package dependency and content issues
6753945 sppptun doesn't honor clearview vanity naming feature.

show more ...


# da14cebe 05-Dec-2008 Eric Cheng

PSARC/2006/357 Crossbow - Network Virtualization and Resource Management
6498311 Crossbow - Network Virtualization and Resource Management
6402493 DLPI provider loopback behavior should be im

PSARC/2006/357 Crossbow - Network Virtualization and Resource Management
6498311 Crossbow - Network Virtualization and Resource Management
6402493 DLPI provider loopback behavior should be improved
6453165 move mac capabs definitions outside mac.h
6338667 Need ability to use NAT for non-global zones
6692884 several threads hung due to deadlock scenario between aggr and mac
6768302 dls: soft_ring_bind/unbind race can panic in thread_affinity_set with cpu_id == -1
6635849 race between lacp_xmit_sm() and aggr_m_stop() ends in panic
6742712 potential message double free in the aggr driver
6754299 a potential race between aggr_m_tx() and aggr_port_delete()
6485324 mi_data_lock recursively held when enabling promiscuous mode on an aggregation
6442559 Forwarding perf bottleneck due to mac_rx() calls
6505462 assertion failure after removing a port from a snooped aggregation
6716664 need to add src/dst IP address to soft ring fanout

--HG--
rename : usr/src/uts/common/io/dls/dls_soft_ring.c => usr/src/uts/common/io/mac/mac_soft_ring.c
rename : usr/src/uts/common/inet/ip/ip_cksum.c => usr/src/uts/common/os/ip_cksum.c
rename : usr/src/uts/common/inet/sctp_crc32.c => usr/src/uts/common/os/sctp_crc32.c
rename : usr/src/uts/common/sys/dls_soft_ring.h => usr/src/uts/common/sys/mac_soft_ring.h

show more ...


# 47def0dc 17-Sep-2008 Mark Shellenbaum

6744510 Should not allow to rename a file/folder when a user does not have permission


# eae72b5b 26-Aug-2008 Sebastien Roy

PSARC 2008/473 Fine-Grained Privileges for Datalink Administration
6695904 least privileges for datalink actions
6729477 pcwl accidentally requires privileges for WLAN_GET_PARAM ioctl
667

PSARC 2008/473 Fine-Grained Privileges for Datalink Administration
6695904 least privileges for datalink actions
6729477 pcwl accidentally requires privileges for WLAN_GET_PARAM ioctl
6679049 ucred_t leak in dlmgmtd
6738245 dld's _init() doesn't teardown if mod_install() fails
6738987 i.devpolicy pattern matching accidentally matches random lines

show more ...


# b26a64ae 03-Jun-2008 johnlev

PSARC 2008/289 Least Privilege for xVM
6674678 PSARC 2008/289 Least Privilege for xVM


# ddf7fe95 03-Mar-2008 casper

PSARC 2008/109 Fine Grained Access Permissions (FGAP)
6664443 Implement PSARC/2008/109


# 7b209c2c 25-Feb-2008 acruz

PSARC 2008/046 Process Contract Decorations
5079353 RFE: contract 'decoration' with service FMRI


# 4bff34e3 14-Feb-2008 thurlow

PSARC 2005/695 CIFS Client on Solaris
PSARC 2007/303 pam_smb_login
PSARC 2008/073 CIFS Client on Solaris - Updates
6651904 CIFS Client - PSARC 2005/695


# 911106df 09-Nov-2007 jm199354

PSARC 2007/118 VSCAN Service
6623189 Vscan Service - PSARC/2007/118


# da6c28aa 25-Oct-2007 amw

PSARC/2007/218 caller_context_t in all VOPs
PSARC/2007/227 VFS Feature Registration and ACL on Create
PSARC/2007/244 ZFS Case-insensitive support
PSARC/2007/315 Extensible Attribute Inter

PSARC/2007/218 caller_context_t in all VOPs
PSARC/2007/227 VFS Feature Registration and ACL on Create
PSARC/2007/244 ZFS Case-insensitive support
PSARC/2007/315 Extensible Attribute Interfaces
PSARC/2007/394 ls(1) new command line options '-/' and '-%': CIFS system attributes support
PSARC/2007/403 Modified Access Checks for CIFS
PSARC/2007/410 Add system attribute support to chmod(1)
PSARC/2007/432 CIFS system attributes support for cp(1), pack(1), unpack(1), compress(1) and uncompress(1)
PSARC/2007/444 Rescind SETTABLE Attribute
PSARC/2007/459 CIFS system attributes support for cpio(1), pax(1), tar(1)
PSARC/2007/546 Update utilities to match CIFS system attributes changes.
PSARC/2007/560 ZFS sharesmb property
4890717 want append-only files
6417428 Case-insensitive file system name lookup to support CIFS
6417435 DOS attributes and additional timestamps to support for CIFS
6417442 File system quarantined and modified attributes to support an integrated Anti-Virus service
6417453 FS boolean property for rejecting/allowing invalid UTF-8 sequences in file names
6473733 RFE: Need support for open-deny modes
6473755 RFE: Need ability to reconcile oplock and delegation conflicts
6494624 sharemgr needs to support CIFS shares better
6546705 All vnode operations need to pass caller_context_t
6546706 Need VOP_SETATTR/VOP_GETATTR to support new, optional attributes
6546893 Solaris system attribute support
6550962 ZFS ACL inheritance needs to be enhanced to support Automatic Inheritance
6553589 RFE: VFS Feature Registration facility
6553770 RFE: ZFS support for ACL-on-CREATE (PSARC 2007/227)
6565581 ls(1) should support file system attributes proposed in PSARC/2007/315
6566784 NTFS streams are not copied along with the files.
6576205 cp(1), pack(1) and compress(1) should support file system attributes proposed in PSARC/2007/315
6578875 RFE: kernel interfaces for nbmand need improvement
6578883 RFE: VOP_SHRLOCK needs additional access types
6578885 chmod(1) should support file system attributes proposed in PSARC/2007/315
6578886 RFE: disallow nbmand state to change on remount
6583349 ACL parser needs to support audit/alarm ACE types
6590347 tar(1) should support filesystem attributes proposed in PSARC/2007/315
6597357 *tar* xv@ doesn't show the hidden directory even though it is restored
6597360 *tar* should re-init xattr info if openat() fails during extraction of and extended attribute
6597368 *tar* cannot restore hard linked extended attributes
6597374 *tar* doesn't display "x " when hard linked attributes are restored
6597375 *tar* extended attribute header off by one
6614861 *cpio* incorrectly archives extended system attributes with -@
6614896 *pax* incorrectly archives extended system attributes with -@
6615225 *tar* incorrectly archives extended system attributes with -@
6617183 CIFS Service - PSARC 2006/715

show more ...


# e6bdcbd5 30-Aug-2007 dh155122

6557414 autopush doesn't work in exclusive-IP zones
6574920 device_policy based privilege checking doesn't work well with sys_net_config/sys_ip_config


12