Subject: CVS commit: src
To: None <source-changes@NetBSD.org>
From: Christos Zoulas <christos@netbsd.org>
List: source-changes
Date: 08/11/2006 19:17:47
Module Name: src
Committed By: christos
Date: Fri Aug 11 19:17:47 UTC 2006
Modified Files:
src/lib/libc/gen: sysctl.3
src/share/man/man9: fileassoc.9 veriexec.9
src/sys/kern: kern_fileassoc.c kern_verifiedexec.c
src/sys/miscfs/specfs: spec_vnops.c
src/sys/sys: fileassoc.h verified_exec.h
Log Message:
Pretending to be Elad's keyboard:
fileassoc.diff adds a fileassoc_table_run() routine that allows you to
pass a callback to be called with every entry on a given mount.
veriexec.diff adds some raw device access policies: if raw disk is
opened at strict level 1, all fingerprints on this disk will be
invalidated as a safety measure. level 2 will not allow opening disk
for raw writing if we monitor it, and prevent raw writes to memory.
level 3 will not allow opening any disk for raw writing.
both update all relevant documentation.
veriexec concept is okay blymn@.
To generate a diff of this commit:
cvs rdiff -r1.177 -r1.178 src/lib/libc/gen/sysctl.3
cvs rdiff -r1.6 -r1.7 src/share/man/man9/fileassoc.9
cvs rdiff -r1.3 -r1.4 src/share/man/man9/veriexec.9
cvs rdiff -r1.5 -r1.6 src/sys/kern/kern_fileassoc.c
cvs rdiff -r1.65 -r1.66 src/sys/kern/kern_verifiedexec.c
cvs rdiff -r1.87 -r1.88 src/sys/miscfs/specfs/spec_vnops.c
cvs rdiff -r1.2 -r1.3 src/sys/sys/fileassoc.h
cvs rdiff -r1.38 -r1.39 src/sys/sys/verified_exec.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.