PERFORCE change 80496 for review
Samy Al Bahra
samy at FreeBSD.org
Tue Jul 19 02:16:17 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=80496
Change 80496 by samy at samy_home on 2005/07/19 02:15:25
These changes introduce the __MAC_version define that was
introduced to improve third-party security policy support
as well as introduce the security.mac.version sysctl that
will allow the ports system proper integration of our new
MAC versioning scheme.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#445 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#279 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#445 (text+ko) ====
@@ -102,6 +102,13 @@
SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW, 0,
"TrustedBSD MAC policy controls");
+/*
+ * Export the MAC API version counter.
+ */
+static int mac_version = __MAC_version;
+SYSCTL_INT(_security_mac, OID_AUTO, version, CTLFLAG_RD,
+ &mac_version, 0, "MAC version");
+
#if MAC_MAX_SLOTS > 32
#error "MAC_MAX_SLOTS too large"
#endif
==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#279 (text+ko) ====
@@ -54,6 +54,21 @@
#endif
/*
+ * __MAC_version must be incremented with every API or
+ * ABI change to the MAC framework. Once in a branch,
+ * changes may not break existing ABI in a forward
+ * compatible way.
+ *
+ * The scheme is:
+ * <major>XXXX
+ *
+ * The major of 99 is reserved as a linear counter for
+ * MAC changes in -HEAD.
+ */
+#undef __MAC_version
+#define __MAC_version 990000
+
+/*
* MAC framework-related constants and limits.
*/
#define MAC_MAX_POLICY_NAME 32
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list