CVS commit: [netbsd-3] src/sys/kern

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: [netbsd-3] src/sys/kern
From: Matthias Scheler <tron%netbsd.org@localhost>
Date: Sat, 2 Jul 2005 15:51:26 +0000 (UTC)

Module Name:    src
Committed By:   tron
Date:           Sat Jul  2 15:51:26 UTC 2005

Modified Files:
        src/sys/kern [netbsd-3]: vfs_syscalls.c

Log Message:
Pull up revision 1.222 (requested by elad in ticket #487):
More veriexec changes:
- Better organize strict level. Now we have 4 levels:
- Level 0, learning mode: Warnings only about anything that might've
resulted in 'access denied' or similar in a higher strict level.
- Level 1, IDS mode:
- Deny access on fingerprint mismatch.
- Deny modification of veriexec tables.
- Level 2, IPS mode:
- All implications of strict level 1.
- Deny write access to monitored files.
- Prevent removal of monitored files.
- Enforce access type - 'direct', 'indirect', or 'file'.
- Level 3, lockdown mode:
- All implications of strict level 2.
- Prevent creation of new files.
- Deny access to non-monitored files.
- Update sysctl(3) man-page with above. (date bumped too :)
- Remove FINGERPRINT_INDIRECT from possible fp_status values; it's no
longer needed.
- Simplify veriexec_removechk() in light of new strict level policies.
- Eliminate use of 'securelevel'; veriexec now behaves according to
its strict level only.


To generate a diff of this commit:
cvs rdiff -r1.217.2.2 -r1.217.2.3 src/sys/kern/vfs_syscalls.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: [netbsd-3] src/sys/dev
Next by Date: CVS commit: [netbsd-3] src/sys/kern
Previous by Thread: CVS commit: [netbsd-3] src/sys/dev
Next by Thread: CVS commit: [netbsd-3] src/sys/kern
Indexes:

Home | Main Index | Thread Index | Old Index