PERFORCE change 17681 for review
Chris Costello
chris at freebsd.org
Wed Sep 18 23:53:12 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=17681
Change 17681 by chris at chris_holly on 2002/09/18 16:52:58
Begin to move things around and make minor corrections as prescribed
by Garrett Wollman. This is actually a weeks-old change and will be
followed up by correctly organizing this document.
Here are a few points that should be made about this document:
o all relabel entry points are scattered, not under the right heading
o there were a few other grammar errors that have yet to be corrected
o every single entry point requires at least 26 lines of metadata
o Data is formatted in a suboptimal layout due to DocBook limitations
o on the current version, we're looking at hastily-written summaries
o catching-up needs to be done; this document is out of date
o Best thing to do after that is to mostly re-write each description
o over the next few weeks, I'll be carrying out those changes
o over the next few months, I'll decide whether or not I would like to
keep this document in the DocBook format, or possibly move it out
Affected files ...
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#16 edit
Differences ...
==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#16 (text+ko) ====
@@ -688,60 +688,6 @@
the root file system is mounted, after
&mac.mpo;_create_mount;.</para>
</sect4>
-
- <sect4 id="mac-mpo-vnode-relabel">
- <title><function>&mac.mpo;_vnode_relabel</function></title>
-
- <funcsynopsis>
- <funcprototype>
- <funcdef>void
- <function>&mac.mpo;_vnode_relabel</function></funcdef>
-
- <paramdef>struct ucred
- *<parameter>cred</parameter></paramdef>
- <paramdef>struct vnode
- *<parameter>vp</parameter></paramdef>
- <paramdef>struct label
- *<parameter>vnodelabel</parameter></paramdef>
- <paramdef>struct label
- *<parameter>newlabel</parameter></paramdef>
- </funcprototype>
- </funcsynopsis>
-
- <informaltable>
- <tgroup cols="3">
- &mac.thead;
-
- <tbody>
- <row>
- <entry><parameter>cred</parameter></entry>
- <entry>Subject credential</entry>
- </row>
-
- <row>
- <entry><parameter>vp</parameter></entry>
- <entry>vnode to relabel</entry>
- </row>
-
- <row>
- <entry><parameter>vnodelabel</parameter></entry>
- <entry>Existing policy label for
- <parameter>vp</parameter></entry>
- </row>
-
- <row>
- <entry><parameter>newlabel</parameter></entry>
- <entry>New, possibly partial label to replace
- <parameter>vnodelabel</parameter></entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
-
- <para>Update the label on the passed vnode given the passed
- update vnode label and the passed subject credential.</para>
- </sect4>
-
<sect4 id="mac-mpo-stdcreatevnode-ea">
<title><function>&mac.mpo;_stdcreatevnode_ea</function></title>
@@ -1233,7 +1179,7 @@
or prior to &man.accept.2;, depending on the protocol.</para>
</sect4>
- <sect4 id="mac-mpo-relabel-socekt">
+ <sect4 id="mac-mpo-relabel-socket">
<title><function>&mac.mpo;_socket_relabel</function></title>
<funcsynopsis>
@@ -2397,7 +2343,7 @@
</informaltable>
<para>Create the subject credential of process 1, the parent
- of all kernel processes.</para>
+ of all user processes.</para>
</sect4>
<sect4 id="mac-mpo-cred-relabel">
@@ -2449,7 +2395,7 @@
entry point will include one or more authorizing credentials,
information (possibly including a label) for any other objects
involved in the operation. An access control entry point may
- return 0 to permit the operation, and an &man.errno.2; error
+ return 0 to permit the operation, or an &man.errno.2; error
value. The results of invoking the entry point across various
registered policy modules will be composed as follows: if all
modules permit the operation to succeed, success will be
@@ -4733,6 +4679,59 @@
calls are not permitted to fail (failure should be reported
earlier in the relabel check).</para>
+ <sect3 id="mac-mpo-vnode-relabel">
+ <title><function>&mac.mpo;_vnode_relabel</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>void
+ <function>&mac.mpo;_vnode_relabel</function></funcdef>
+
+ <paramdef>struct ucred
+ *<parameter>cred</parameter></paramdef>
+ <paramdef>struct vnode
+ *<parameter>vp</parameter></paramdef>
+ <paramdef>struct label
+ *<parameter>vnodelabel</parameter></paramdef>
+ <paramdef>struct label
+ *<parameter>newlabel</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ <tbody>
+ <row>
+ <entry><parameter>cred</parameter></entry>
+ <entry>Subject credential</entry>
+ </row>
+
+ <row>
+ <entry><parameter>vp</parameter></entry>
+ <entry>vnode to relabel</entry>
+ </row>
+
+ <row>
+ <entry><parameter>vnodelabel</parameter></entry>
+ <entry>Existing policy label for
+ <parameter>vp</parameter></entry>
+ </row>
+
+ <row>
+ <entry><parameter>newlabel</parameter></entry>
+ <entry>New, possibly partial label to replace
+ <parameter>vnodelabel</parameter></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Update the label on the passed vnode given the passed
+ update vnode label and the passed subject credential.</para>
+ </sect3>
+
<sect3 id="mac-mpo-init-bpfdesc">
<title><function>&mac.mpo;_init_bpfdesc</function></title>
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list