cvs commit: src/sys/kern kern_mac.c src/sys/security/mac
mac_internal.h mac_net.c src/sys/security/mac_biba mac_biba.c
src/sys/security/mac_lomac mac_lomac.c src/sys/security/mac_mls
mac_mls.c src/sys/security/mac_stub mac_stub.c ...
Robert Watson
rwatson at FreeBSD.org
Sun Nov 16 15:31:47 PST 2003
rwatson 2003/11/16 15:31:45 PST
FreeBSD src repository
Modified files:
sys/kern kern_mac.c
sys/security/mac mac_internal.h mac_net.c
sys/security/mac_biba mac_biba.c
sys/security/mac_lomac mac_lomac.c
sys/security/mac_mls mac_mls.c
sys/security/mac_stub mac_stub.c
sys/security/mac_test mac_test.c
sys/sys mac_policy.h
Log:
Implement sockets support for __mac_get_fd() and __mac_set_fd()
system calls, and prefer these calls over getsockopt()/setsockopt()
for ABI reasons. When addressing UNIX domain sockets, these calls
retrieve and modify the socket label, not the label of the
rendezvous vnode.
- Create mac_copy_socket_label() entry point based on
mac_copy_pipe_label() entry point, intended to copy the socket
label into temporary storage that doesn't require a socket lock
to be held (currently Giant).
- Implement mac_copy_socket_label() for various policies.
- Expose socket label allocation, free, internalize, externalize
entry points as non-static from mac_net.c.
- Use mac_socket_label_set() in __mac_set_fd().
MAC-aware applications may now use mac_get_fd(), mac_set_fd(), and
mac_get_peer() to retrieve and set various socket labels without
directly invoking the getsockopt() interface.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Revision Changes Path
1.107 +30 -0 src/sys/kern/kern_mac.c
1.109 +6 -0 src/sys/security/mac/mac_internal.h
1.109 +11 -7 src/sys/security/mac/mac_net.c
1.68 +1 -0 src/sys/security/mac_biba/mac_biba.c
1.22 +1 -0 src/sys/security/mac_lomac/mac_lomac.c
1.55 +1 -0 src/sys/security/mac_mls/mac_mls.c
1.34 +1 -0 src/sys/security/mac_stub/mac_stub.c
1.36 +9 -0 src/sys/security/mac_test/mac_test.c
1.44 +2 -0 src/sys/sys/mac_policy.h
More information about the cvs-src
mailing list