PERFORCE change 23708 for review
Chris Costello
chris at freebsd.org
Tue Jan 14 01:07:34 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=23708
Change 23708 by chris at chris_holly on 2003/01/13 17:07:30
Finish the system "check" entry points.
Affected files ...
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#20 edit
Differences ...
==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#20 (text+ko) ====
@@ -5202,6 +5202,264 @@
<errorcode>EPERM</errorcode> for lack of privilege, or
<errorcode>ESRCH</errorcode> to hide visibility.</para>
</sect3>
+
+ <sect3 id="mac-mpo-check-system-acct">
+ <title><function>&mac.mpo;_check_system_acct</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>int
+ <function>&mac.mpo;_check_system_acct</function></funcdef>
+
+ <paramdef>struct ucred
+ *<parameter>ucred</parameter></paramdef>
+ <paramdef>struct vnode
+ *<parameter>vp</parameter></paramdef>
+ <paramdef>struct label
+ *<parameter>vlabel</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ <tbody>
+ <row>
+ <entry><parameter>ucred</parameter></entry>
+ <entry>Subject credential</entry>
+ </row>
+
+ <row>
+ <entry><parameter>vp</parameter></entry>
+ <entry>Accounting file; &man.acct.5;</entry>
+ </row>
+
+ <row>
+ <entry><parameter>vlabel</parameter></entry>
+ <entry>Label associated with
+ <parameter>vp</parameter></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Determine whether the subject should be allowed to
+ enable accounting, based on its label and the label of the
+ accounting log file.</para>
+ </sect3>
+
+ <sect3 id="mac-mpo-check-system-nfsd">
+ <title><function>&mac.mpo;_check_system_nfsd</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>int
+ <function>&mac.mpo;_check_system_nfsd</function></funcdef>
+
+ <paramdef>struct ucred
+ *<parameter>cred</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ <tbody>
+ <row>
+ <entry><parameter>cred</parameter></entry>
+ <entry>Subject credential</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Determine whether the subject should be allowed to call
+ &man.nfssvc.2;.</para>
+ </sect3>
+
+ <sect3 id="mac-mpo-check-system-reboot">
+ <title><function>&mac.mpo;_check_system_reboot</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>int
+ <function>&mac.mpo;_check_system_reboot</function></funcdef>
+
+ <paramdef>struct ucred
+ *<parameter>cred</parameter></paramdef>
+ <paramdef>int <parameter>howto</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ <tbody>
+ <row>
+ <entry><parameter>cred</parameter></entry>
+ <entry>Subject credential</entry>
+ </row>
+
+ <row>
+ <entry><parameter>howto</parameter></entry>
+ <entry><parameter>howto</parameter> parameter from
+ &man.reboot.2;</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Determine whether the subject should be allowed to
+ reboot the system in the specified manner.</para>
+ </sect3>
+
+ <sect3 id="mac-mpo-check-system-settime">
+ <title><function>&mac.mpo;_check_system_settime</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>int
+ <function>&mac.mpo;_check_system_settime</function></funcdef>
+
+ <paramdef>struct ucred
+ *<parameter>cred</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ <tbody>
+ <row>
+ <entry><parameter>cred</parameter></entry>
+ <entry>Subject credential</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Determine whether the user should be allowed to set the
+ system clock.</para>
+ </sect3>
+
+ <sect3 id="mac-mpo-check-system-swapon">
+ <title><function>&mac.mpo;_check_system_swapon</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>int
+ <function>&mac.mpo;_check_system_swapon</function></funcdef>
+
+ <paramdef>struct ucred
+ *<parameter>cred</parameter></paramdef>
+ <paramdef>struct vnode
+ *<parameter>vp</parameter></paramdef>
+ <paramdef>struct label
+ *<parameter>vlabel</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ <tbody>
+ <row>
+ <entry><parameter>cred</parameter></entry>
+ <entry>Subject credential</entry>
+ </row>
+
+ <row>
+ <entry><parameter>vp</parameter></entry>
+ <entry>Swap device</entry>
+ </row>
+
+ <row>
+ <entry><parameter>vlabel</parameter></entry>
+ <entry>Label associated with
+ <parameter>vp</parameter></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Determine whether the subject should be allowed to add
+ <parameter>vp</parameter> as a swap device.</para>
+ </sect3>
+
+ <sect3 id="mac-mpo-check-system-sysctl">
+ <title><function>&mac.mpo;_check_system_sysctl</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>int
+ <function>&mac.mpo;_check_system_sysctl</function></funcdef>
+
+ <paramdef>struct ucred
+ *<parameter>cred</parameter></paramdef>
+ <paramdef>int *<parameter>name</parameter></paramdef>
+ <paramdef>u_int *<parameter>namelen</parameter></paramdef>
+ <paramdef>void *<parameter>old</parameter></paramdef>
+ <paramdef>size_t
+ *<parameter>oldlenp</parameter></paramdef>
+ <paramdef>int <parameter>inkernel</parameter></paramdef>
+ <paramdef>void *<parameter>new</parameter></paramdef>
+ <paramdef>size_t <parameter>newlen</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ <tbody>
+ <row>
+ <entry><parameter>cred</parameter></entry>
+ <entry>Subject credential</entry>
+ </row>
+
+ <row>
+ <entry><parameter>name</parameter></entry>
+ <entry morerows="3">See &man.sysctl.3;</entry>
+ </row>
+
+ <row>
+ <entry><parameter>namelen</parameter></entry>
+ </row>
+
+ <row>
+ <entry><parameter>old</parameter></entry>
+ </row>
+
+ <row>
+ <entry><parameter>oldlenp</parameter></entry>
+ </row>
+
+ <row>
+ <entry><parameter>inkernel</parameter></entry>
+ <entry>Boolean; <literal>1</literal> if called from
+ kernel</entry>
+ </row>
+
+ <row>
+ <entry><parameter>new</parameter></entry>
+ <entry morerows="1">See &man.sysctl.3;</entry>
+ </row>
+
+ <row>
+ <entry><parameter>newlen</parameter></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Determine whether the subject should be allowed to make
+ the specified &man.sysctl.3; transaction.</para>
+ </sect3>
</sect2>
<sect2 id="mac-label-management">
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list