cvs commit: src/sys/i386/i386 sys_machdep.c src/sys/kern
kern_linker.c kern_time.c src/sys/nfsserver nfs_syscalls.c
src/sys/security/mac mac_framework.h mac_policy.h mac_system.c
src/sys/security/mac_biba mac_biba.c src/sys/security/mac_lomac ...
Robert Watson
rwatson at FreeBSD.org
Sun Apr 22 15:31:23 UTC 2007
rwatson 2007-04-22 15:31:22 UTC
FreeBSD src repository
Modified files:
sys/i386/i386 sys_machdep.c
sys/kern kern_linker.c kern_time.c
sys/nfsserver nfs_syscalls.c
sys/security/mac mac_framework.h mac_policy.h mac_system.c
sys/security/mac_biba mac_biba.c
sys/security/mac_lomac mac_lomac.c
sys/security/mac_stub mac_stub.c
sys/security/mac_test mac_test.c
Log:
Remove MAC Framework access control check entry points made redundant with
the introduction of priv(9) and MAC Framework entry points for privilege
checking/granting. These entry points exactly aligned with privileges and
provided no additional security context:
- mac_check_sysarch_ioperm()
- mac_check_kld_unload()
- mac_check_settime()
- mac_check_system_nfsd()
Add mpo_priv_check() implementations to Biba and LOMAC policies, which,
for each privilege, determine if they can be granted to processes
considered unprivileged by those two policies. These mostly, but not
entirely, align with the set of privileges granted in jails.
Obtained from: TrustedBSD Project
Revision Changes Path
1.108 +0 -5 src/sys/i386/i386/sys_machdep.c
1.148 +0 -5 src/sys/kern/kern_linker.c
1.140 +0 -14 src/sys/kern/kern_time.c
1.114 +0 -8 src/sys/nfsserver/nfs_syscalls.c
1.80 +0 -4 src/sys/security/mac/mac_framework.h
1.88 +0 -8 src/sys/security/mac/mac_policy.h
1.111 +16 -47 src/sys/security/mac/mac_system.c
1.103 +179 -39 src/sys/security/mac_biba/mac_biba.c
1.47 +192 -17 src/sys/security/mac_lomac/mac_lomac.c
1.63 +0 -32 src/sys/security/mac_stub/mac_stub.c
1.73 +0 -36 src/sys/security/mac_test/mac_test.c
More information about the cvs-src
mailing list