Subject: CVS commit: [netbsd-4] src
To: None <source-changes@NetBSD.org>
From: Matthias Scheler <tron@netbsd.org>
List: source-changes
Date: 08/14/2006 13:29:54
Module Name:	src
Committed By:	tron
Date:		Mon Aug 14 13:29:54 UTC 2006

Modified Files:
	src/lib/libc/gen [netbsd-4]: sysctl.3
	src/share/man/man9 [netbsd-4]: fileassoc.9 veriexec.9
	src/sys/kern [netbsd-4]: kern_fileassoc.c kern_verifiedexec.c
	src/sys/miscfs/specfs [netbsd-4]: spec_vnops.c
	src/sys/sys [netbsd-4]: fileassoc.h verified_exec.h

Log Message:
Pull up following revision(s) (requested by elad in ticket #15):
	sys/miscfs/specfs/spec_vnops.c: revision 1.88
	share/man/man9/fileassoc.9: revision 1.7
	sys/kern/kern_verifiedexec.c: revision 1.66
	sys/sys/verified_exec.h: revision 1.39
	sys/sys/fileassoc.h: revision 1.3
	lib/libc/gen/sysctl.3: revision 1.178
	share/man/man9/veriexec.9: revision 1.4
	sys/kern/kern_fileassoc.c: revision 1.6
Pretending to be Elad's keyboard:
fileassoc.diff adds a fileassoc_table_run() routine that allows you to
pass a callback to be called with every entry on a given mount.
veriexec.diff adds some raw device access policies: if raw disk is
opened at strict level 1, all fingerprints on this disk will be
invalidated as a safety measure. level 2 will not allow opening disk
for raw writing if we monitor it, and prevent raw writes to memory.
level 3 will not allow opening any disk for raw writing.
both update all relevant documentation.
veriexec concept is okay blymn@.


To generate a diff of this commit:
cvs rdiff -r1.177 -r1.177.2.1 src/lib/libc/gen/sysctl.3
cvs rdiff -r1.6 -r1.6.2.1 src/share/man/man9/fileassoc.9
cvs rdiff -r1.3 -r1.3.2.1 src/share/man/man9/veriexec.9
cvs rdiff -r1.5 -r1.5.2.1 src/sys/kern/kern_fileassoc.c
cvs rdiff -r1.65 -r1.65.2.1 src/sys/kern/kern_verifiedexec.c
cvs rdiff -r1.87 -r1.87.6.1 src/sys/miscfs/specfs/spec_vnops.c
cvs rdiff -r1.2 -r1.2.2.1 src/sys/sys/fileassoc.h
cvs rdiff -r1.38 -r1.38.2.1 src/sys/sys/verified_exec.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.