Date: Wed, 1 May 2002 22:16:37 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 10653 for review Message-ID: <200205020516.g425Gbs86345@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=10653 Change 10653 by rwatson@rwatson_tislabs on 2002/05/01 22:15:57 Update various policies to know about the new flags field, and set the MPC_LOADTIME_FLAG_NOTLATE flag for Biba, MLS, TE, and SEBSD, since they need the opportunity to maintain labeling on all objects starting from system instantiation. They can be compiled as modules, but those modules must be loaded before the kernel starts booting; attempting to load them late in the boot, or following the boot, will fail. Affected files ... ... //depot/projects/trustedbsd/mac/sys/security/babyaudit/babyaudit.c#8 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#34 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#28 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_ifoff/mac_ifoff.c#6 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#28 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#25 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_seeotheruids/mac_seeotheruids.c#8 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#29 edit ... //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#4 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/babyaudit/babyaudit.c#8 (text+ko) ==== @@ -276,4 +276,4 @@ }; MAC_POLICY_SET(babyaudit_ops, trustedbsd_babyaudit, "TrustedBSD MAC/babyaudit", - 0); + 0, 0); ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#34 (text+ko) ==== @@ -1219,5 +1219,6 @@ { MAC_OP_LAST, NULL } }; -MAC_POLICY_SET(mac_biba_ops, trustedbsd_mac_biba, "TrustedBSD MAC/Biba", 1); +MAC_POLICY_SET(mac_biba_ops, trustedbsd_mac_biba, "TrustedBSD MAC/Biba", + MPC_LOADTIME_FLAG_NOTLATE, 1); #endif /* !MAC */ ==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#28 (text+ko) ==== @@ -671,4 +671,4 @@ }; MAC_POLICY_SET(mac_bsdextended_ops, trustedbsd_mac_bsdextended, - "TrustedBSD MAC/BSD Extended", 0); + "TrustedBSD MAC/BSD Extended", 0, 0); ==== //depot/projects/trustedbsd/mac/sys/security/mac_ifoff/mac_ifoff.c#6 (text+ko) ==== @@ -166,4 +166,5 @@ { MAC_OP_LAST, NULL } }; -MAC_POLICY_SET(mac_ifoff_ops, trustedbsd_mac_ifoff, "TrustedBSD MAC/ifoff", 0); +MAC_POLICY_SET(mac_ifoff_ops, trustedbsd_mac_ifoff, "TrustedBSD MAC/ifoff", + 0, 0); ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#28 (text+ko) ==== @@ -1152,5 +1152,6 @@ { MAC_OP_LAST, NULL } }; -MAC_POLICY_SET(mac_mls_ops, trustedbsd_mac_mls, "TrustedBSD MAC/MLS", 1); +MAC_POLICY_SET(mac_mls_ops, trustedbsd_mac_mls, "TrustedBSD MAC/MLS", + MPC_LOADTIME_FLAG_NOTLATE, 1); #endif /* !MAC */ ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#25 (text+ko) ==== @@ -768,6 +768,6 @@ { MAC_OP_LAST, NULL } }; -MAC_POLICY_SET(mac_none_ops, trustedbsd_mac_none, "TrustedBSD MAC/None", 0); +MAC_POLICY_SET(mac_none_ops, trustedbsd_mac_none, "TrustedBSD MAC/None", 0, 0); #endif /* !MAC */ ==== //depot/projects/trustedbsd/mac/sys/security/mac_seeotheruids/mac_seeotheruids.c#8 (text+ko) ==== @@ -173,4 +173,4 @@ }; MAC_POLICY_SET(mac_seeotheruids_ops, trustedbsd_mac_seeotheruids, - "TrustedBSD MAC/seeotheruids", 0); + "TrustedBSD MAC/seeotheruids", 0, 0); ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#29 (text+ko) ==== @@ -1238,6 +1238,7 @@ { MAC_OP_LAST, NULL } }; -MAC_POLICY_SET(mac_te_ops, trustedbsd_mac_te, "TrustedBSD MAC/TE", 1); +MAC_POLICY_SET(mac_te_ops, trustedbsd_mac_te, "TrustedBSD MAC/TE", + MPC_LOADTIME_FLAG_NOTLATE, 1); #endif /* !MAC */ ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#4 (text+ko) ==== @@ -123,6 +123,7 @@ { MAC_OP_LAST, NULL } }; -MAC_POLICY_SET(sebsd_ops, trustedbsd_sebsd, "Security Enhanced BSD", 1); +MAC_POLICY_SET(sebsd_ops, trustedbsd_sebsd, "Security Enhanced BSD", + MPC_LOADTIME_FLAG_NOTLATE, 1); #endif /* !MAC */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205020516.g425Gbs86345>