PERFORCE change 76615 for review
Andrew Reisse
areisse at FreeBSD.org
Fri May 6 14:33:14 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=76615
Change 76615 by areisse at areisse_ibook on 2005/05/06 14:32:21
Bring over flask configuration changes from selinux version
2004081908 (networking changes, booleans).
Affected files ...
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_perm_to_string.h#2 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_permissions.h#2 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/class_to_string.h#2 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/initial_sid_to_string.h#2 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask.h#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/access_vectors#2 integrate
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/initial_sids#2 integrate
Differences ...
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_perm_to_string.h#2 (text+ko) ====
@@ -31,6 +31,9 @@
{ SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto" },
{ SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn" },
{ SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom" },
+ { SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind" },
+ { SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind" },
+ { SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind" },
{ SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv" },
{ SECCLASS_NODE, NODE__TCP_SEND, "tcp_send" },
{ SECCLASS_NODE, NODE__UDP_RECV, "udp_recv" },
@@ -54,6 +57,7 @@
{ SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld" },
{ SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill" },
{ SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop" },
+ { SECCLASS_PROCESS, PROCESS__SIGNULL, "signull" },
{ SECCLASS_PROCESS, PROCESS__SIGNAL, "signal" },
{ SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace" },
{ SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched" },
@@ -64,30 +68,28 @@
{ SECCLASS_PROCESS, PROCESS__GETCAP, "getcap" },
{ SECCLASS_PROCESS, PROCESS__SETCAP, "setcap" },
{ SECCLASS_PROCESS, PROCESS__SHARE, "share" },
+ { SECCLASS_PROCESS, PROCESS__GETATTR, "getattr" },
+ { SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec" },
+ { SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate" },
{ SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure" },
+ { SECCLASS_PROCESS, PROCESS__SIGINH, "siginh" },
+ { SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit" },
+ { SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh" },
{ SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue" },
{ SECCLASS_MSG, MSG__SEND, "send" },
{ SECCLASS_MSG, MSG__RECEIVE, "receive" },
+ { SECCLASS_MSG, MSG__DESTROY, "destroy" },
{ SECCLASS_SHM, SHM__LOCK, "lock" },
{ SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av" },
- { SECCLASS_SECURITY, SECURITY__NOTIFY_PERM, "notify_perm" },
- { SECCLASS_SECURITY, SECURITY__TRANSITION_SID, "transition_sid" },
- { SECCLASS_SECURITY, SECURITY__MEMBER_SID, "member_sid" },
- { SECCLASS_SECURITY, SECURITY__SID_TO_CONTEXT, "sid_to_context" },
- { SECCLASS_SECURITY, SECURITY__CONTEXT_TO_SID, "context_to_sid" },
+ { SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create" },
+ { SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member" },
+ { SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context" },
{ SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy" },
- { SECCLASS_SECURITY, SECURITY__GET_SIDS, "get_sids" },
- { SECCLASS_SECURITY, SECURITY__REGISTER_AVC, "register_avc" },
- { SECCLASS_SECURITY, SECURITY__CHANGE_SID, "change_sid" },
- { SECCLASS_SECURITY, SECURITY__GET_USER_SIDS, "get_user_sids" },
- { SECCLASS_SYSTEM, SYSTEM__NET_IO_CONTROL, "net_io_control" },
- { SECCLASS_SYSTEM, SYSTEM__ROUTE_CONTROL, "route_control" },
- { SECCLASS_SYSTEM, SYSTEM__ARP_CONTROL, "arp_control" },
- { SECCLASS_SYSTEM, SYSTEM__RARP_CONTROL, "rarp_control" },
+ { SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel" },
+ { SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user" },
+ { SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce" },
+ { SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool" },
{ SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info" },
- { SECCLASS_SYSTEM, SYSTEM__AVC_TOGGLE, "avc_toggle" },
- { SECCLASS_SYSTEM, SYSTEM__NFSD_CONTROL, "nfsd_control" },
- { SECCLASS_SYSTEM, SYSTEM__BDFLUSH, "bdflush" },
{ SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read" },
{ SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod" },
{ SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console" },
@@ -98,23 +100,11 @@
{ SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner" },
{ SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid" },
{ SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill" },
- { SECCLASS_CAPABILITY, CAPABILITY__LINK_DIR, "link_dir" },
{ SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap" },
{ SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid" },
{ SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid" },
- { SECCLASS_CAPABILITY, CAPABILITY__MAC_DOWNGRADE, "mac_downgrade" },
- { SECCLASS_CAPABILITY, CAPABILITY__MAC_READ, "mac_read" },
- { SECCLASS_CAPABILITY, CAPABILITY__MAC_RELABEL_SUBJ, "mac_relabel_subj" },
- { SECCLASS_CAPABILITY, CAPABILITY__MAC_UPGRADE, "mac_upgrade" },
- { SECCLASS_CAPABILITY, CAPABILITY__MAC_WRITE, "mac_write" },
- { SECCLASS_CAPABILITY, CAPABILITY__INF_NOFLOAT_OBJ, "inf_nofloat_obj" },
- { SECCLASS_CAPABILITY, CAPABILITY__INF_NOFLOAT_SUBJ, "inf_nofloat_subj" },
- { SECCLASS_CAPABILITY, CAPABILITY__INF_RELABEL_OBJ, "inf_relabel_obj" },
- { SECCLASS_CAPABILITY, CAPABILITY__INF_RELABEL_SUBJ, "inf_relabel_subj" },
{ SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control" },
{ SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write" },
- { SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap" },
- { SECCLASS_CAPABILITY, CAPABILITY__XXX_INVALID1, "xxx_invalid1" },
{ SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable" },
{ SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service" },
{ SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast" },
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_permissions.h#2 (text+ko) ====
@@ -280,6 +280,7 @@
#define TCP_SOCKET__CONNECTTO 0x0000000001000000UL
#define TCP_SOCKET__NEWCONN 0x0000000002000000UL
#define TCP_SOCKET__ACCEPTFROM 0x0000000004000000UL
+#define TCP_SOCKET__NODE_BIND 0x0000000008000000UL
#define UDP_SOCKET__TRANSITION 0x0000000000000400UL
#define UDP_SOCKET__SHUTDOWN 0x0000000000040000UL
@@ -306,6 +307,8 @@
#define UDP_SOCKET__IOCTL 0x0000000000000002UL
#define UDP_SOCKET__RELABELTO 0x0000000000000200UL
+#define UDP_SOCKET__NODE_BIND 0x0000000001000000UL
+
#define RAWIP_SOCKET__TRANSITION 0x0000000000000400UL
#define RAWIP_SOCKET__SHUTDOWN 0x0000000000040000UL
#define RAWIP_SOCKET__POLL 0x0000000000000001UL
@@ -331,6 +334,8 @@
#define RAWIP_SOCKET__IOCTL 0x0000000000000002UL
#define RAWIP_SOCKET__RELABELTO 0x0000000000000200UL
+#define RAWIP_SOCKET__NODE_BIND 0x0000000001000000UL
+
#define NODE__TCP_RECV 0x0000000000000001UL
#define NODE__TCP_SEND 0x0000000000000002UL
#define NODE__UDP_RECV 0x0000000000000004UL
@@ -482,17 +487,24 @@
#define PROCESS__SIGCHLD 0x0000000000000004UL
#define PROCESS__SIGKILL 0x0000000000000008UL
#define PROCESS__SIGSTOP 0x0000000000000010UL
-#define PROCESS__SIGNAL 0x0000000000000020UL
-#define PROCESS__PTRACE 0x0000000000000040UL
-#define PROCESS__GETSCHED 0x0000000000000080UL
-#define PROCESS__SETSCHED 0x0000000000000100UL
-#define PROCESS__GETSESSION 0x0000000000000200UL
-#define PROCESS__GETPGID 0x0000000000000400UL
-#define PROCESS__SETPGID 0x0000000000000800UL
-#define PROCESS__GETCAP 0x0000000000001000UL
-#define PROCESS__SETCAP 0x0000000000002000UL
-#define PROCESS__SHARE 0x0000000000004000UL
-#define PROCESS__NOATSECURE 0x0000000000008000UL
+#define PROCESS__SIGNULL 0x0000000000000020UL
+#define PROCESS__SIGNAL 0x0000000000000040UL
+#define PROCESS__PTRACE 0x0000000000000080UL
+#define PROCESS__GETSCHED 0x0000000000000100UL
+#define PROCESS__SETSCHED 0x0000000000000200UL
+#define PROCESS__GETSESSION 0x0000000000000400UL
+#define PROCESS__GETPGID 0x0000000000000800UL
+#define PROCESS__SETPGID 0x0000000000001000UL
+#define PROCESS__GETCAP 0x0000000000002000UL
+#define PROCESS__SETCAP 0x0000000000004000UL
+#define PROCESS__SHARE 0x0000000000008000UL
+#define PROCESS__GETATTR 0x0000000000010000UL
+#define PROCESS__SETEXEC 0x0000000000020000UL
+#define PROCESS__SETFSCREATE 0x0000000000040000UL
+#define PROCESS__NOATSECURE 0x0000000000080000UL
+#define PROCESS__SIGINH 0x0000000000100000UL
+#define PROCESS__SETRLIMIT 0x0000000000200000UL
+#define PROCESS__RLIMITINH 0x0000000000400000UL
#define IPC__WRITE 0x0000000000000020UL
#define IPC__UNIX_WRITE 0x0000000000000100UL
@@ -528,6 +540,7 @@
#define MSG__SEND 0x0000000000000001UL
#define MSG__RECEIVE 0x0000000000000002UL
+#define MSG__DESTROY 0x0000000000000004UL
#define SHM__WRITE 0x0000000000000020UL
#define SHM__UNIX_WRITE 0x0000000000000100UL
@@ -542,28 +555,19 @@
#define SHM__LOCK 0x0000000000000200UL
#define SECURITY__COMPUTE_AV 0x0000000000000001UL
-#define SECURITY__NOTIFY_PERM 0x0000000000000002UL
-#define SECURITY__TRANSITION_SID 0x0000000000000004UL
-#define SECURITY__MEMBER_SID 0x0000000000000008UL
-#define SECURITY__SID_TO_CONTEXT 0x0000000000000010UL
-#define SECURITY__CONTEXT_TO_SID 0x0000000000000020UL
-#define SECURITY__LOAD_POLICY 0x0000000000000040UL
-#define SECURITY__GET_SIDS 0x0000000000000080UL
-#define SECURITY__REGISTER_AVC 0x0000000000000100UL
-#define SECURITY__CHANGE_SID 0x0000000000000200UL
-#define SECURITY__GET_USER_SIDS 0x0000000000000400UL
+#define SECURITY__COMPUTE_CREATE 0x0000000000000002UL
+#define SECURITY__COMPUTE_MEMBER 0x0000000000000004UL
+#define SECURITY__CHECK_CONTEXT 0x0000000000000008UL
+#define SECURITY__LOAD_POLICY 0x0000000000000010UL
+#define SECURITY__COMPUTE_RELABEL 0x0000000000000020UL
+#define SECURITY__COMPUTE_USER 0x0000000000000040UL
+#define SECURITY__SETENFORCE 0x0000000000000080UL
+#define SECURITY__SETBOOL 0x0000000000000100UL
-#define SYSTEM__NET_IO_CONTROL 0x0000000000000001UL
-#define SYSTEM__ROUTE_CONTROL 0x0000000000000002UL
-#define SYSTEM__ARP_CONTROL 0x0000000000000004UL
-#define SYSTEM__RARP_CONTROL 0x0000000000000008UL
-#define SYSTEM__IPC_INFO 0x0000000000000010UL
-#define SYSTEM__AVC_TOGGLE 0x0000000000000020UL
-#define SYSTEM__NFSD_CONTROL 0x0000000000000040UL
-#define SYSTEM__BDFLUSH 0x0000000000000080UL
-#define SYSTEM__SYSLOG_READ 0x0000000000000100UL
-#define SYSTEM__SYSLOG_MOD 0x0000000000000200UL
-#define SYSTEM__SYSLOG_CONSOLE 0x0000000000000400UL
+#define SYSTEM__IPC_INFO 0x0000000000000001UL
+#define SYSTEM__SYSLOG_READ 0x0000000000000002UL
+#define SYSTEM__SYSLOG_MOD 0x0000000000000004UL
+#define SYSTEM__SYSLOG_CONSOLE 0x0000000000000008UL
#define CAPABILITY__CHOWN 0x0000000000000001UL
#define CAPABILITY__DAC_EXECUTE 0x0000000000000002UL
@@ -572,43 +576,31 @@
#define CAPABILITY__FOWNER 0x0000000000000010UL
#define CAPABILITY__FSETID 0x0000000000000020UL
#define CAPABILITY__KILL 0x0000000000000040UL
-#define CAPABILITY__LINK_DIR 0x0000000000000080UL
-#define CAPABILITY__SETFCAP 0x0000000000000100UL
-#define CAPABILITY__SETGID 0x0000000000000200UL
-#define CAPABILITY__SETUID 0x0000000000000400UL
-#define CAPABILITY__MAC_DOWNGRADE 0x0000000000000800UL
-#define CAPABILITY__MAC_READ 0x0000000000001000UL
-#define CAPABILITY__MAC_RELABEL_SUBJ 0x0000000000002000UL
-#define CAPABILITY__MAC_UPGRADE 0x0000000000004000UL
-#define CAPABILITY__MAC_WRITE 0x0000000000008000UL
-#define CAPABILITY__INF_NOFLOAT_OBJ 0x0000000000010000UL
-#define CAPABILITY__INF_NOFLOAT_SUBJ 0x0000000000020000UL
-#define CAPABILITY__INF_RELABEL_OBJ 0x0000000000040000UL
-#define CAPABILITY__INF_RELABEL_SUBJ 0x0000000000080000UL
-#define CAPABILITY__AUDIT_CONTROL 0x0000000000100000UL
-#define CAPABILITY__AUDIT_WRITE 0x0000000000200000UL
-#define CAPABILITY__SETPCAP 0x0000000000400000UL
-#define CAPABILITY__XXX_INVALID1 0x0000000000800000UL
-#define CAPABILITY__LINUX_IMMUTABLE 0x0000000001000000UL
-#define CAPABILITY__NET_BIND_SERVICE 0x0000000002000000UL
-#define CAPABILITY__NET_BROADCAST 0x0000000004000000UL
-#define CAPABILITY__NET_ADMIN 0x0000000008000000UL
-#define CAPABILITY__NET_RAW 0x0000000010000000UL
-#define CAPABILITY__IPC_LOCK 0x0000000020000000UL
-#define CAPABILITY__IPC_OWNER 0x0000000040000000UL
-#define CAPABILITY__SYS_MODULE 0x000000007fffffffUL
-#define CAPABILITY__SYS_RAWIO 0x0000000100000000UL
-#define CAPABILITY__SYS_CHROOT 0x0000000200000000UL
-#define CAPABILITY__SYS_PTRACE 0x0000000400000000UL
-#define CAPABILITY__SYS_PACCT 0x0000000800000000UL
-#define CAPABILITY__SYS_ADMIN 0x0000001000000000UL
-#define CAPABILITY__SYS_BOOT 0x0000002000000000UL
-#define CAPABILITY__SYS_NICE 0x0000004000000000UL
-#define CAPABILITY__SYS_RESOURCE 0x0000008000000000UL
-#define CAPABILITY__SYS_TIME 0x0000010000000000UL
-#define CAPABILITY__SYS_TTY_CONFIG 0x0000020000000000UL
-#define CAPABILITY__MKNOD 0x0000040000000000UL
-#define CAPABILITY__LEASE 0x0000080000000000UL
+#define CAPABILITY__SETFCAP 0x0000000000000080UL
+#define CAPABILITY__SETGID 0x0000000000000100UL
+#define CAPABILITY__SETUID 0x0000000000000200UL
+#define CAPABILITY__AUDIT_CONTROL 0x0000000000000400UL
+#define CAPABILITY__AUDIT_WRITE 0x0000000000000800UL
+#define CAPABILITY__LINUX_IMMUTABLE 0x0000000000001000UL
+#define CAPABILITY__NET_BIND_SERVICE 0x0000000000002000UL
+#define CAPABILITY__NET_BROADCAST 0x0000000000004000UL
+#define CAPABILITY__NET_ADMIN 0x0000000000008000UL
+#define CAPABILITY__NET_RAW 0x0000000000010000UL
+#define CAPABILITY__IPC_LOCK 0x0000000000020000UL
+#define CAPABILITY__IPC_OWNER 0x0000000000040000UL
+#define CAPABILITY__SYS_MODULE 0x0000000000080000UL
+#define CAPABILITY__SYS_RAWIO 0x0000000000100000UL
+#define CAPABILITY__SYS_CHROOT 0x0000000000200000UL
+#define CAPABILITY__SYS_PTRACE 0x0000000000400000UL
+#define CAPABILITY__SYS_PACCT 0x0000000000800000UL
+#define CAPABILITY__SYS_ADMIN 0x0000000001000000UL
+#define CAPABILITY__SYS_BOOT 0x0000000002000000UL
+#define CAPABILITY__SYS_NICE 0x0000000004000000UL
+#define CAPABILITY__SYS_RESOURCE 0x0000000008000000UL
+#define CAPABILITY__SYS_TIME 0x0000000010000000UL
+#define CAPABILITY__SYS_TTY_CONFIG 0x0000000020000000UL
+#define CAPABILITY__MKNOD 0x0000000040000000UL
+#define CAPABILITY__LEASE 0x000000007fffffffUL
#define MACH_PORT__RELABELFROM 0x0000000000000001UL
#define MACH_PORT__RELABELTO 0x0000000000000002UL
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/class_to_string.h#2 (text+ko) ====
@@ -35,6 +35,10 @@
"shm",
"ipc",
"mach_port",
+ "port_methods1",
+ "port_methods2",
+ "port_methods3",
+ "port_methods4",
"mach_task",
};
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/initial_sid_to_string.h#2 (text+ko) ====
@@ -30,6 +30,8 @@
"devpts",
"nfs",
"policy",
+ "scmp_packet",
+ "devnull",
"tmpfs",
};
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask.h#3 (text+ko) ====
@@ -74,8 +74,10 @@
#define SECINITSID_DEVPTS 26
#define SECINITSID_NFS 27
#define SECINITSID_POLICY 28
-#define SECINITSID_TMPFS 29
+#define SECINITSID_SCMP_PACKET 29
+#define SECINITSID_DEVNULL 30
+#define SECINITSID_TMPFS 31
-#define SECINITSID_NUM 29
+#define SECINITSID_NUM 31
#endif
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/access_vectors#2 (text+ko) ====
@@ -160,13 +160,20 @@
connectto
newconn
acceptfrom
+ node_bind
}
class udp_socket
inherits socket
+{
+ node_bind
+}
class rawip_socket
inherits socket
+{
+ node_bind
+}
class node
{
@@ -220,10 +227,11 @@
{
fork
transition
- sigchld
- sigkill
- sigstop
- signal
+ sigchld # commonly granted from child to parent
+ sigkill # cannot be caught or ignored
+ sigstop # cannot be caught or ignored
+ signull # for kill(pid, 0)
+ signal # all other signals
ptrace
getsched
setsched
@@ -233,7 +241,13 @@
getcap
setcap
share
+ getattr
+ setexec
+ setfscreate
noatsecure
+ siginh
+ setrlimit
+ rlimitinh
}
@@ -257,6 +271,7 @@
{
send
receive
+ destroy
}
class shm
@@ -265,7 +280,6 @@
lock
}
-
#
# Define the access vector interpretation for the security server.
#
@@ -273,16 +287,14 @@
class security
{
compute_av
- notify_perm
- transition_sid
- member_sid
- sid_to_context
- context_to_sid
+ compute_create
+ compute_member
+ check_context
load_policy
- get_sids
- register_avc
- change_sid
- get_user_sids
+ compute_relabel
+ compute_user
+ setenforce # was avc_toggle in system class
+ setbool
}
@@ -292,15 +304,8 @@
class system
{
- net_io_control
- route_control
- arp_control
- rarp_control
ipc_info
- avc_toggle
- nfsd_control
- bdflush
- syslog_read
+ syslog_read
syslog_mod
syslog_console
}
@@ -322,23 +327,11 @@
fowner
fsetid
kill
- link_dir
setfcap
setgid
setuid
- mac_downgrade
- mac_read
- mac_relabel_subj
- mac_upgrade
- mac_write
- inf_nofloat_obj
- inf_nofloat_subj
- inf_relabel_obj
- inf_relabel_subj
audit_control
audit_write
- setpcap
- xxx_invalid1
linux_immutable
net_bind_service
net_broadcast
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/initial_sids#2 (text+ko) ====
@@ -32,6 +32,8 @@
sid devpts
sid nfs
sid policy
+sid scmp_packet
+sid devnull
sid tmpfs
# FLASK
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list