HBSD: Bump __HardenedBSD_version

Bump __HardenedBSD_version and document the new jail {no}allow.extattr in UPDATING-HardenedBSD. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
HardenedBSD · Dec 14, 2019 · f1cb4a2 · f1cb4a2
1 parent 3456347
commit f1cb4a2
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/UPDATING-HardenedBSD b/UPDATING-HardenedBSD
@@ -1,4 +1,20 @@
-[20181019] FreeBSD ASR with HardenedBSD ASLR
+[20191214] Jail parameter: {no}allow.extattr
+__HardenedBSD_version = 1300059
+
+	Provide a new jail configuration parameter: allow.extattr (and
+	noallow.extattr). Default: allow.
+	Allow setting system-level filesystem extended attributes by
+	default in a jailed environment.
+
+	Change the default system behavior to be more relaxed. Prior
+	to this change, privileged accounts in a jail could not set
+	system-level filesystem extended attributes. This change now
+	enables that ability by default.
+
+	This is iin preparation for hbsdcontrol integration with
+	ports/packages.
+
+[20191019] FreeBSD ASR with HardenedBSD ASLR
 __HardenedBSD_version = 1300059
 
 	FreeBSD merged in their incomplete Address Space Randomization

diff --git a/sys/sys/pax.h b/sys/sys/pax.h
@@ -32,7 +32,7 @@
 #ifndef	_SYS_PAX_H
 #define	_SYS_PAX_H
 
-#define	__HardenedBSD_version	1300059UL
+#define	__HardenedBSD_version	1300060UL
 
 #if defined(_KERNEL) || defined(_WANT_PRISON)
 typedef	uint32_t	pax_state_t;