cvs commit: src/sys/netinet tcp_subr.c src/sys/security/mac
mac_net.c src/sys/security/mac_biba mac_biba.c
src/sys/security/mac_lomac mac_lomac.c src/sys/security/mac_mls
mac_mls.c src/sys/security/mac_stub mac_stub.c ...
Robert Watson
rwatson at FreeBSD.org
Wed Dec 17 09:58:54 PST 2003
rwatson 2003/12/17 06:55:12 PST
FreeBSD src repository
Modified files:
sys/netinet tcp_subr.c
sys/security/mac mac_net.c
sys/security/mac_biba mac_biba.c
sys/security/mac_lomac mac_lomac.c
sys/security/mac_mls mac_mls.c
sys/security/mac_stub mac_stub.c
sys/security/mac_test mac_test.c
sys/sys mac.h mac_policy.h
Log:
Switch TCP over to using the inpcb label when responding in timed
wait, rather than the socket label. This avoids reaching up to
the socket layer during connection close, which requires locking
changes. To do this, introduce MAC Framework entry point
mac_create_mbuf_from_inpcb(), which is called from tcp_twrespond()
instead of calling mac_create_mbuf_from_socket() or
mac_create_mbuf_netlayer(). Introduce MAC Policy entry point
mpo_create_mbuf_from_inpcb(), and implementations for various
policies, which generally just copy label data from the inpcb to
the mbuf. Assert the inpcb lock in the entry point since we
require consistency for the inpcb label reference.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Revision Changes Path
1.170 +1 -4 src/sys/netinet/tcp_subr.c
1.111 +11 -0 src/sys/security/mac/mac_net.c
1.73 +13 -0 src/sys/security/mac_biba/mac_biba.c
1.26 +13 -0 src/sys/security/mac_lomac/mac_lomac.c
1.60 +13 -0 src/sys/security/mac_mls/mac_mls.c
1.37 +8 -0 src/sys/security/mac_stub/mac_stub.c
1.40 +10 -0 src/sys/security/mac_test/mac_test.c
1.53 +1 -0 src/sys/sys/mac.h
1.47 +3 -0 src/sys/sys/mac_policy.h
_______________________________________________
cvs-all at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe at freebsd.org"
More information about the cvs-src
mailing list