PERFORCE change 87605 for review

Thu Dec 1 21:22:59 GMT 2005

http://perforce.freebsd.org/chv.cgi?CH=87605

Change 87605 by millert at millert_g4tower on 2005/12/01 21:22:48

	Man page updates from DSEP

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/darwin/adv_cmds/ps.tproj/ps.1#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/file_cmds/ls/ls.1#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/Makefile#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac.3#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac.4#1 add
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac.conf.5#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_execve.3#1 add
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_free.3#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_get.3#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_is_present_np.3#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_set.3#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_text.3#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/maclabel.7#1 add

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/adv_cmds/ps.tproj/ps.1#3 (text+ko) ====

@@ -168,7 +168,8 @@
 .It Fl Z
 Add label to the list of keywords for which
 .Nm
-will display information.
+will display information.  This will display label information for
+loaded MAC Framework policies, configured in /etc/mac.conf.
 .El
 .Pp
 A complete list of the available keywords are listed below.
@@ -490,6 +491,7 @@
 .Xr kill 1 ,
 .Xr w 1 ,
 .Xr kvm 3 ,
+.Xr mac.conf 5 ,
 .Xr strftime 3 ,
 .Xr procfs 5 ,
 .Xr pstat 8

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/file_cmds/ls/ls.1#3 (text+ko) ====

@@ -44,7 +44,7 @@
 .Nd list directory contents
 .Sh SYNOPSIS
 .Nm
-.Op Fl ACFLRSTWacdfgiklnoqrstux1
+.Op Fl ACFLRSTWZacdfgiklnoqrstux1
 .Op Ar file ...
 .Sh DESCRIPTION
 For each operand that names a
@@ -99,6 +99,9 @@
 month, day, hour, minute, second, and year.
 .It Fl W
 Display whiteouts when scanning directories.
+.It Fl Z
+Display each file's MAC label; see
+.Xr maclabel 7 .
 .It Fl a
 Include directory entries whose names begin with a
 dot (.).
@@ -352,6 +355,7 @@
 specification.
 .Sh SEE ALSO
 .Xr chmod 1 ,
+.Xr maclabel 7 ,
 .Xr symlink 7 ,
 .Xr sticky 8
 .Sh STANDARDS

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/Makefile#3 (text+ko) ====

@@ -16,6 +16,14 @@
 	$(INSTALL) -o $(LIBOWN) -g $(LIBGRP) -m 0644 lib$(LIB).a \
 		$(DESTDIR)/usr/lib
 	$(RANLIB) $(DESTDIR)/usr/lib/lib$(LIB).a
+	$(INSTALL) -d $(DESTDIR)/usr/share/man/man3
+	$(INSTALL) -d $(DESTDIR)/usr/share/man/man4
+	$(INSTALL) -d $(DESTDIR)/usr/share/man/man7
+	$(INSTALL) -c -m 444 mac.4 $(DSTROOT)/usr/share/man/man4/
+	$(INSTALL) -c -m 444 maclabel.7 $(DSTROOT)/usr/share/man/man7/
+	$(INSTALL) -c -m 444 mac.3 mac_free.3 mac_get.3 mac_is_present_np.3 \
+		mac_prepare.3 mac_set.3 mac_text.3 mac_execve.3 mac_syscall.3 \
+		$(DSTROOT)/usr/share/man/man3/
 
 clean:
 	rm -f lib$(LIB).a $(OBJS) security.c

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac.3#3 (text+ko) ====

@@ -1,4 +1,5 @@
 .\" Copyright (c) 2001, 2003 Networks Associates Technology, Inc.
+.\" Copyright (c) 2005 SPARTA, Inc.
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by Chris
@@ -37,7 +38,7 @@
 .Nm mac
 .Nd introduction to the MAC security API
 .Sh LIBRARY
-.Lb libc
+The MAC Framework Library (libmac, -lmac)
 .Sh SYNOPSIS
 .In sys/mac.h
 .Pp
@@ -155,7 +156,6 @@
 .Xr mac_text 3 ,
 .Xr mac 4 ,
 .Xr mac.conf 5 ,
-.Xr mac 9
 .Sh STANDARDS
 These APIs are loosely based on the APIs described in POSIX.1e.
 POSIX.1e is described in IEEE POSIX.1e draft 17.
@@ -182,6 +182,3 @@
 .Fx .
 Sites considering production deployment should keep the experimental
 status of these services in mind during any deployment process.
-See also
-.Xr mac 9
-for related considerations regarding the kernel framework.

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac.conf.5#3 (text+ko) ====

@@ -89,7 +89,6 @@
 .Xr mac_get 3 ,
 .Xr mac_prepare 3 ,
 .Xr mac 4 ,
-.Xr mac 9
 .Sh HISTORY
 Support for Mandatory Access Control was introduced in
 .Fx 5.0
@@ -104,6 +103,3 @@
 .Fx .
 Sites considering production deployment should keep the experimental
 status of these services in mind during any deployment process.
-See also
-.Xr mac 9
-for related considerations regarding the kernel framework.

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_free.3#3 (text+ko) ====

@@ -40,7 +40,7 @@
 .Nm mac_free
 .Nd free MAC label
 .Sh LIBRARY
-.Lb libc
+The MAC Framework Library (libmac, -lmac)
 .Sh SYNOPSIS
 .In sys/mac.h
 .Ft int
@@ -64,8 +64,7 @@
 .Xr mac_prepare 3 ,
 .Xr mac_set 3 ,
 .Xr mac_text 3 ,
-.Xr mac 4 ,
-.Xr mac 9
+.Xr mac 4
 .Sh STANDARDS
 POSIX.1e is described in IEEE POSIX.1e draft 17.
 Discussion of the draft

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_get.3#3 (text+ko) ====

@@ -36,10 +36,13 @@
 .Sh NAME
 .Nm mac_get_file ,
 .Nm mac_get_fd ,
+.Nm mac_get_lctx ,
+.Nm mac_get_lcid ,
+.Nm mac_get_pid ,
 .Nm mac_get_proc
 .Nd get the label of a file, socket, socket peer or process
 .Sh LIBRARY
-.Lb libc
+The MAC Framework Library (libmac, -lmac)
 .Sh SYNOPSIS
 .In sys/mac.h
 .Ft int
@@ -47,6 +50,10 @@
 .Ft int
 .Fn mac_get_fd "int fd" "mac_t label"
 .Ft int
+.Fn mac_get_lcid "pid_t lcid" "mac_t label"
+.Ft int
+.Fn mac_get_lctx "mac_t label"
+.Ft int
 .Fn mac_get_pid "pid_t pid" "mac_t label"
 .Ft int
 .Fn mac_get_proc "mac_t label"
@@ -70,6 +77,18 @@
 .Xr getsockopt 2 .
 .Pp
 The
+.Fn mac_get_lctx
+and
+.Fn mac_get_lcid
+functions fill in
+.Fa label
+(which must first be allocated by
+.Xr mac_prepare 3 )
+with the MAC label associated
+with the Login Context of the requesting process
+or the specified Login Context, respectively.
+.Pp
+The
 .Fn mac_get_proc
 and
 .Fn mac_get_pid
@@ -113,8 +132,7 @@
 .Xr mac_text 3 ,
 .Xr mac_prepare 3 ,
 .Xr mac_set 3 ,
-.Xr mac 4 ,
-.Xr mac 9
+.Xr mac 4
 .Sh STANDARDS
 POSIX.1e is described in IEEE POSIX.1e draft 17.
 Discussion of the draft

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_is_present_np.3#3 (text+ko) ====

@@ -37,7 +37,7 @@
 .Nm mac_is_present_np
 .Nd report whether the running system has MAC support
 .Sh LIBRARY
-.Lb libc
+.Lb libmac
 .Sh SYNOPSIS
 .In sys/mac.h
 .Ft int
@@ -77,5 +77,4 @@
 .Xr mac_prepare 3 ,
 .Xr mac_set 3 ,
 .Xr mac_text 3 ,
-.Xr mac 4 ,
-.Xr mac 9
+.Xr mac 4

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_set.3#3 (text+ko) ====

@@ -36,10 +36,11 @@
 .Sh NAME
 .Nm mac_set_file ,
 .Nm mac_set_fd ,
+.Nm mac_set_lctx ,
 .Nm mac_set_proc
-.Nd set the MAC label for a file or process
+.Nd set the MAC label for a file, login context or process
 .Sh LIBRARY
-.Lb libc
+The MAC Framework Library (libmac, -lmac)
 .Sh SYNOPSIS
 .In sys/mac.h
 .Ft int
@@ -49,6 +50,8 @@
 .Ft int
 .Fn mac_set_fd "int fd" "mac_t label"
 .Ft int
+.Fn mac_set_lctx "mac_t label"
+.Ft int
 .Fn mac_set_proc "mac_t label"
 .Sh DESCRIPTION
 The
@@ -73,6 +76,12 @@
 .Fn mac_set_file ,
 except that it does not follow symlinks.
 The
+.Fn mac_set_lctx
+function associates the MAC label
+specified by
+.Fa label
+with the login context the current process is a member of, if any.
+The
 .Fn mac_set_proc
 function associates the MAC label
 specified by
@@ -85,7 +94,7 @@
 the owner of the file,
 or has appropriate privileges.
 .Sh RETURN VALUES
-.Rv -std mac_set_fd mac_set_file mac_set_link mac_set_proc
+.Rv -std mac_set_fd mac_set_file mac_set_link mac_set_lctx mac_set_proc
 .Sh ERRORS
 .Bl -tag -width Er
 .It Bq Er EACCES

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/libmac/mac_text.3#3 (text+ko) ====

@@ -38,7 +38,7 @@
 .Nm mac_to_text
 .Nd convert MAC label to/from text representation
 .Sh LIBRARY
-.Lb libc
+The MAC Framework Library (libmac, -lmac)
 .Sh SYNOPSIS
 .In sys/mac.h
 .Ft int
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

