PERFORCE change 20318 for review
Robert Watson
rwatson at freebsd.org
Tue Oct 29 00:08:28 GMT 2002
http://perforce.freebsd.org/chv.cgi?CH=20318
Change 20318 by rwatson at rwatson_tislabs on 2002/10/28 16:07:44
Integ a TrustedBSD base to loop back a number of cosmetic
and less cosmetic MAC changes, including the merge of the
mac.h oldmac removal, some cleanup in mac_biba.c.
Affected files ...
.. //depot/projects/trustedbsd/base/UPDATING#22 integrate
.. //depot/projects/trustedbsd/base/lib/libc/posix1e/mac_text.3#2 integrate
.. //depot/projects/trustedbsd/base/release/doc/fr_FR.ISO8859-1/installation/common/install.sgml#3 integrate
.. //depot/projects/trustedbsd/base/share/man/man7/Makefile#9 integrate
.. //depot/projects/trustedbsd/base/share/man/man7/maclabel.7#1 branch
.. //depot/projects/trustedbsd/base/share/man/man9/style.9#14 integrate
.. //depot/projects/trustedbsd/base/sys/geom/geom_disk.c#16 integrate
.. //depot/projects/trustedbsd/base/sys/geom/geom_dump.c#11 integrate
.. //depot/projects/trustedbsd/base/sys/geom/geom_int.h#5 integrate
.. //depot/projects/trustedbsd/base/sys/geom/geom_kern.c#10 integrate
.. //depot/projects/trustedbsd/base/sys/geom/geom_slice.c#12 integrate
.. //depot/projects/trustedbsd/base/sys/geom/geom_sunlabel.c#7 integrate
.. //depot/projects/trustedbsd/base/sys/kern/kern_mac.c#25 integrate
.. //depot/projects/trustedbsd/base/sys/kern/uipc_socket.c#21 integrate
.. //depot/projects/trustedbsd/base/sys/kern/uipc_usrreq.c#15 integrate
.. //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.c#16 integrate
.. //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.h#4 integrate
.. //depot/projects/trustedbsd/base/sys/security/mac_mls/mac_mls.h#4 integrate
.. //depot/projects/trustedbsd/base/sys/sys/mac.h#16 integrate
.. //depot/projects/trustedbsd/base/sys/sys/sun_disklabel.h#2 integrate
.. //depot/projects/trustedbsd/base/usr.bin/make/Makefile#8 integrate
.. //depot/projects/trustedbsd/base/usr.bin/make/job.c#10 integrate
.. //depot/projects/trustedbsd/base/usr.bin/make/nonints.h#7 integrate
.. //depot/projects/trustedbsd/base/usr.bin/make/str.c#7 integrate
.. //depot/projects/trustedbsd/base/usr.bin/make/var.c#10 integrate
.. //depot/projects/trustedbsd/base/usr.bin/make/var.h#1 branch
.. //depot/projects/trustedbsd/base/usr.bin/make/var_modify.c#1 branch
.. //depot/projects/trustedbsd/base/usr.sbin/sysinstall/wizard.c#4 integrate
Differences ...
==== //depot/projects/trustedbsd/base/UPDATING#22 (text+ko) ====
@@ -1030,7 +1030,7 @@
<make sure you have good level 0 dumps>
<maybe fix /etc/fstab> [7]
- make buildworld
+ make buildworld [9]
make buildkernel KERNCONF=YOUR_KERNEL_HERE [8]
cp src/sys/${MACHINE}/conf/GENERIC.hints /boot/device.hints [2]
make installkernel KERNCONF=YOUR_KERNEL_HERE
@@ -1111,6 +1111,8 @@
option in your kernel. Failure to do so may leave you with a system
that is hard to boot to recover.
+ [9] When checking out sources, you must include the -P flag to have
+ cvs prune empty directories.
FORMAT:
This file contains a list, in reverse chronological order, of major
@@ -1144,4 +1146,4 @@
Contact Warner Losh if you have any questions about your use of
this document.
-$FreeBSD: src/UPDATING,v 1.225 2002/10/27 06:31:37 imp Exp $
+$FreeBSD: src/UPDATING,v 1.226 2002/10/28 21:33:10 imp Exp $
==== //depot/projects/trustedbsd/base/lib/libc/posix1e/mac_text.3#2 (text+ko) ====
@@ -31,7 +31,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD: src/lib/libc/posix1e/mac_text.3,v 1.1 2002/08/02 21:14:42 rwatson Exp $
+.\" $FreeBSD: src/lib/libc/posix1e/mac_text.3,v 1.2 2002/10/28 23:06:04 chris Exp $
.Dd December 21, 2001
.Dt MAC_TEXT 3
.Sh NAME
@@ -63,49 +63,9 @@
.Fa *len_p
to the length of the returned string.
.Pp
-.Fx
-uses the following format
-for MAC policy text representations:
-.Pp
-.Dl Sy policy Ns No / Ns Sy qualifier
-.Pp
-Where
-.Sy policy
-can be one of
-.Dq biba ,
-.Dq mls ,
-or
-.Dq te .
-.Pp
-Valid labels can have the following arguments for
-.Sy qualifier ,
-depending on the value of
-.Sy policy .
-.Bl -tag -width "Policy" -offset indent
-.It Em Policy
-.Em Qualifier
-.It biba
-.Dq high ,
-.Dq low ,
-.Dq equal ,
-or a numeric grade.
-.It mls
-.Dq high ,
-.Dq low ,
-.Dq equal ,
-or a numeric level.
-.It te
-Types for
-.Dq te
-consist of a type name which must
-neither be empty nor exceed the length limit for the label.
-.El
-.Pp
-All policies must be present
-in a comma-separated list,
-but may be in any order
-(see
-.Sx EXAMPLES ) .
+Refer to
+.Xr maclabel 7
+for the MAC label format.
.Sh RETURN VALUES
The
.Fn mac_from_text
@@ -130,13 +90,6 @@
upon failure, setting
.Va errno
to indicate the error.
-.Sh EXAMPLES
-The following are valid MAC labels:
-.Bd -literal -offset indent
-biba/high,mls/low,te/none
-biba/low,mls/low,te/none
-biba/low,mls/3,te/none
-.Ed
.Sh COMPATIBILITY
POSIX.1e does not define
a text format for text representations
@@ -158,7 +111,8 @@
.Xr mac 3 ,
.Xr mac_free 3 ,
.Xr mac_get 3 ,
-.Xr mac_set 3
+.Xr mac_set 3 ,
+.Xr maclabel 7
.Sh STANDARDS
POSIX.1e is described in IEEE POSIX.1e draft 17.
Discussion of the draft
==== //depot/projects/trustedbsd/base/release/doc/fr_FR.ISO8859-1/installation/common/install.sgml#3 (text+ko) ====
@@ -3,7 +3,7 @@
The FreeBSD French Documentation Project
$Id$
- $FreeBSD: src/release/doc/fr_FR.ISO8859-1/installation/common/install.sgml,v 1.6 2002/10/27 20:26:56 gioria Exp $
+ $FreeBSD: src/release/doc/fr_FR.ISO8859-1/installation/common/install.sgml,v 1.7 2002/10/28 21:46:50 gioria Exp $
Original revision: 1.14
This file has architecture-dependent installation instructions, culled
@@ -645,7 +645,7 @@
</sect4>
<sect4>
- <title>Conseils d'installation NFS</title>
+ <title>Conseils d'installation via NFS</title>
<para>L'installation via NFS est très simple: copiez
simplement les fichiers des distributions de &os, dont vous
@@ -684,104 +684,110 @@
</sect4>
<sect4>
- <title>FTP Installation tips</title>
+ <title>Conseils d'installation via FTP</title>
- <para>FTP installation may be done from any mirror site containing a
- reasonably up-to-date version of &os;. A full menu of
- reasonable choices for almost any location in the world is
- provided in the FTP site menu during installation.</para>
+ <para>L'installation via FTP peut se faire depuis n'importe
+ quel site mirroir raisonnablement à jour de &os;. Un menu
+ complet comportant un nombre de choix raisonnalbe pour
+ différents pays se trouve dans le menu site FTP lors de
+ l'installation.</para>
- <para>If you are installing from some other FTP site not listed in
- this menu, or you are having troubles getting your name server
- configured properly, you can also specify your own URL by
- selecting the <quote>URL</quote> choice in that menu. A URL can
- contain a hostname or an IP address, so something like the following would
- work in the absence of a name server:</para>
+ <para>Si vous installez depuis un autre site FTP que un de
+ ceux fournit dans le menu, ou si vous avez des soucis avec
+ votre serveur de noms, vous pouvez spécifier votre propre URL
+ en sélectionnant le choix <quote>URL</quote> dans le menu. Une
+ URL peut contenir un nom de machine ou une adresse IP, donc
+ quelque chose comme ce qui suit doit fonctionner en l'absence
+ d'un serveur de nom:</para>
<screen>ftp://216.66.64.162/pub/FreeBSD/releases/&arch;/4.2-RELEASE</screen>
- <para>There are three FTP installation modes you can use:
+ <para>Il y a trois modes d'installation FTP disponibles:
<itemizedlist>
<listitem>
- <para>FTP: This method uses the standard
- <quote>Active</quote> mode for transfers, in which the
- server initiates a connection to the client. This will
- not work through most firewalls but will often work best
- with older FTP servers that do not support passive mode.
- If your connection hangs with passive mode, try this
- one.</para>
+ <para>FTP: Cette méthode utilise le mode
+ <quote>Actif</quote> standard pour les transferts. Ce
+ mode peut ne pas fonctionner correctement à travers la
+ plupart des firewalls mais risque de fonctionner très
+ bien avec les vieux serveurs FTP qui ne supporte pas le
+ mode passif. Si votre connection se bloque avec le mode
+ passif, utilisez ce mode.</para>
</listitem>
<listitem>
- <para>FTP Passive: This sets the FTP "Passive" mode
- which prevents the server from opening connections to
- the client. This option is best for users to pass
- through firewalls that do not allow incoming connections
- on random port addresses.</para>
+ <para>FTP Passive: Ce mode active le mode FTP
+ "Passif". Cette option est la meilleure pour les
+ personnes nécessitant de traverser des firewalls qui
+ n'autorise pas les connexions entrantes sur des ports
+ aléatoires.</para>
</listitem>
<listitem>
- <para>FTP via an HTTP proxy: This option instructs &os;
- to use HTTP to connect to a proxy for all FTP
- operations. The proxy will translate the requests and
- send them to the FTP server. This allows the user to
- pass through firewalls that do not allow FTP at all, but
- offer an HTTP proxy. You must specify the hostname of
- the proxy in addition to the FTP server.</para>
+ <para>FTP via an HTTP proxy: Cette option informe &os;
+ d'utiliser un proxy HTTP pour toute connexion FTP. Le
+ proxy transforme alors les requètes et les envoient au
+ serveur FTP. Cela permet à l'utilisateur de traverser
+ certains firewalls qui n'autorisent pas le FTP, mais
+ offre une fonction de proxy HTTP. Vous devez fournir
+ l'adresse du proxy en plus du nom du serveur FTP.</para>
- <para>In the rare case that you have an FTP proxy that
- does not go through HTTP, you can specify the URL as
- something like:</para>
+ <para>Dans certains cas, très rare, ou vous disposez
+ d'un proxy FTP, mais qui ne supporte pas les requètes
+ HTTP, vous pouvez spécifier l'URL comme ceci:</para>
<screen><userinput>ftp://foo.bar.com:<replaceable>port</replaceable>/pub/FreeBSD</userinput></screen>
- <para>In the URL above, <replaceable>port</replaceable>
- is the port number of the proxy FTP server.</para>
+ <para>Dans l'URL ci-dessus, <replaceable>port</replaceable>
+ correspond au numéro du port du serveur FTP proxy.</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
- <title>Tips for Serial Console Users</title>
+ <title>Conseils pour les utilisateurs de console série</title>
- <para>If you'd like to install &os; on a machine using just a
- serial port (e.g. you don't have or wish to use a VGA card),
- please follow these steps:</para>
+ <para>Si vous désirez installer &os; sur une machine en
+ utilisant uniquement un port série (e.g. si vous ne disposez pas
+ d'une carte graphique), suivez les instructions suivantes:</para>
<procedure>
<step>
- <para>Connect some sort of ANSI (vt100) compatible terminal
- or terminal emulation program to the <devicename>COM1</devicename> port of the PC you
- are installing &os; onto.</para>
+ <para>Connectez un terminal compatible ANSI (vt100) ou un
+ programme d'émulation de terminal sur le port
+ <devicename>COM1</devicename> du PC sur lequel vous désirez
+ installer &os;.</para>
</step>
<step>
- <para>Unplug the keyboard (yes, that's correct!) and then
- try to boot from floppy or the installation CDROM, depending
- on the type of installation media you have, with the
- keyboard unplugged.</para>
+ <para>Débranchez le clavier (oui vous avez bien lu!) et
+ essayez de démarrer depuis une disquette ou depuis le CDROM
+ d'installation, en fonction du type de média d'installation
+ en votre possession, avec le clavier débranché.</para>
</step>
<step>
- <para>If you don't get any output on your serial console,
- plug the keyboard in again and wait for some beeps. If you
- are booting from the CDROM, proceed to <xref
- linkend="hitspace"> as soon as you
- hear the beep.</para>
+ <para>Si vous n'obtenez aucun caractère sur votre console
+ série, branchez le clavier et attendez des sonneries. Si
+ vous démarrez depuis le CDROM, allez à <xref
+ linkend="hitspace"> aussi vite que possible.</para>
</step>
<step>
- <para>For a floppy boot, the first beep means to remove the
- <filename>kern.flp</filename> floppy and insert the
- <filename>mfsroot.flp</filename> floppy, after
- which you should press <keycap>Enter</keycap> and wait for another beep.</para>
+ <para>Pour une installation via des disquettes, la première
+ sonnerie indique de retirer la disquette
+ <filename>kern.flp</filename> et d'insérer la disquette
+ <filename>mfsroot.flp</filename> puis appuyez sur la touche
+ <keycap>Enter</keycap> et attendez une autre sonnerie.</para>
</step>
<step id="hitspace">
- <para>Hit the space bar, then enter</para>
+ <para>Appuyez sur la barre d'espace et entrez</para>
<screen><userinput>boot -h</userinput></screen>
- <para>and you should now definitely be seeing everything on
- the serial port. If that still doesn't work, check your
- serial cabling as well as the settings on your terminal
- emulation program or actual terminal device. It should be
- set for 9600 baud, 8 bits, no parity.</para>
+ <para>Et vous deviez enfin voir des choses sur le port
+ série. Si cela ne fonctionne pas, vérifier
+ votre cablage série et vos préférences
+ de l'émulateur de terminal ou le
+ périphérique. Il doivent être
+ configurés en 9600 baud, 8bits, pas de
+ parité.</para>
+
</step>
</procedure>
</sect3>
==== //depot/projects/trustedbsd/base/share/man/man7/Makefile#9 (text+ko) ====
@@ -1,9 +1,9 @@
# @(#)Makefile 8.1 (Berkeley) 6/5/93
-# $FreeBSD: src/share/man/man7/Makefile,v 1.24 2002/07/06 20:30:29 chris Exp $
+# $FreeBSD: src/share/man/man7/Makefile,v 1.25 2002/10/28 22:54:54 chris Exp $
#MISSING: eqnchar.7 ms.7 term.7
MAN= ascii.7 build.7 clocks.7 environ.7 firewall.7 ffs.7 hier.7 \
- hostname.7 intro.7 mailaddr.7 operator.7 ports.7 release.7 \
+ hostname.7 intro.7 maclabel.7 mailaddr.7 operator.7 ports.7 release.7 \
sdoc.7 security.7 sprog.7 stdint.7 tuning.7
MLINKS= intro.7 miscellaneous.7
==== //depot/projects/trustedbsd/base/share/man/man9/style.9#14 (text+ko) ====
@@ -43,7 +43,7 @@
* Style guide for FreeBSD. Based on the CSRG's KNF (Kernel Normal Form).
*
* @(#)style 1.14 (Berkeley) 4/28/95
- * $FreeBSD: src/share/man/man9/style.9,v 1.93 2002/09/10 14:48:38 robert Exp $
+ * $FreeBSD: src/share/man/man9/style.9,v 1.94 2002/10/28 19:33:22 rwatson Exp $
*/
/*
@@ -82,11 +82,11 @@
#if 0
#ifndef lint
static char sccsid[] = "@(#)style 1.14 (Berkeley) 4/28/95";
-#endif /* not lint */
+#endif /* !lint */
#endif
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/share/man/man9/style.9,v 1.93 2002/09/10 14:48:38 robert Exp $");
+__FBSDID("$FreeBSD: src/share/man/man9/style.9,v 1.94 2002/10/28 19:33:22 rwatson Exp $");
.Ed
.Pp
Leave another blank line before the header files.
@@ -180,6 +180,68 @@
} while (0)
.Ed
.Pp
+When code blocks are conditionally defined using
+.Ic #ifdef
+or
+.Ic #if ,
+a comment may be added following the matching
+.Ic #endif
+or
+.Ic #else
+to permit the reader to easily discern where conditionally defined code
+regions end.
+This comment should be used only for (subjectively) long regions, regions
+greater than 20 lines, or where a series of nested
+.Ic #ifdef 's
+may be confusing to the reader.
+Exceptions may be made for cases where code is contionally undefined for
+the purposes of lint, even though the undefined region may be small.
+The comment shall be seperated from the
+.Ic #endif
+or
+.Ic #else
+by a single space.
+For short conditionally defined regions, a closing comment should not be
+used.
+.Pp
+The comment for
+.Ic #endif
+should match the expression used in
+.Ic #if
+or
+.Ic #ifdef .
+The comment for
+.Ic #else
+should be the inverse of the expression used in the previous
+.Ic #if
+or
+.Ic #elsif .
+In the comments, the subexpression
+.Dq Li defined(FOO)
+is abbreviated as
+.Dq Li FOO .
+For the purposes of comments,
+.Dq Ic #ifndef Li FOO
+is treated as
+.Dq Ic #if Li !defined(FOO) .
+.Bd -literal
+#ifdef KTRACE
+#include <sys/ktrace.h>
+#endif
+
+#ifdef COMPAT_43
+/* A long block here, or other conditional code. */
+#else /* !COMPAT_43 */
+/* Or here. */
+#endif /* COMPAT_43 */
+
+#ifndef COMPAT_43
+/* Yet another long block here, or other conditional code. */
+#else /* COMPAT_43 */
+/* Or here. */
+#endif /* !COMPAT_43*/
+.Ed
+.Pp
Enumeration values are all uppercase.
.Bd -literal
enum enumtype { ONE, TWO } et;
==== //depot/projects/trustedbsd/base/sys/geom/geom_disk.c#16 (text+ko) ====
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/geom/geom_disk.c,v 1.31 2002/10/25 20:09:45 phk Exp $
+ * $FreeBSD: src/sys/geom/geom_disk.c,v 1.32 2002/10/28 22:43:54 phk Exp $
*/
#include "opt_geom.h"
@@ -208,6 +208,11 @@
struct disk *dp;
dp = gp->softc;
+ if (indent == NULL) {
+ sbuf_printf(sb, " hd %u", dp->d_fwheads);
+ sbuf_printf(sb, " sc %u", dp->d_fwsectors);
+ return;
+ }
if (pp != NULL) {
sbuf_printf(sb, "%s<fwheads>%u</fwheads>\n",
indent, dp->d_fwheads);
==== //depot/projects/trustedbsd/base/sys/geom/geom_dump.c#11 (text+ko) ====
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/geom/geom_dump.c,v 1.15 2002/10/20 19:18:06 phk Exp $
+ * $FreeBSD: src/sys/geom/geom_dump.c,v 1.16 2002/10/28 22:43:54 phk Exp $
*/
@@ -116,6 +116,50 @@
wakeup(p);
}
+static void
+g_conftxt_geom(struct sbuf *sb, struct g_geom *gp, int level)
+{
+ struct g_provider *pp;
+ struct g_consumer *cp;
+
+ LIST_FOREACH(pp, &gp->provider, provider) {
+ sbuf_printf(sb, "%d %s %s %ju %u", level, gp->class->name,
+ pp->name, (uintmax_t)pp->mediasize, pp->sectorsize);
+ gp->dumpconf(sb, NULL, gp, NULL, pp);
+ sbuf_printf(sb, "\n");
+ LIST_FOREACH(cp, &pp->consumers, consumers)
+ g_conftxt_geom(sb, cp->geom, level + 1);
+ }
+}
+
+static void
+g_conftxt_class(struct sbuf *sb, struct g_class *mp)
+{
+ struct g_geom *gp;
+
+ LIST_FOREACH(gp, &mp->geom, geom)
+ g_conftxt_geom(sb, gp, 0);
+}
+
+void
+g_conftxt(void *p)
+{
+ struct g_class *mp;
+ struct sbuf *sb;
+
+ sb = p;
+ g_topology_assert();
+ LIST_FOREACH(mp, &g_classes, class)
+ if (!strcmp(mp->name, "DISK"))
+ break;
+ if (mp != NULL)
+ g_conftxt_class(sb, mp);
+ else
+ printf("no DISK\n");
+ sbuf_finish(sb);
+ wakeup(p);
+}
+
static void
g_conf_consumer(struct sbuf *sb, struct g_consumer *cp)
==== //depot/projects/trustedbsd/base/sys/geom/geom_int.h#5 (text+ko) ====
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/geom/geom_int.h,v 1.6 2002/10/04 10:38:36 phk Exp $
+ * $FreeBSD: src/sys/geom/geom_int.h,v 1.7 2002/10/28 22:43:54 phk Exp $
*/
LIST_HEAD(class_list_head, g_class);
@@ -73,6 +73,7 @@
void g_confxml(void *);
void g_conf_specific(struct sbuf *sb, struct g_class *mp, struct g_geom *gp, struct g_provider *pp, struct g_consumer *cp);
void g_confdot(void *);
+void g_conftxt(void *);
/* geom_event.c */
==== //depot/projects/trustedbsd/base/sys/geom/geom_kern.c#10 (text+ko) ====
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/geom/geom_kern.c,v 1.13 2002/10/25 20:09:45 phk Exp $
+ * $FreeBSD: src/sys/geom/geom_kern.c,v 1.14 2002/10/28 22:43:54 phk Exp $
*/
#include <sys/param.h>
@@ -160,6 +160,23 @@
}
static int
+sysctl_kern_geom_conftxt(SYSCTL_HANDLER_ARGS)
+{
+ int error;
+ struct sbuf *sb;
+
+ sb = sbuf_new(NULL, NULL, 0, SBUF_AUTOEXTEND);
+ sbuf_clear(sb);
+ g_call_me(g_conftxt, sb);
+ do {
+ tsleep(sb, PZERO, "g_dot", hz);
+ } while(!sbuf_done(sb));
+ error = SYSCTL_OUT(req, sbuf_data(sb), sbuf_len(sb) + 1);
+ sbuf_delete(sb);
+ return error;
+}
+
+static int
sysctl_kern_geom_confdot(SYSCTL_HANDLER_ARGS)
{
int error;
@@ -197,11 +214,15 @@
SYSCTL_PROC(_kern_geom, OID_AUTO, confxml, CTLTYPE_STRING|CTLFLAG_RD,
0, 0, sysctl_kern_geom_confxml, "A",
- "Dump the GEOM config");
+ "Dump the GEOM config in XML");
SYSCTL_PROC(_kern_geom, OID_AUTO, confdot, CTLTYPE_STRING|CTLFLAG_RD,
0, 0, sysctl_kern_geom_confdot, "A",
- "Dump the GEOM config");
+ "Dump the GEOM config in dot");
+
+SYSCTL_PROC(_kern_geom, OID_AUTO, conftxt, CTLTYPE_STRING|CTLFLAG_RD,
+ 0, 0, sysctl_kern_geom_conftxt, "A",
+ "Dump the GEOM config in txt");
SYSCTL_INT(_kern_geom, OID_AUTO, debugflags, CTLFLAG_RW,
&g_debugflags, 0, "");
==== //depot/projects/trustedbsd/base/sys/geom/geom_slice.c#12 (text+ko) ====
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/geom/geom_slice.c,v 1.25 2002/10/25 20:09:45 phk Exp $
+ * $FreeBSD: src/sys/geom/geom_slice.c,v 1.26 2002/10/28 22:43:54 phk Exp $
*/
@@ -206,6 +206,12 @@
struct g_slicer *gsp;
gsp = gp->softc;
+ if (indent == NULL) {
+ sbuf_printf(sb, " i %u", pp->index);
+ sbuf_printf(sb, " o %ju",
+ (uintmax_t)gsp->slices[pp->index].offset);
+ return;
+ }
if (gp != NULL && (pp == NULL && cp == NULL)) {
sbuf_printf(sb, "%s<frontstuff>%ju</frontstuff>\n",
indent, (intmax_t)gsp->frontstuff);
==== //depot/projects/trustedbsd/base/sys/geom/geom_sunlabel.c#7 (text+ko) ====
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/geom/geom_sunlabel.c,v 1.17 2002/10/20 20:28:24 phk Exp $
+ * $FreeBSD: src/sys/geom/geom_sunlabel.c,v 1.18 2002/10/28 22:42:20 phk Exp $
*/
@@ -59,7 +59,9 @@
#define SUNLABEL_CLASS_NAME "SUN"
struct g_sunlabel_softc {
- int foo;
+ int nheads;
+ int nsects;
+ int nalt;
};
static int
@@ -78,8 +80,16 @@
static void
g_sunlabel_dumpconf(struct sbuf *sb, char *indent, struct g_geom *gp, struct g_consumer *cp __unused, struct g_provider *pp)
{
+ struct g_slicer *gsp;
+ struct g_sunlabel_softc *ms;
+ gsp = gp->softc;
+ ms = gsp->softc;
g_slice_dumpconf(sb, indent, gp, cp, pp);
+ if (indent == NULL) {
+ sbuf_printf(sb, " sc %u hd %u alt %u",
+ ms->nsects, ms->nheads, ms->nalt);
+ }
}
static struct g_geom *
@@ -151,8 +161,11 @@
printf("v_head %d\n", g_dec_be2(buf + 436));
printf("v_sec %d\n", g_dec_be2(buf + 438));
}
+ ms->nalt = g_dec_be2(buf + 434);
+ ms->nheads = g_dec_be2(buf + 436);
+ ms->nsects = g_dec_be2(buf + 438);
- csize = g_dec_be2(buf + 436) * g_dec_be2(buf + 438);
+ csize = ms->nheads * ms->nsects;
for (i = 0; i < 8; i++) {
v = g_dec_be4(buf + 444 + i * 8);
==== //depot/projects/trustedbsd/base/sys/kern/kern_mac.c#25 (text+ko) ====
@@ -36,7 +36,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/kern/kern_mac.c,v 1.53 2002/10/27 15:50:49 rwatson Exp $
+ * $FreeBSD: src/sys/kern/kern_mac.c,v 1.54 2002/10/28 18:53:53 rwatson Exp $
*/
/*
* Developed by the TrustedBSD Project.
@@ -3014,8 +3014,6 @@
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_system_reboot");
-
if (!mac_enforce_system)
return (0);
==== //depot/projects/trustedbsd/base/sys/kern/uipc_socket.c#21 (text+ko) ====
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)uipc_socket.c 8.3 (Berkeley) 4/15/94
- * $FreeBSD: src/sys/kern/uipc_socket.c,v 1.132 2002/10/05 21:23:46 rwatson Exp $
+ * $FreeBSD: src/sys/kern/uipc_socket.c,v 1.133 2002/10/28 21:17:53 rwatson Exp $
*/
#include "opt_inet.h"
@@ -1265,7 +1265,7 @@
u_long val;
#ifdef MAC
struct mac extmac;
-#endif /* MAC */
+#endif
error = 0;
if (sopt->sopt_level != SOL_SOCKET) {
@@ -1400,9 +1400,9 @@
error = mac_setsockopt_label_set(
sopt->sopt_td->td_ucred, so, &extmac);
-#else /* MAC */
+#else
error = EOPNOTSUPP;
-#endif /* MAC */
+#endif
break;
default:
error = ENOPROTOOPT;
@@ -1462,7 +1462,7 @@
#endif
#ifdef MAC
struct mac extmac;
-#endif /* MAC */
+#endif
error = 0;
if (sopt->sopt_level != SOL_SOCKET) {
@@ -1551,9 +1551,9 @@
if (error)
return (error);
error = sooptcopyout(sopt, &extmac, sizeof extmac);
-#else /* MAC */
+#else
error = EOPNOTSUPP;
-#endif /* MAC */
+#endif
break;
case SO_PEERLABEL:
#ifdef MAC
@@ -1562,9 +1562,9 @@
if (error)
return (error);
error = sooptcopyout(sopt, &extmac, sizeof extmac);
-#else /* MAC */
+#else
error = EOPNOTSUPP;
-#endif /* MAC */
+#endif
break;
default:
error = ENOPROTOOPT;
==== //depot/projects/trustedbsd/base/sys/kern/uipc_usrreq.c#15 (text+ko) ====
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* From: @(#)uipc_usrreq.c 8.3 (Berkeley) 1/4/94
- * $FreeBSD: src/sys/kern/uipc_usrreq.c,v 1.97 2002/10/17 15:52:42 robert Exp $
+ * $FreeBSD: src/sys/kern/uipc_usrreq.c,v 1.98 2002/10/28 21:17:53 rwatson Exp $
*/
#include "opt_mac.h"
@@ -644,7 +644,7 @@
#ifdef MAC
error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
&vattr);
-#endif /* MAC */
+#endif
if (error == 0) {
VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE);
error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr);
==== //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.c#16 (text+ko) ====
@@ -34,7 +34,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac_biba/mac_biba.c,v 1.29 2002/10/26 14:38:22 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac_biba/mac_biba.c,v 1.32 2002/10/28 19:18:29 rwatson Exp $
*/
/*
@@ -312,12 +312,12 @@
}
static int
-mac_biba_subject_equal_ok(struct mac_biba *mac_biba)
+mac_biba_subject_privileged(struct mac_biba *mac_biba)
{
KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAGS_BOTH) ==
MAC_BIBA_FLAGS_BOTH,
- ("mac_biba_subject_equal_ok: subject doesn't have both labels"));
+ ("mac_biba_subject_privileged: subject doesn't have both labels"));
/* If the single is EQUAL, it's ok. */
if (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_EQUAL)
@@ -337,6 +337,7 @@
return (EPERM);
}
+static int
mac_biba_high_single(struct mac_biba *mac_biba)
{
@@ -1159,6 +1160,7 @@
!strvalid(trusted_interfaces, sizeof(trusted_interfaces)))
goto set;
+ bzero(tiflist, sizeof(tiflist));
for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++)
if(*p != ' ' && *p != '\t')
*q = *p;
@@ -1175,6 +1177,11 @@
grade = MAC_BIBA_TYPE_HIGH;
break;
}
+ } else {
+ *p = '\0';
+ printf("mac_biba warning: interface name "
+ "\"%s\" is too long (must be < %d)\n",
+ q, IFNAMSIZ);
}
if (*p == '\0')
break;
@@ -1470,7 +1477,7 @@
* their label.
*/
if (mac_biba_contains_equal(new)) {
- error = mac_biba_subject_equal_ok(subj);
+ error = mac_biba_subject_privileged(subj);
if (error)
return (error);
}
@@ -1667,7 +1674,7 @@
* subject must have appropriate privilege.
*/
if (mac_biba_contains_equal(new)) {
- error = mac_biba_subject_equal_ok(subj);
+ error = mac_biba_subject_privileged(subj);
if (error)
return (error);
}
@@ -1829,7 +1836,7 @@
* the subject must have appropriate privilege.
*/
if (mac_biba_contains_equal(new)) {
- error = mac_biba_subject_equal_ok(subj);
+ error = mac_biba_subject_privileged(subj);
if (error)
return (error);
}
@@ -2215,7 +2222,7 @@
* the subject must have appropriate privilege.
*/
if (mac_biba_contains_equal(new)) {
- error = mac_biba_subject_equal_ok(subj);
+ error = mac_biba_subject_privileged(subj);
if (error)
return (error);
}
==== //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.h#4 (text+ko) ====
@@ -34,7 +34,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac_biba/mac_biba.h,v 1.3 2002/10/22 14:31:34 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac_biba/mac_biba.h,v 1.4 2002/10/28 19:44:05 rwatson Exp $
*/
/*
* Definitions for the TrustedBSD Biba integrity policy module.
@@ -61,6 +61,33 @@
* MAC_BIBA_TYPE_LABEL. */
/*
+ * Structures and constants associated with a Biba Integrity policy.
+ * mac_biba represents a Biba label, with mb_type determining its properties,
+ * and mb_grade represents the hierarchal grade if valid for the current
+ * mb_type.
+ */
+
+#define MAC_BIBA_MAX_COMPARTMENTS 256
+
+struct mac_biba_element {
+ u_short mbe_type;
+ u_short mbe_grade;
+ u_char mbe_compartments[MAC_BIBA_MAX_COMPARTMENTS >> 3];
+};
+
+/*
+ * Biba labels consist of two components: a single label, and a label
+ * range. Depending on the context, one or both may be used; the mb_flags
+ * field permits the provider to indicate what fields are intended for
+ * use.
+ */
+struct mac_biba {
+ int mb_flags;
+ struct mac_biba_element mb_single;
+ struct mac_biba_element mb_rangelow, mb_rangehigh;
+};
+
+/*
* Biba compartments bit test/set macros.
* The range is 1 to MAC_BIBA_MAX_COMPARTMENTS.
*/
==== //depot/projects/trustedbsd/base/sys/security/mac_mls/mac_mls.h#4 (text+ko) ====
@@ -34,7 +34,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac_mls/mac_mls.h,v 1.3 2002/10/22 14:31:34 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac_mls/mac_mls.h,v 1.5 2002/10/28 19:50:06 rwatson Exp $
*/
/*
* Definitions for the TrustedBSD MLS confidentiality policy module.
@@ -61,6 +61,38 @@
* MAC_MLS_TYPE_LABEL. */
/*
+ * Structures and constants associated with a Multi-Level Security policy.
+ * mac_mls represents an MLS label, with mm_type determining its properties,
+ * and mm_level represents the hierarchal sensitivity level if valid for the
+ * current mm_type. If compartments are used, the same semantics apply as
+ * long as the suject is in every compartment the object is in. LOW, EQUAL
+ * and HIGH cannot be in compartments.
+ */
+
+/*
+ * MLS compartments bit set size (in bits).
+ */
+#define MAC_MLS_MAX_COMPARTMENTS 256
+
+struct mac_mls_element {
+ u_short mme_type;
+ u_short mme_level;
+ u_char mme_compartments[MAC_MLS_MAX_COMPARTMENTS >> 3];
+};
+
+/*
+ * MLS labels consist of two components: a single label, and a label
+ * range. Depending on the context, one or both may be used; the mb_flags
+ * field permits the provider to indicate what fields are intended for
+ * use.
+ */
+struct mac_mls {
+ int mm_flags;
+ struct mac_mls_element mm_single;
+ struct mac_mls_element mm_rangelow, mm_rangehigh;
+};
+
+/*
* MLS compartments bit test/set macros.
* The range is 1 to MAC_MLS_MAX_COMPARTMENTS.
*/
==== //depot/projects/trustedbsd/base/sys/sys/mac.h#16 (text+ko) ====
@@ -34,7 +34,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list