Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 22 Aug 2003 10:36:24 -0700 (PDT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: src/lib/libc/posix1e mac.c
Message-ID:  <200308221736.h7MHaO4i027554@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 
rwatson     2003/08/22 10:36:24 PDT

  FreeBSD src repository

  Modified files:
    lib/libc/posix1e     mac.c 
  Log:
  As new objects begin to support new labels, start to generalize
  the default label support in /etc/mac.conf.  Rather than maintain
  each default label type in an explicit global variable in mac.c,
  keep a list of defaults loaded from the configuration file.
  Generalize the parsing so that we support both the older:
  
          default_file_labels foo
          default_ifnet_labels foo
          default_process_labels foo
  
  And also a new:
  
          default_labels file foo
          default_labels ifnet foo
          default_labels process foo
  
  We now accept arbitrary object classes in the first argument.  If
  the same object is specified more than once, we discard the
  earlier definition in favor of the later one.
  
  Add a new API, mac_prepare_type(), which accepts a mac_t to
  prepare, as well as an object name in the second argument, which
  will pull a default label set for the object out of the
  configuration loaded by mac_init_internal().  This permits the libc
  to adapt to new objects known about by applications but not by libc
  at compile-time.
  
  Also liberalize the error handling a bit: if we're using implicit
  initialization (i.e., the application didn't explicitly initialize
  the MAC code), ignore syntax errors and only use valid lines.  In
  the future, we may want to add explicit warnings and do this a
  bit more consistently.
  
  While here, add support for a MAC_CONFFILE environmental variable,
  which may be used to specify an alternative mac.conf configuration
  file if the application isn't running with modified privilege
  (issetugid()).
  
  Obtained from:  TrustedBSD Project
  Sponsored by:   DARPA, Network Associates Laboratories
  
  Revision  Changes    Path
  1.6       +192 -86   src/lib/libc/posix1e/mac.c

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308221736.h7MHaO4i027554>