PERFORCE change 23728 for review
Chris Costello
chris at freebsd.org
Tue Jan 14 08:48:11 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=23728
Change 23728 by chris at chris_holly on 2003/01/14 00:47:34
Complete the file system objects and IPC objects' labeling event
operations sections.
Affected files ...
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#29 edit
Differences ...
==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#29 (text+ko) ====
@@ -1918,6 +1918,55 @@
file system is mounted, regenerated, or a new device is made
available.</para>
</sect4>
+
+ <sect4 id="mac-mpo-create-devfs-directory">
+ <title><function>&mac.mpo;_create_devfs_directory</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>void
+ <function>&mac.mpo;_create_devfs_directory</function></funcdef>
+
+ <paramdef>char *<parameter>dirname</parameter></paramdef>
+ <paramdef>int <parameter>dirnamelen</parameter></paramdef>
+ <paramdef>struct devfs_dirent
+ *<parameter>devfs_dirent</parameter></paramdef>
+ <paramdef>struct label
+ *<parameter>label</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ <tbody>
+ <row>
+ <entry><parameter>dirname</parameter></entry>
+ <entry>Name of directory being created</entry>
+ </row>
+
+ <row>
+ <entry><parameter>namelen</parameter></entry>
+ <entry>Length of string
+ <parameter>dirname</parameter></entry>
+ </row>
+
+ <row>
+ <entry><parameter>devfs_dirent</parameter></entry>
+ <entry>Devfs directory entry for directory being
+ created.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Fill out the label on a devfs_dirent being created for
+ the passed directory. This call will be made when the device
+ file system is mounted, regenerated, or a new device
+ requiring a specific directory hierarchy is made
+ available.</para>
+ </sect4>
<sect4 id="mac-mpo-create-devfs-symlink">
<title><function>&mac.mpo;_create_devfs_symlink</function></title>
@@ -1986,55 +2035,91 @@
a newly created &man.devfs.5; symbolic link entry.</para>
</sect4>
- <sect4 id="mac-mpo-create-devfs-directory">
- <title><function>&mac.mpo;_create_devfs_directory</function></title>
-
+ <sect4 id="mac-mpo-create-vnode-extattr">
+ <title><function>&mac.mpo;_create_vnode_extattr</function></title>
+
<funcsynopsis>
<funcprototype>
- <funcdef>void
- <function>&mac.mpo;_create_devfs_directory</function></funcdef>
-
- <paramdef>char *<parameter>dirname</parameter></paramdef>
- <paramdef>int <parameter>dirnamelen</parameter></paramdef>
- <paramdef>struct devfs_dirent
- *<parameter>devfs_dirent</parameter></paramdef>
+ <funcdef>int
+ <function>&mac.mpo;_create_vnode_extattr</function></funcdef>
+
+ <paramdef>struct ucred
+ *<parameter>cred</parameter></paramdef>
+ <paramdef>struct mount
+ *<parameter>mp</parameter></paramdef>
+ <paramdef>struct label
+ *<parameter>fslabel</parameter></paramdef>
+ <paramdef>struct vnode
+ *<parameter>dvp</parameter></paramdef>
+ <paramdef>struct label
+ *<parameter>dlabel</parameter></paramdef>
+ <paramdef>struct vnode
+ *<parameter>vp</parameter></paramdef>
<paramdef>struct label
- *<parameter>label</parameter></paramdef>
+ *<parameter>vlabel</parameter></paramdef>
+ <paramdef>struct componentname
+ *<parameter>cnp</parameter></paramdef>
</funcprototype>
</funcsynopsis>
-
+
<informaltable>
<tgroup cols="3">
&mac.thead;
-
+
<tbody>
<row>
- <entry><parameter>dirname</parameter></entry>
- <entry>Name of directory being created</entry>
+ <entry><parameter>cred</parameter></entry>
+ <entry>Subject credential</entry>
+ </row>
+
+ <row>
+ <entry><parameter>mount</parameter></entry>
+ <entry>File system mount point</entry>
+ </row>
+
+ <row>
+ <entry><parameter>label</parameter></entry>
+ <entry>File system label</entry>
+ </row>
+
+ <row>
+ <entry><parameter>dvp</parameter></entry>
+ <entry>Parent directory vnode</entry>
+ </row>
+
+ <row>
+ <entry><parameter>dlabel</parameter></entry>
+ <entry>Label associated with
+ <parameter>dvp</parameter></entry>
+ </row>
+
+ <row>
+ <entry><parameter>vp</parameter></entry>
+ <entry>Newly created vnode</entry>
</row>
-
+
<row>
- <entry><parameter>namelen</parameter></entry>
- <entry>Length of string
- <parameter>dirname</parameter></entry>
+ <entry><parameter>vlabel</parameter></entry>
+ <entry>Policy label associated with
+ <parameter>vp</parameter></entry>
</row>
-
+
<row>
- <entry><parameter>devfs_dirent</parameter></entry>
- <entry>Devfs directory entry for directory being
- created.</entry>
+ <entry><parameter>cnp</parameter></entry>
+ <entry>Component name for
+ <parameter>vp</parameter></entry>
</row>
</tbody>
</tgroup>
</informaltable>
-
- <para>Fill out the label on a devfs_dirent being created for
- the passed directory. This call will be made when the device
- file system is mounted, regenerated, or a new device
- requiring a specific directory hierarchy is made
- available.</para>
+
+ <para>Write out the label for <parameter>vp</parameter> to
+ the appropriate extended attribute. If the write
+ succeeds, fill in <parameter>vlabel</parameter> with the
+ label, and return <returnvalue>0</returnvalue>. Otherwise,
+ return an appropriate error.</para>
</sect4>
-
+
<sect4 id="mac-mpo-create-mount">
<title><function>&mac.mpo;_create_mount</function></title>
@@ -2127,92 +2212,59 @@
&mac.mpo;_create_mount;.</para>
</sect4>
- <sect4 id="mac-mpo-create-vnode-extattr">
- <title><function>&mac.mpo;_create_vnode_extattr</function></title>
-
+ <sect4 id="mac-mpo-relabel-vnode">
+ <title><function>&mac.mpo;_relabel_vnode</function></title>
+
<funcsynopsis>
<funcprototype>
- <funcdef>int
- <function>&mac.mpo;_create_vnode_extattr</function></funcdef>
-
+ <funcdef>void
+ <function>&mac.mpo;_relabel_vnode</function></funcdef>
+
<paramdef>struct ucred
*<parameter>cred</parameter></paramdef>
- <paramdef>struct mount
- *<parameter>mp</parameter></paramdef>
- <paramdef>struct label
- *<parameter>fslabel</parameter></paramdef>
<paramdef>struct vnode
- *<parameter>dvp</parameter></paramdef>
+ *<parameter>vp</parameter></paramdef>
<paramdef>struct label
- *<parameter>dlabel</parameter></paramdef>
- <paramdef>struct vnode
- *<parameter>vp</parameter></paramdef>
+ *<parameter>vnodelabel</parameter></paramdef>
<paramdef>struct label
- *<parameter>vlabel</parameter></paramdef>
- <paramdef>struct componentname
- *<parameter>cnp</parameter></paramdef>
+ *<parameter>newlabel</parameter></paramdef>
</funcprototype>
</funcsynopsis>
-
+
<informaltable>
<tgroup cols="3">
&mac.thead;
-
+
<tbody>
<row>
<entry><parameter>cred</parameter></entry>
<entry>Subject credential</entry>
</row>
-
- <row>
- <entry><parameter>mount</parameter></entry>
- <entry>File system mount point</entry>
- </row>
-
+
<row>
- <entry><parameter>label</parameter></entry>
- <entry>File system label</entry>
- </row>
-
- <row>
- <entry><parameter>dvp</parameter></entry>
- <entry>Parent directory vnode</entry>
- </row>
-
- <row>
- <entry><parameter>dlabel</parameter></entry>
- <entry>Label associated with
- <parameter>dvp</parameter></entry>
- </row>
-
- <row>
<entry><parameter>vp</parameter></entry>
- <entry>Newly created vnode</entry>
+ <entry>vnode to relabel</entry>
</row>
-
+
<row>
- <entry><parameter>vlabel</parameter></entry>
- <entry>Policy label associated with
+ <entry><parameter>vnodelabel</parameter></entry>
+ <entry>Existing policy label for
<parameter>vp</parameter></entry>
</row>
-
+
<row>
- <entry><parameter>cnp</parameter></entry>
- <entry>Component name for
- <parameter>vp</parameter></entry>
+ <entry><parameter>newlabel</parameter></entry>
+ <entry>New, possibly partial label to replace
+ <parameter>vnodelabel</parameter></entry>
</row>
</tbody>
</tgroup>
</informaltable>
-
- <para>Write out the label for <parameter>vp</parameter> to
- the appropriate extended attribute. If the write
- succeeds, fill in <parameter>vlabel</parameter> with the
- label, and return <returnvalue>0</returnvalue>. Otherwise,
- return an appropriate error.</para>
+
+ <para>Update the label on the passed vnode given the passed
+ update vnode label and the passed subject credential.</para>
</sect4>
-
<sect4 id="mac-mpo-setlabel-vnode-extattr">
<title><function>&mac.mpo;_setlabel_vnode_extattr</function></title>
@@ -2481,8 +2533,60 @@
created.</para>
</sect4>
+ <sect4 id="mac-mpo-create-socket-from-socket">
+ <title><function>&mac.mpo;_create_socket_from_socket</function></title>
+
+ <funcsynopsis>
+ <funcprototype>
+ <funcdef>void
+ <function>&mac.mpo;_create_socket_from_socket</function></funcdef>
+
+ <paramdef>struct socket
+ *<parameter>oldsocket</parameter></paramdef>
+ <paramdef>struct label
+ *<parameter>oldsocketlabel</parameter></paramdef>
+ <paramdef>struct socket
+ *<parameter>newsocket</parameter></paramdef>
+ <paramdef>struct label
+ *<parameter>newsocketlabel</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ <informaltable>
+ <tgroup cols="3">
+ &mac.thead;
+
+ <tbody>
+ <row>
+ <entry><parameter>oldsocket</parameter></entry>
+ <entry>Listening socket</entry>
+ </row>
+ <row>
+ <entry><parameter>oldsocketlabel</parameter></entry>
+ <entry>Policy label associated with
+ <parameter>oldsocket</parameter></entry>
+ </row>
+ <row>
+ <entry><parameter>newsocket</parameter></entry>
+ <entry>New socket</entry>
+ </row>
+
+ <row>
+ <entry><parameter>newsocketlabel</parameter></entry>
+ <entry>Policy label associated with
+ <parameter>newsocketlabel</parameter></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+
+ <para>Label a socket, <parameter>newsocket</parameter>,
+ newly &man.accept.2;ed, based on the &man.listen.2;
+ socket, <parameter>oldsocket</parameter>.</para>
+ </sect4>
+
<sect4 id="mac-mpo-relabel-pipe">
<title><function>&mac.mpo;_relabel_pipe</function></title>
@@ -7234,59 +7338,6 @@
calls are not permitted to fail (failure should be reported
earlier in the relabel check).</para>
- <sect3 id="mac-mpo-relabel-vnode">
- <title><function>&mac.mpo;_relabel_vnode</function></title>
-
- <funcsynopsis>
- <funcprototype>
- <funcdef>void
- <function>&mac.mpo;_relabel_vnode</function></funcdef>
-
- <paramdef>struct ucred
- *<parameter>cred</parameter></paramdef>
- <paramdef>struct vnode
- *<parameter>vp</parameter></paramdef>
- <paramdef>struct label
- *<parameter>vnodelabel</parameter></paramdef>
- <paramdef>struct label
- *<parameter>newlabel</parameter></paramdef>
- </funcprototype>
- </funcsynopsis>
-
- <informaltable>
- <tgroup cols="3">
- &mac.thead;
-
- <tbody>
- <row>
- <entry><parameter>cred</parameter></entry>
- <entry>Subject credential</entry>
- </row>
-
- <row>
- <entry><parameter>vp</parameter></entry>
- <entry>vnode to relabel</entry>
- </row>
-
- <row>
- <entry><parameter>vnodelabel</parameter></entry>
- <entry>Existing policy label for
- <parameter>vp</parameter></entry>
- </row>
-
- <row>
- <entry><parameter>newlabel</parameter></entry>
- <entry>New, possibly partial label to replace
- <parameter>vnodelabel</parameter></entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
-
- <para>Update the label on the passed vnode given the passed
- update vnode label and the passed subject credential.</para>
- </sect3>
-
<sect3 id="mac-mpo-destroy-vnode">
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list