HBSD: Bump __HardenedBSD_version to 1500001

Following adding support for prohibiting new USB connections.

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
issue:		#88
MFC-to:		NEVER
This commit is contained in:
Shawn Webb 2024-01-24 00:31:56 +00:00
parent 8c06ccd9d5
commit 9017fcbd32
No known key found for this signature in database
2 changed files with 19 additions and 2 deletions

View File

@ -1,3 +1,20 @@
[20240124] Provide mechanism to disable new USB connections
__HardenedBSD_version = 1500001
HBSD: Provide support for prohibiting new USB device connections
This commit introduces the hardening.pax.prohibit_new_usb sysctl
tunable node. This node can be set to one of three values:
0: Disabled
1: Enabled
2: Enabled without possibility to disable
When set to 2, a reboot is required to end the prohibition on new USB
connections.
This is based on a patch by Loic F <loic.f@hardenedbsd.org>.
[20230826] Catch up with FreeBSD version bump to 15 [20230826] Catch up with FreeBSD version bump to 15
__HardenedBSD_version = 1500000 __HardenedBSD_version = 1500000

View File

@ -1,7 +1,7 @@
/*- /*-
* Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
* Copyright (c) 2013-2017, by Oliver Pinter <oliver.pinter@hardenedbsd.org> * Copyright (c) 2013-2017, by Oliver Pinter <oliver.pinter@hardenedbsd.org>
* Copyright (c) 2014-2023 by Shawn Webb <shawn.webb@hardenedbsd.org> * Copyright (c) 2014-2024 by Shawn Webb <shawn.webb@hardenedbsd.org>
* All rights reserved. * All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
@ -32,7 +32,7 @@
#ifndef _SYS_PAX_H #ifndef _SYS_PAX_H
#define _SYS_PAX_H #define _SYS_PAX_H
#define __HardenedBSD_version 1500000UL #define __HardenedBSD_version 1500001UL
#if defined(_KERNEL) || defined(_WANT_PRISON) #if defined(_KERNEL) || defined(_WANT_PRISON)
typedef uint32_t pax_state_t; typedef uint32_t pax_state_t;