From owner-p4-projects Wed Oct 23 18:34:35 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id B5DF837B404; Wed, 23 Oct 2002 18:34:16 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 49A3337B401 for ; Wed, 23 Oct 2002 18:34:16 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8232643E42 for ; Wed, 23 Oct 2002 18:34:15 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id g9O1XYmV051836 for ; Wed, 23 Oct 2002 18:33:34 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id g9O1XXvX051833 for perforce@freebsd.org; Wed, 23 Oct 2002 18:33:33 -0700 (PDT) Date: Wed, 23 Oct 2002 18:33:33 -0700 (PDT) Message-Id: <200210240133.g9O1XXvX051833@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 20007 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=20007 Change 20007 by rwatson@rwatson_tislabs on 2002/10/23 18:33:07 Loop back recent MAC commits from the main FreeBSD tree to the TrustedBSD base tree: ls, ps flags. Affected files ... .. //depot/projects/trustedbsd/base/bin/ls/Makefile#6 integrate .. //depot/projects/trustedbsd/base/bin/ls/lomac.c#8 delete .. //depot/projects/trustedbsd/base/bin/ls/lomac.h#4 delete .. //depot/projects/trustedbsd/base/bin/ls/ls.1#12 integrate .. //depot/projects/trustedbsd/base/bin/ls/ls.c#12 integrate .. //depot/projects/trustedbsd/base/bin/ls/ls.h#6 integrate .. //depot/projects/trustedbsd/base/bin/ls/print.c#11 integrate .. //depot/projects/trustedbsd/base/bin/ps/Makefile#7 integrate .. //depot/projects/trustedbsd/base/bin/ps/extern.h#8 integrate .. //depot/projects/trustedbsd/base/bin/ps/keyword.c#11 integrate .. //depot/projects/trustedbsd/base/bin/ps/lomac.c#7 delete .. //depot/projects/trustedbsd/base/bin/ps/lomac.h#4 delete .. //depot/projects/trustedbsd/base/bin/ps/print.c#10 integrate .. //depot/projects/trustedbsd/base/bin/ps/ps.1#11 integrate .. //depot/projects/trustedbsd/base/bin/ps/ps.c#12 integrate .. //depot/projects/trustedbsd/base/lib/libc/posix1e/posix1e.3#4 integrate .. //depot/projects/trustedbsd/base/libexec/ftpd/Makefile#7 integrate .. //depot/projects/trustedbsd/base/sys/modules/Makefile#31 integrate .. //depot/projects/trustedbsd/base/sys/security/mac_partition/mac_partition.c#1 branch .. //depot/projects/trustedbsd/base/sys/security/mac_partition/mac_partition.h#1 branch Differences ... ==== //depot/projects/trustedbsd/base/bin/ls/Makefile#6 (text+ko) ==== @@ -1,8 +1,8 @@ # @(#)Makefile 8.1 (Berkeley) 6/2/93 -# $FreeBSD: src/bin/ls/Makefile,v 1.23 2002/02/04 03:06:50 kris Exp $ +# $FreeBSD: src/bin/ls/Makefile,v 1.24 2002/10/24 00:07:30 rwatson Exp $ PROG= ls -SRCS= cmp.c lomac.c ls.c print.c util.c +SRCS= cmp.c ls.c print.c util.c NO_WERROR=1 WFORMAT=0 DPADD= ${LIBM} ==== //depot/projects/trustedbsd/base/bin/ls/ls.1#12 (text+ko) ==== @@ -33,7 +33,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)ls.1 8.7 (Berkeley) 7/29/94 -.\" $FreeBSD: src/bin/ls/ls.1,v 1.69 2002/08/21 17:32:34 trhodes Exp $ +.\" $FreeBSD: src/bin/ls/ls.1,v 1.70 2002/10/24 00:07:30 rwatson Exp $ .\" .Dd May 19, 2002 .Dt LS 1 @@ -146,7 +146,7 @@ .It Fl W Display whiteouts when scanning directories. .It Fl Z -Display each file's LOMAC level. +Display each file's MAC label. .It Fl a Include directory entries whose names begin with a dot @@ -303,7 +303,7 @@ is displayed for each file: file mode, number of links, owner name, group name, -LOMAC level, +MAC label, number of bytes in the file, abbreviated month, day-of-month file was last modified, hour file last modified, minute file last @@ -618,11 +618,6 @@ files in order to be compatible with the .St -p1003.2 specification. -.Sh FILES -.Bl -tag -width ".Pa /dev/lomac" -compact -.It Pa /dev/lomac -interface used to query the -.Xr lomac 4 KLD .El .Sh SEE ALSO @@ -630,7 +625,6 @@ .Xr chmod 1 , .Xr sort 1 , .Xr xterm 1 , -.Xr lomac 4 , .Xr termcap 5 , .Xr symlink 7 , .Xr sticky 8 ==== //depot/projects/trustedbsd/base/bin/ls/ls.c#12 (text+ko) ==== @@ -46,11 +46,12 @@ #endif /* not lint */ #endif #include -__FBSDID("$FreeBSD: src/bin/ls/ls.c,v 1.67 2002/10/18 10:59:45 tjr Exp $"); +__FBSDID("$FreeBSD: src/bin/ls/ls.c,v 1.68 2002/10/24 00:07:30 rwatson Exp $"); #include #include #include +#include #include #include @@ -71,7 +72,6 @@ #include "ls.h" #include "extern.h" -#include "lomac.h" /* * Upward approximation of the maximum number of characters needed to @@ -80,7 +80,7 @@ */ #define STRBUF_SIZEOF(t) (1 + CHAR_BIT * sizeof(t) / 3 + 1) -static void display(FTSENT *, FTSENT *); +static void display(FTSENT *, FTSENT *, int); static u_quad_t makenines(u_long); static int mastercmp(const FTSENT * const *, const FTSENT * const *); static void traverse(int, char **, int); @@ -118,7 +118,7 @@ static int f_timesort; /* sort by time vice name */ int f_type; /* add type character for non-regular files */ static int f_whiteout; /* show whiteout entries */ - int f_lomac; /* show LOMAC attributes */ + int f_label; /* show MAC label */ #ifdef COLORLS int f_color; /* add type in color for non-regular files */ @@ -300,7 +300,7 @@ f_octal_escape = 0; break; case 'Z': - f_lomac = 1; + f_label = 1; break; default: case '?': @@ -440,7 +440,7 @@ fts_open(argv, options, f_nosort ? NULL : mastercmp)) == NULL) err(1, "fts_open"); - display(NULL, fts_children(ftsp, 0)); + display(NULL, fts_children(ftsp, 0), options); if (f_listdir) return; @@ -480,7 +480,7 @@ output = 1; } chp = fts_children(ftsp, ch_options); - display(p, chp); + display(p, chp, options); if (!f_recursive && chp != NULL) (void)fts_set(ftsp, p, FTS_SKIP); @@ -498,14 +498,15 @@ * points to the parent directory of the display list. */ static void -display(FTSENT *p, FTSENT *list) +display(FTSENT *p, FTSENT *list, int options) { struct stat *sp; DISPLAY d; FTSENT *cur; NAMES *np; off_t maxsize; - u_long btotal, lattrlen, maxblock, maxinode, maxlen, maxnlink, maxlattr; + u_long btotal, labelstrlen, maxblock, maxinode, maxlen, maxnlink; + u_long maxlabelstr; int bcfile, maxflags; gid_t maxgroup; uid_t maxuser; @@ -513,7 +514,7 @@ char *initmax; int entries, needstats; const char *user, *group; - char *flags, *lattr = NULL; + char *flags, *labelstr = NULL; char buf[STRBUF_SIZEOF(u_quad_t) + 1]; char ngroup[STRBUF_SIZEOF(uid_t) + 1]; char nuser[STRBUF_SIZEOF(gid_t) + 1]; @@ -533,7 +534,7 @@ btotal = 0; initmax = getenv("LS_COLWIDTHS"); /* Fields match -lios order. New ones should be added at the end. */ - maxlattr = maxblock = maxinode = maxlen = maxnlink = + maxlabelstr = maxblock = maxinode = maxlen = maxnlink = maxuser = maxgroup = maxflags = maxsize = 0; if (initmax != NULL && *initmax != '\0') { char *initmax2, *jinitmax; @@ -563,7 +564,7 @@ ninitmax = sscanf(jinitmax, " %lu : %lu : %lu : %i : %i : %i : %llu : %lu : %lu ", &maxinode, &maxblock, &maxnlink, &maxuser, - &maxgroup, &maxflags, &maxsize, &maxlen, &maxlattr); + &maxgroup, &maxflags, &maxsize, &maxlen, &maxlabelstr); f_notabs = 1; switch (ninitmax) { case 0: @@ -591,7 +592,7 @@ maxlen = 0; /* FALLTHROUGH */ case 8: - maxlattr = 0; + maxlabelstr = 0; /* FALLTHROUGH */ #ifdef COLORLS if (!f_color) @@ -606,8 +607,6 @@ maxnlink = makenines(maxnlink); maxsize = makenines(maxsize); } - if (f_lomac) - lomac_start(); bcfile = 0; flags = NULL; for (cur = list, entries = 0; cur; cur = cur->fts_link) { @@ -684,16 +683,51 @@ maxflags = flen; } else flen = 0; - lattr = NULL; - if (f_lomac) { - lattr = get_lattr(cur); - lattrlen = strlen(lattr); - if (lattrlen > maxlattr) - maxlattr = lattrlen; + labelstr = NULL; + if (f_label) { + mac_t label; + int error; + + error = mac_prepare_file_label(&label); + if (error == -1) { + fprintf(stderr, "%s: %s\n", + cur->fts_name, + strerror(errno)); + goto label_out; + } + + if (options & FTS_LOGICAL) + error = mac_get_file( + cur->fts_path, label); + else + error = mac_get_link( + cur->fts_name, label); + if (error == -1) { + perror(cur->fts_name); + mac_free(label); + goto label_out; + } + + error = mac_to_text(label, + &labelstr); + if (error == -1) { + fprintf(stderr, "%s: %s\n", + cur->fts_name, + strerror(errno)); + mac_free(label); + goto label_out; + } + mac_free(label); +label_out: + if (labelstr == NULL) + labelstr = strdup(""); + labelstrlen = strlen(labelstr); + if (labelstrlen > maxlabelstr) + maxlabelstr = labelstrlen; } else - lattrlen = 0; + labelstrlen = 0; - if ((np = malloc(sizeof(NAMES) + lattrlen + + if ((np = malloc(sizeof(NAMES) + labelstrlen + ulen + glen + flen + 4)) == NULL) err(1, "malloc"); @@ -711,11 +745,11 @@ (void)strcpy(np->flags, flags); free(flags); } - if (f_lomac) { - np->lattr = &np->data[ulen + glen + 2 + if (f_label) { + np->label = &np->data[ulen + glen + 2 + (f_flags ? flen + 1 : 0)]; - (void)strcpy(np->lattr, lattr); - free(lattr); + (void)strcpy(np->label, labelstr); + free(labelstr); } cur->fts_pointer = np; } @@ -735,7 +769,7 @@ (void)snprintf(buf, sizeof(buf), "%lu", maxblock); d.s_block = strlen(buf); d.s_flags = maxflags; - d.s_lattr = maxlattr; + d.s_label = maxlabelstr; d.s_group = maxgroup; (void)snprintf(buf, sizeof(buf), "%lu", maxinode); d.s_inode = strlen(buf); @@ -751,8 +785,6 @@ if (f_longform) for (cur = list; cur; cur = cur->fts_link) free(cur->fts_pointer); - if (f_lomac) - lomac_stop(); } /* ==== //depot/projects/trustedbsd/base/bin/ls/ls.h#6 (text+ko) ==== @@ -35,7 +35,7 @@ * SUCH DAMAGE. * * from: @(#)ls.h 8.1 (Berkeley) 5/31/93 - * $FreeBSD: src/bin/ls/ls.h,v 1.18 2002/05/19 02:51:36 tjr Exp $ + * $FreeBSD: src/bin/ls/ls.h,v 1.19 2002/10/24 00:07:30 rwatson Exp $ */ #define NO_PRINT 1 @@ -45,7 +45,7 @@ extern int f_accesstime; /* use time of last access */ extern int f_flags; /* show flags associated with a file */ extern int f_humanval; /* show human-readable file sizes */ -extern int f_lomac; /* show LOMAC attributes */ +extern int f_label; /* show MAC label */ extern int f_inode; /* print inode */ extern int f_longform; /* long listing format */ extern int f_octal; /* print unprintables in octal */ @@ -70,7 +70,7 @@ int maxlen; u_int s_block; u_int s_flags; - u_int s_lattr; + u_int s_label; u_int s_group; u_int s_inode; u_int s_nlink; @@ -82,6 +82,6 @@ char *user; char *group; char *flags; - char *lattr; + char *label; char data[1]; } NAMES; ==== //depot/projects/trustedbsd/base/bin/ls/print.c#11 (text+ko) ==== @@ -40,7 +40,7 @@ #endif /* not lint */ #endif #include -__FBSDID("$FreeBSD: src/bin/ls/print.c,v 1.60 2002/10/23 10:20:01 markm Exp $"); +__FBSDID("$FreeBSD: src/bin/ls/print.c,v 1.61 2002/10/24 00:07:30 rwatson Exp $"); #include #include @@ -182,8 +182,8 @@ np->group); if (f_flags) (void)printf("%-*s ", dp->s_flags, np->flags); - if (f_lomac) - (void)printf("%-*s ", dp->s_lattr, np->lattr); + if (f_label) + (void)printf("%-*s ", dp->s_label, np->label); if (S_ISCHR(sp->st_mode) || S_ISBLK(sp->st_mode)) if (minor(sp->st_rdev) > 255 || minor(sp->st_rdev) < 0) (void)printf("%3d, 0x%08x ", ==== //depot/projects/trustedbsd/base/bin/ps/Makefile#7 (text+ko) ==== @@ -1,8 +1,8 @@ -# $FreeBSD: src/bin/ps/Makefile,v 1.21 2002/07/08 15:48:39 jmallett Exp $ +# $FreeBSD: src/bin/ps/Makefile,v 1.22 2002/10/24 00:00:57 rwatson Exp $ # @(#)Makefile 8.1 (Berkeley) 6/2/93 PROG= ps -SRCS= fmt.c keyword.c nlist.c print.c ps.c lomac.c +SRCS= fmt.c keyword.c nlist.c print.c ps.c # # To support "lazy" ps for non root/wheel users # add -DLAZY_PS to the cflags. This helps ==== //depot/projects/trustedbsd/base/bin/ps/extern.h#8 (text+ko) ==== @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)extern.h 8.3 (Berkeley) 4/2/94 - * $FreeBSD: src/bin/ps/extern.h,v 1.27 2002/10/02 20:32:50 jhb Exp $ + * $FreeBSD: src/bin/ps/extern.h,v 1.28 2002/10/24 00:00:57 rwatson Exp $ */ struct kinfo; @@ -54,7 +54,7 @@ const char *fmt_argv(char **, char *, size_t); double getpcpu(const KINFO *); void kvar(KINFO *, VARENT *); -void lattr(KINFO *, VARENT *); +void label(KINFO *, VARENT *); void logname(KINFO *, VARENT *); void longtname(KINFO *, VARENT *); void lstarted(KINFO *, VARENT *); @@ -71,6 +71,7 @@ void rgroupname(KINFO *, VARENT *); void runame(KINFO *, VARENT *); void rvar(KINFO *, VARENT *); +int s_label(KINFO *); int s_rgroupname(KINFO *); int s_runame(KINFO *); int s_uname(KINFO *); ==== //depot/projects/trustedbsd/base/bin/ps/keyword.c#11 (text+ko) ==== @@ -37,7 +37,7 @@ #endif /* not lint */ #endif #include -__FBSDID("$FreeBSD: src/bin/ps/keyword.c,v 1.57 2002/10/02 20:32:50 jhb Exp $"); +__FBSDID("$FreeBSD: src/bin/ps/keyword.c,v 1.58 2002/10/24 00:00:57 rwatson Exp $"); #include #include @@ -95,13 +95,14 @@ 0}, {"ktrace", "KTRACE", NULL, 0, kvar, NULL, 8, KOFF(ki_traceflag), INT, "x", 0}, + {"label", "LABEL", NULL, LJUST|DSIZ, label, s_label, SHRT_MAX, 0, CHAR, + NULL, 0}, {"lim", "LIM", NULL, 0, maxrss, NULL, 5, 0, CHAR, NULL, 0}, {"login", "LOGIN", NULL, LJUST, logname, NULL, MAXLOGNAME-1, 0, CHAR, NULL, 0}, {"logname", "", "login", 0, NULL, NULL, 0, 0, CHAR, NULL, 0}, {"lstart", "STARTED", NULL, LJUST|USER, lstarted, NULL, 28, 0, CHAR, NULL, 0}, - {"lvl", "LVL", NULL, LJUST, lattr, NULL, 3, 0, CHAR, NULL, 0}, {"majflt", "MAJFLT", NULL, USER, rvar, NULL, 4, ROFF(ru_majflt), LONG, "ld", 0}, {"minflt", "MINFLT", NULL, USER, rvar, NULL, 4, ROFF(ru_minflt), ==== //depot/projects/trustedbsd/base/bin/ps/print.c#10 (text+ko) ==== @@ -37,7 +37,7 @@ #endif /* not lint */ #endif #include -__FBSDID("$FreeBSD: src/bin/ps/print.c,v 1.74 2002/10/02 20:32:50 jhb Exp $"); +__FBSDID("$FreeBSD: src/bin/ps/print.c,v 1.75 2002/10/24 00:00:57 rwatson Exp $"); #include #include @@ -45,6 +45,7 @@ #include #include +#include #include #include @@ -62,7 +63,6 @@ #include #include -#include "lomac.h" #include "ps.h" #define ps_pgtok(a) (((a) * getpagesize()) / 1024) @@ -726,10 +726,53 @@ } void -lattr(KINFO *k, VARENT *ve) +label(KINFO *k, VARENT *ve) { + char *string; + mac_t label; + int error; VAR *v; v = ve->var; - (void)printf("%-*d", v->width, get_lattr(k->ki_p->ki_pid)); + string = NULL; + + if (mac_prepare_process_label(&label) == -1) { + perror("mac_prepare_process_label"); + goto out; + } + + error = mac_get_pid(k->ki_p->ki_pid, label); + if (error == 0) { + if (mac_to_text(label, &string) == -1) + string = NULL; + } + mac_free(label); + +out: + if (string != NULL) { + (void)printf("%-*s", v->width, string); + free(string); + } else + (void)printf("%-*s", v->width, ""); + return; +} + +int +s_label(KINFO *k) +{ + char *string = NULL; + mac_t label; + int error, size = 0; + + if (mac_prepare_process_label(&label) == -1) { + perror("mac_prepare_process_label"); + return (0); + } + error = mac_get_pid(k->ki_p->ki_pid, label); + if (error == 0 && mac_to_text(label, &string) == 0) { + size = strlen(string); + free(string); + } + mac_free(label); + return (size); } ==== //depot/projects/trustedbsd/base/bin/ps/ps.1#11 (text+ko) ==== @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)ps.1 8.3 (Berkeley) 4/18/94 -.\" $FreeBSD: src/bin/ps/ps.1,v 1.58 2002/10/02 20:32:50 jhb Exp $ +.\" $FreeBSD: src/bin/ps/ps.1,v 1.59 2002/10/24 00:00:57 rwatson Exp $ .\" .Dd April 18, 1994 .Dt PS 1 @@ -184,7 +184,7 @@ .It Fl x Display information about processes without controlling terminals. .It Fl Z -Add lvl to the list of keywords for which +Add label to the list of keywords for which .Nm will display information. .El @@ -224,14 +224,14 @@ .It Dv "P_OWEUPC" Ta No "0x20000 Owe process an addupc() call at next ast" .It Dv "P_SWAPPING" Ta No "0x40000 Process is being swapped" .El +.It label +The MAC label of the process. .It lim The soft limit on memory used, specified via a call to .Xr setrlimit 2 . .It lstart The exact time the command started, using the ``%c'' format described in .Xr strftime 3 . -.It lvl -The LOMAC level of the process. .It lockname The name of the lock that the process is currently blocked on. If the name is invalid or unknown, then @@ -390,14 +390,14 @@ job control count .It ktrace tracing flags +.It label +MAC label .It lim memoryuse limit .It logname login name of user who started the process .It lstart time started -.It lvl -LOMAC level .It majflt total page faults .It minflt ==== //depot/projects/trustedbsd/base/bin/ps/ps.c#12 (text+ko) ==== @@ -43,7 +43,7 @@ #endif /* not lint */ #endif #include -__FBSDID("$FreeBSD: src/bin/ps/ps.c,v 1.58 2002/09/03 05:44:00 jmallett Exp $"); +__FBSDID("$FreeBSD: src/bin/ps/ps.c,v 1.59 2002/10/24 00:00:57 rwatson Exp $"); #include #include @@ -64,7 +64,6 @@ #include #include -#include "lomac.h" #include "ps.h" #define SEP ", \t" /* username separators */ @@ -108,7 +107,7 @@ static char o2[] = "tt,state,time,command"; static char ufmt[] = "user,pid,%cpu,%mem,vsz,rss,tt,state,start,time,command"; static char vfmt[] = "pid,state,time,sl,re,pagein,vsz,rss,lim,tsiz,%cpu,%mem,command"; -static char Zfmt[] = "lvl"; +static char Zfmt[] = "label"; static kvm_t *kd; @@ -410,7 +409,6 @@ } } free(uids); - lomac_stop(); exit(eval); } @@ -653,7 +651,7 @@ { (void)fprintf(stderr, "%s\n%s\n%s\n", - "usage: ps [-aChjlmrSTuvwx] [-O|o fmt] [-p pid] [-t tty] [-U user]", + "usage: ps [-aChjlmrSTuvwxZ] [-O|o fmt] [-p pid] [-t tty] [-U user]", " [-M core] [-N system]", " ps [-L]"); exit(1); ==== //depot/projects/trustedbsd/base/lib/libc/posix1e/posix1e.3#4 (text+ko) ==== @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libc/posix1e/posix1e.3,v 1.22 2002/10/22 01:52:53 rwatson Exp $ +.\" $FreeBSD: src/lib/libc/posix1e/posix1e.3,v 1.24 2002/10/23 23:56:15 chris Exp $ .\" .Dd January 17, 2000 .Dt POSIX1E 3 @@ -41,14 +41,15 @@ .In sys/mac.h .Sh DESCRIPTION The IEEE POSIX.1e specification never left draft form, but the interfaces -it describes are now widely used despite inherent limitations. Currently, -only a few of the interfaces and features are implemented in +it describes are now widely used despite inherent limitations. +Currently, only a few of the interfaces and features are implemented in .Fx , although efforts are underway to complete the integration at this time. .Pp POSIX.1e describes five security extensions to the base POSIX.1 API: Access Control Lists (ACLs), Auditing, Capabilities, Mandatory Access -Control, and Information Flow Labels. Of these, the ACL interfaces are +Control, and Information Flow Labels. +Of these, the ACL interfaces are currently included with .Fx , Auditing, Capabilities, and Mandatory @@ -57,7 +58,8 @@ .Pp POSIX.1e defines both syntax and semantics for these features, but fairly substantial changes are required to implement these features in the -operating system. As shipped, +operating system. +As shipped, .Fx 4.0 permits file systems to export Access Control Lists via the VFS, and provides a library for userland @@ -69,7 +71,8 @@ .Fx currently provides documentation and APIs for fine-grained capability support, but implementation is currently not included in the base -system. Documentation of these API calls is provided in +system. +Documentation of these API calls is provided in .Xr cap 3 . .Pp Additional patches supporting POSIX.1e features are provided by the @@ -82,15 +85,17 @@ development at this time. .Sh ENVIRONMENT POSIX.1e assigns security labels to all objects, extending the security -functionality described in POSIX.1. These additional labels provide +functionality described in POSIX.1. +These additional labels provide fine-grained discretionary access control, fine-grained capabilities, -and labels necessary for mandatory access control. POSIX.2c describes -a set of userland utilities for manipulating these labels. These userland +and labels necessary for mandatory access control. +POSIX.2c describes +a set of userland utilities for manipulating these labels. +These userland utilities are not bundled with .Fx 4.0 so as to discourage their use in the short term. -.Sh FILES .Sh SEE ALSO .Xr acl 3 , .Xr cap 3 , @@ -100,9 +105,11 @@ .Xr extattr 9 , .Xr mac 9 .Sh STANDARDS -POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion -of the draft continues on the cross-platform POSIX.1e implementation -mailing list. To join this list, see the +POSIX.1e is described in IEEE POSIX.1e draft 17. +Discussion of the draft continues +on the cross-platform POSIX.1e implementation +mailing list. +To join this list, see the .Fx POSIX.1e implementation page for more information. ==== //depot/projects/trustedbsd/base/libexec/ftpd/Makefile#7 (text+ko) ==== @@ -1,5 +1,5 @@ # @(#)Makefile 8.2 (Berkeley) 4/4/94 -# $FreeBSD: src/libexec/ftpd/Makefile,v 1.50 2002/06/28 10:36:14 markm Exp $ +# $FreeBSD: src/libexec/ftpd/Makefile,v 1.51 2002/10/24 00:07:30 rwatson Exp $ PROG= ftpd MAN= ftpd.8 @@ -20,7 +20,7 @@ LSDIR= ../../bin/ls .PATH: ${.CURDIR}/${LSDIR} -SRCS+= ls.c cmp.c lomac.c print.c util.c +SRCS+= ls.c cmp.c print.c util.c CFLAGS+=-Dmain=ls_main -I${.CURDIR}/${LSDIR} DPADD+= ${LIBM} LDADD+= -lm ==== //depot/projects/trustedbsd/base/sys/modules/Makefile#31 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/sys/modules/Makefile,v 1.273 2002/10/23 15:53:09 jhb Exp $ +# $FreeBSD: src/sys/modules/Makefile,v 1.274 2002/10/23 23:36:26 rwatson Exp $ .if exists(${.CURDIR}/../opencrypto) && !defined(NOCRYPT) _crypto= crypto @@ -68,6 +68,7 @@ mac_ifoff \ mac_mls \ mac_none \ + mac_partition \ mac_seeotheruids \ mac_test \ mcd \ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message