Date: Mon, 28 Oct 2002 16:08:28 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 20318 for review Message-ID: <200210290008.g9T08S8Q042030@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=20318 Change 20318 by rwatson@rwatson_tislabs on 2002/10/28 16:07:44 Integ a TrustedBSD base to loop back a number of cosmetic and less cosmetic MAC changes, including the merge of the mac.h oldmac removal, some cleanup in mac_biba.c. Affected files ... .. //depot/projects/trustedbsd/base/UPDATING#22 integrate .. //depot/projects/trustedbsd/base/lib/libc/posix1e/mac_text.3#2 integrate .. //depot/projects/trustedbsd/base/release/doc/fr_FR.ISO8859-1/installation/common/install.sgml#3 integrate .. //depot/projects/trustedbsd/base/share/man/man7/Makefile#9 integrate .. //depot/projects/trustedbsd/base/share/man/man7/maclabel.7#1 branch .. //depot/projects/trustedbsd/base/share/man/man9/style.9#14 integrate .. //depot/projects/trustedbsd/base/sys/geom/geom_disk.c#16 integrate .. //depot/projects/trustedbsd/base/sys/geom/geom_dump.c#11 integrate .. //depot/projects/trustedbsd/base/sys/geom/geom_int.h#5 integrate .. //depot/projects/trustedbsd/base/sys/geom/geom_kern.c#10 integrate .. //depot/projects/trustedbsd/base/sys/geom/geom_slice.c#12 integrate .. //depot/projects/trustedbsd/base/sys/geom/geom_sunlabel.c#7 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_mac.c#25 integrate .. //depot/projects/trustedbsd/base/sys/kern/uipc_socket.c#21 integrate .. //depot/projects/trustedbsd/base/sys/kern/uipc_usrreq.c#15 integrate .. //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.c#16 integrate .. //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.h#4 integrate .. //depot/projects/trustedbsd/base/sys/security/mac_mls/mac_mls.h#4 integrate .. //depot/projects/trustedbsd/base/sys/sys/mac.h#16 integrate .. //depot/projects/trustedbsd/base/sys/sys/sun_disklabel.h#2 integrate .. //depot/projects/trustedbsd/base/usr.bin/make/Makefile#8 integrate .. //depot/projects/trustedbsd/base/usr.bin/make/job.c#10 integrate .. //depot/projects/trustedbsd/base/usr.bin/make/nonints.h#7 integrate .. //depot/projects/trustedbsd/base/usr.bin/make/str.c#7 integrate .. //depot/projects/trustedbsd/base/usr.bin/make/var.c#10 integrate .. //depot/projects/trustedbsd/base/usr.bin/make/var.h#1 branch .. //depot/projects/trustedbsd/base/usr.bin/make/var_modify.c#1 branch .. //depot/projects/trustedbsd/base/usr.sbin/sysinstall/wizard.c#4 integrate Differences ... ==== //depot/projects/trustedbsd/base/UPDATING#22 (text+ko) ==== @@ -1030,7 +1030,7 @@ <make sure you have good level 0 dumps> <maybe fix /etc/fstab> [7] - make buildworld + make buildworld [9] make buildkernel KERNCONF=YOUR_KERNEL_HERE [8] cp src/sys/${MACHINE}/conf/GENERIC.hints /boot/device.hints [2] make installkernel KERNCONF=YOUR_KERNEL_HERE @@ -1111,6 +1111,8 @@ option in your kernel. Failure to do so may leave you with a system that is hard to boot to recover. + [9] When checking out sources, you must include the -P flag to have + cvs prune empty directories. FORMAT: This file contains a list, in reverse chronological order, of major @@ -1144,4 +1146,4 @@ Contact Warner Losh if you have any questions about your use of this document. -$FreeBSD: src/UPDATING,v 1.225 2002/10/27 06:31:37 imp Exp $ +$FreeBSD: src/UPDATING,v 1.226 2002/10/28 21:33:10 imp Exp $ ==== //depot/projects/trustedbsd/base/lib/libc/posix1e/mac_text.3#2 (text+ko) ==== @@ -31,7 +31,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libc/posix1e/mac_text.3,v 1.1 2002/08/02 21:14:42 rwatson Exp $ +.\" $FreeBSD: src/lib/libc/posix1e/mac_text.3,v 1.2 2002/10/28 23:06:04 chris Exp $ .Dd December 21, 2001 .Dt MAC_TEXT 3 .Sh NAME @@ -63,49 +63,9 @@ .Fa *len_p to the length of the returned string. .Pp -.Fx -uses the following format -for MAC policy text representations: -.Pp -.Dl Sy policy Ns No / Ns Sy qualifier -.Pp -Where -.Sy policy -can be one of -.Dq biba , -.Dq mls , -or -.Dq te . -.Pp -Valid labels can have the following arguments for -.Sy qualifier , -depending on the value of -.Sy policy . -.Bl -tag -width "Policy" -offset indent -.It Em Policy -.Em Qualifier -.It biba -.Dq high , -.Dq low , -.Dq equal , -or a numeric grade. -.It mls -.Dq high , -.Dq low , -.Dq equal , -or a numeric level. -.It te -Types for -.Dq te -consist of a type name which must -neither be empty nor exceed the length limit for the label. -.El -.Pp -All policies must be present -in a comma-separated list, -but may be in any order -(see -.Sx EXAMPLES ) . +Refer to +.Xr maclabel 7 +for the MAC label format. .Sh RETURN VALUES The .Fn mac_from_text @@ -130,13 +90,6 @@ upon failure, setting .Va errno to indicate the error. -.Sh EXAMPLES -The following are valid MAC labels: -.Bd -literal -offset indent -biba/high,mls/low,te/none -biba/low,mls/low,te/none -biba/low,mls/3,te/none -.Ed .Sh COMPATIBILITY POSIX.1e does not define a text format for text representations @@ -158,7 +111,8 @@ .Xr mac 3 , .Xr mac_free 3 , .Xr mac_get 3 , -.Xr mac_set 3 +.Xr mac_set 3 , +.Xr maclabel 7 .Sh STANDARDS POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion of the draft ==== //depot/projects/trustedbsd/base/release/doc/fr_FR.ISO8859-1/installation/common/install.sgml#3 (text+ko) ==== @@ -3,7 +3,7 @@ The FreeBSD French Documentation Project $Id$ - $FreeBSD: src/release/doc/fr_FR.ISO8859-1/installation/common/install.sgml,v 1.6 2002/10/27 20:26:56 gioria Exp $ + $FreeBSD: src/release/doc/fr_FR.ISO8859-1/installation/common/install.sgml,v 1.7 2002/10/28 21:46:50 gioria Exp $ Original revision: 1.14 This file has architecture-dependent installation instructions, culled @@ -645,7 +645,7 @@ </sect4> <sect4> - <title>Conseils d'installation NFS</title> + <title>Conseils d'installation via NFS</title> <para>L'installation via NFS est très simple: copiez simplement les fichiers des distributions de &os, dont vous @@ -684,104 +684,110 @@ </sect4> <sect4> - <title>FTP Installation tips</title> + <title>Conseils d'installation via FTP</title> - <para>FTP installation may be done from any mirror site containing a - reasonably up-to-date version of &os;. A full menu of - reasonable choices for almost any location in the world is - provided in the FTP site menu during installation.</para> + <para>L'installation via FTP peut se faire depuis n'importe + quel site mirroir raisonnablement à jour de &os;. Un menu + complet comportant un nombre de choix raisonnalbe pour + différents pays se trouve dans le menu site FTP lors de + l'installation.</para> - <para>If you are installing from some other FTP site not listed in - this menu, or you are having troubles getting your name server - configured properly, you can also specify your own URL by - selecting the <quote>URL</quote> choice in that menu. A URL can - contain a hostname or an IP address, so something like the following would - work in the absence of a name server:</para> + <para>Si vous installez depuis un autre site FTP que un de + ceux fournit dans le menu, ou si vous avez des soucis avec + votre serveur de noms, vous pouvez spécifier votre propre URL + en sélectionnant le choix <quote>URL</quote> dans le menu. Une + URL peut contenir un nom de machine ou une adresse IP, donc + quelque chose comme ce qui suit doit fonctionner en l'absence + d'un serveur de nom:</para> <screen>ftp://216.66.64.162/pub/FreeBSD/releases/&arch;/4.2-RELEASE</screen> - <para>There are three FTP installation modes you can use: + <para>Il y a trois modes d'installation FTP disponibles: <itemizedlist> <listitem> - <para>FTP: This method uses the standard - <quote>Active</quote> mode for transfers, in which the - server initiates a connection to the client. This will - not work through most firewalls but will often work best - with older FTP servers that do not support passive mode. - If your connection hangs with passive mode, try this - one.</para> + <para>FTP: Cette méthode utilise le mode + <quote>Actif</quote> standard pour les transferts. Ce + mode peut ne pas fonctionner correctement à travers la + plupart des firewalls mais risque de fonctionner très + bien avec les vieux serveurs FTP qui ne supporte pas le + mode passif. Si votre connection se bloque avec le mode + passif, utilisez ce mode.</para> </listitem> <listitem> - <para>FTP Passive: This sets the FTP "Passive" mode - which prevents the server from opening connections to - the client. This option is best for users to pass - through firewalls that do not allow incoming connections - on random port addresses.</para> + <para>FTP Passive: Ce mode active le mode FTP + "Passif". Cette option est la meilleure pour les + personnes nécessitant de traverser des firewalls qui + n'autorise pas les connexions entrantes sur des ports + aléatoires.</para> </listitem> <listitem> - <para>FTP via an HTTP proxy: This option instructs &os; - to use HTTP to connect to a proxy for all FTP - operations. The proxy will translate the requests and - send them to the FTP server. This allows the user to - pass through firewalls that do not allow FTP at all, but - offer an HTTP proxy. You must specify the hostname of - the proxy in addition to the FTP server.</para> + <para>FTP via an HTTP proxy: Cette option informe &os; + d'utiliser un proxy HTTP pour toute connexion FTP. Le + proxy transforme alors les requètes et les envoient au + serveur FTP. Cela permet à l'utilisateur de traverser + certains firewalls qui n'autorisent pas le FTP, mais + offre une fonction de proxy HTTP. Vous devez fournir + l'adresse du proxy en plus du nom du serveur FTP.</para> - <para>In the rare case that you have an FTP proxy that - does not go through HTTP, you can specify the URL as - something like:</para> + <para>Dans certains cas, très rare, ou vous disposez + d'un proxy FTP, mais qui ne supporte pas les requètes + HTTP, vous pouvez spécifier l'URL comme ceci:</para> <screen><userinput>ftp://foo.bar.com:<replaceable>port</replaceable>/pub/FreeBSD</userinput></screen> - <para>In the URL above, <replaceable>port</replaceable> - is the port number of the proxy FTP server.</para> + <para>Dans l'URL ci-dessus, <replaceable>port</replaceable> + correspond au numéro du port du serveur FTP proxy.</para> </listitem> </itemizedlist> </sect4> </sect3> <sect3> - <title>Tips for Serial Console Users</title> + <title>Conseils pour les utilisateurs de console série</title> - <para>If you'd like to install &os; on a machine using just a - serial port (e.g. you don't have or wish to use a VGA card), - please follow these steps:</para> + <para>Si vous désirez installer &os; sur une machine en + utilisant uniquement un port série (e.g. si vous ne disposez pas + d'une carte graphique), suivez les instructions suivantes:</para> <procedure> <step> - <para>Connect some sort of ANSI (vt100) compatible terminal - or terminal emulation program to the <devicename>COM1</devicename> port of the PC you - are installing &os; onto.</para> + <para>Connectez un terminal compatible ANSI (vt100) ou un + programme d'émulation de terminal sur le port + <devicename>COM1</devicename> du PC sur lequel vous désirez + installer &os;.</para> </step> <step> - <para>Unplug the keyboard (yes, that's correct!) and then - try to boot from floppy or the installation CDROM, depending - on the type of installation media you have, with the - keyboard unplugged.</para> + <para>Débranchez le clavier (oui vous avez bien lu!) et + essayez de démarrer depuis une disquette ou depuis le CDROM + d'installation, en fonction du type de média d'installation + en votre possession, avec le clavier débranché.</para> </step> <step> - <para>If you don't get any output on your serial console, - plug the keyboard in again and wait for some beeps. If you - are booting from the CDROM, proceed to <xref - linkend="hitspace"> as soon as you - hear the beep.</para> + <para>Si vous n'obtenez aucun caractère sur votre console + série, branchez le clavier et attendez des sonneries. Si + vous démarrez depuis le CDROM, allez à <xref + linkend="hitspace"> aussi vite que possible.</para> </step> <step> - <para>For a floppy boot, the first beep means to remove the - <filename>kern.flp</filename> floppy and insert the - <filename>mfsroot.flp</filename> floppy, after - which you should press <keycap>Enter</keycap> and wait for another beep.</para> + <para>Pour une installation via des disquettes, la première + sonnerie indique de retirer la disquette + <filename>kern.flp</filename> et d'insérer la disquette + <filename>mfsroot.flp</filename> puis appuyez sur la touche + <keycap>Enter</keycap> et attendez une autre sonnerie.</para> </step> <step id="hitspace"> - <para>Hit the space bar, then enter</para> + <para>Appuyez sur la barre d'espace et entrez</para> <screen><userinput>boot -h</userinput></screen> - <para>and you should now definitely be seeing everything on - the serial port. If that still doesn't work, check your - serial cabling as well as the settings on your terminal - emulation program or actual terminal device. It should be - set for 9600 baud, 8 bits, no parity.</para> + <para>Et vous deviez enfin voir des choses sur le port + série. Si cela ne fonctionne pas, vérifier + votre cablage série et vos préférences + de l'émulateur de terminal ou le + périphérique. Il doivent être + configurés en 9600 baud, 8bits, pas de + parité.</para> + </step> </procedure> </sect3> ==== //depot/projects/trustedbsd/base/share/man/man7/Makefile#9 (text+ko) ==== @@ -1,9 +1,9 @@ # @(#)Makefile 8.1 (Berkeley) 6/5/93 -# $FreeBSD: src/share/man/man7/Makefile,v 1.24 2002/07/06 20:30:29 chris Exp $ +# $FreeBSD: src/share/man/man7/Makefile,v 1.25 2002/10/28 22:54:54 chris Exp $ #MISSING: eqnchar.7 ms.7 term.7 MAN= ascii.7 build.7 clocks.7 environ.7 firewall.7 ffs.7 hier.7 \ - hostname.7 intro.7 mailaddr.7 operator.7 ports.7 release.7 \ + hostname.7 intro.7 maclabel.7 mailaddr.7 operator.7 ports.7 release.7 \ sdoc.7 security.7 sprog.7 stdint.7 tuning.7 MLINKS= intro.7 miscellaneous.7 ==== //depot/projects/trustedbsd/base/share/man/man9/style.9#14 (text+ko) ==== @@ -43,7 +43,7 @@ * Style guide for FreeBSD. Based on the CSRG's KNF (Kernel Normal Form). * * @(#)style 1.14 (Berkeley) 4/28/95 - * $FreeBSD: src/share/man/man9/style.9,v 1.93 2002/09/10 14:48:38 robert Exp $ + * $FreeBSD: src/share/man/man9/style.9,v 1.94 2002/10/28 19:33:22 rwatson Exp $ */ /* @@ -82,11 +82,11 @@ #if 0 #ifndef lint static char sccsid[] = "@(#)style 1.14 (Berkeley) 4/28/95"; -#endif /* not lint */ +#endif /* !lint */ #endif #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/share/man/man9/style.9,v 1.93 2002/09/10 14:48:38 robert Exp $"); +__FBSDID("$FreeBSD: src/share/man/man9/style.9,v 1.94 2002/10/28 19:33:22 rwatson Exp $"); .Ed .Pp Leave another blank line before the header files. @@ -180,6 +180,68 @@ } while (0) .Ed .Pp +When code blocks are conditionally defined using +.Ic #ifdef +or +.Ic #if , +a comment may be added following the matching +.Ic #endif +or +.Ic #else +to permit the reader to easily discern where conditionally defined code +regions end. +This comment should be used only for (subjectively) long regions, regions +greater than 20 lines, or where a series of nested +.Ic #ifdef 's +may be confusing to the reader. +Exceptions may be made for cases where code is contionally undefined for +the purposes of lint, even though the undefined region may be small. +The comment shall be seperated from the +.Ic #endif +or +.Ic #else +by a single space. +For short conditionally defined regions, a closing comment should not be +used. +.Pp +The comment for +.Ic #endif +should match the expression used in +.Ic #if +or +.Ic #ifdef . +The comment for +.Ic #else +should be the inverse of the expression used in the previous +.Ic #if +or +.Ic #elsif . +In the comments, the subexpression +.Dq Li defined(FOO) +is abbreviated as +.Dq Li FOO . +For the purposes of comments, +.Dq Ic #ifndef Li FOO +is treated as +.Dq Ic #if Li !defined(FOO) . +.Bd -literal +#ifdef KTRACE +#include <sys/ktrace.h> +#endif + +#ifdef COMPAT_43 +/* A long block here, or other conditional code. */ +#else /* !COMPAT_43 */ +/* Or here. */ +#endif /* COMPAT_43 */ + +#ifndef COMPAT_43 +/* Yet another long block here, or other conditional code. */ +#else /* COMPAT_43 */ +/* Or here. */ +#endif /* !COMPAT_43*/ +.Ed +.Pp Enumeration values are all uppercase. .Bd -literal enum enumtype { ONE, TWO } et; ==== //depot/projects/trustedbsd/base/sys/geom/geom_disk.c#16 (text+ko) ==== @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/geom/geom_disk.c,v 1.31 2002/10/25 20:09:45 phk Exp $ + * $FreeBSD: src/sys/geom/geom_disk.c,v 1.32 2002/10/28 22:43:54 phk Exp $ */ #include "opt_geom.h" @@ -208,6 +208,11 @@ struct disk *dp; dp = gp->softc; + if (indent == NULL) { + sbuf_printf(sb, " hd %u", dp->d_fwheads); + sbuf_printf(sb, " sc %u", dp->d_fwsectors); + return; + } if (pp != NULL) { sbuf_printf(sb, "%s<fwheads>%u</fwheads>\n", indent, dp->d_fwheads); ==== //depot/projects/trustedbsd/base/sys/geom/geom_dump.c#11 (text+ko) ==== @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/geom/geom_dump.c,v 1.15 2002/10/20 19:18:06 phk Exp $ + * $FreeBSD: src/sys/geom/geom_dump.c,v 1.16 2002/10/28 22:43:54 phk Exp $ */ @@ -116,6 +116,50 @@ wakeup(p); } +static void +g_conftxt_geom(struct sbuf *sb, struct g_geom *gp, int level) +{ + struct g_provider *pp; + struct g_consumer *cp; + + LIST_FOREACH(pp, &gp->provider, provider) { + sbuf_printf(sb, "%d %s %s %ju %u", level, gp->class->name, + pp->name, (uintmax_t)pp->mediasize, pp->sectorsize); + gp->dumpconf(sb, NULL, gp, NULL, pp); + sbuf_printf(sb, "\n"); + LIST_FOREACH(cp, &pp->consumers, consumers) + g_conftxt_geom(sb, cp->geom, level + 1); + } +} + +static void +g_conftxt_class(struct sbuf *sb, struct g_class *mp) +{ + struct g_geom *gp; + + LIST_FOREACH(gp, &mp->geom, geom) + g_conftxt_geom(sb, gp, 0); +} + +void +g_conftxt(void *p) +{ + struct g_class *mp; + struct sbuf *sb; + + sb = p; + g_topology_assert(); + LIST_FOREACH(mp, &g_classes, class) + if (!strcmp(mp->name, "DISK")) + break; + if (mp != NULL) + g_conftxt_class(sb, mp); + else + printf("no DISK\n"); + sbuf_finish(sb); + wakeup(p); +} + static void g_conf_consumer(struct sbuf *sb, struct g_consumer *cp) ==== //depot/projects/trustedbsd/base/sys/geom/geom_int.h#5 (text+ko) ==== @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/geom/geom_int.h,v 1.6 2002/10/04 10:38:36 phk Exp $ + * $FreeBSD: src/sys/geom/geom_int.h,v 1.7 2002/10/28 22:43:54 phk Exp $ */ LIST_HEAD(class_list_head, g_class); @@ -73,6 +73,7 @@ void g_confxml(void *); void g_conf_specific(struct sbuf *sb, struct g_class *mp, struct g_geom *gp, struct g_provider *pp, struct g_consumer *cp); void g_confdot(void *); +void g_conftxt(void *); /* geom_event.c */ ==== //depot/projects/trustedbsd/base/sys/geom/geom_kern.c#10 (text+ko) ==== @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/geom/geom_kern.c,v 1.13 2002/10/25 20:09:45 phk Exp $ + * $FreeBSD: src/sys/geom/geom_kern.c,v 1.14 2002/10/28 22:43:54 phk Exp $ */ #include <sys/param.h> @@ -160,6 +160,23 @@ } static int +sysctl_kern_geom_conftxt(SYSCTL_HANDLER_ARGS) +{ + int error; + struct sbuf *sb; + + sb = sbuf_new(NULL, NULL, 0, SBUF_AUTOEXTEND); + sbuf_clear(sb); + g_call_me(g_conftxt, sb); + do { + tsleep(sb, PZERO, "g_dot", hz); + } while(!sbuf_done(sb)); + error = SYSCTL_OUT(req, sbuf_data(sb), sbuf_len(sb) + 1); + sbuf_delete(sb); + return error; +} + +static int sysctl_kern_geom_confdot(SYSCTL_HANDLER_ARGS) { int error; @@ -197,11 +214,15 @@ SYSCTL_PROC(_kern_geom, OID_AUTO, confxml, CTLTYPE_STRING|CTLFLAG_RD, 0, 0, sysctl_kern_geom_confxml, "A", - "Dump the GEOM config"); + "Dump the GEOM config in XML"); SYSCTL_PROC(_kern_geom, OID_AUTO, confdot, CTLTYPE_STRING|CTLFLAG_RD, 0, 0, sysctl_kern_geom_confdot, "A", - "Dump the GEOM config"); + "Dump the GEOM config in dot"); + +SYSCTL_PROC(_kern_geom, OID_AUTO, conftxt, CTLTYPE_STRING|CTLFLAG_RD, + 0, 0, sysctl_kern_geom_conftxt, "A", + "Dump the GEOM config in txt"); SYSCTL_INT(_kern_geom, OID_AUTO, debugflags, CTLFLAG_RW, &g_debugflags, 0, ""); ==== //depot/projects/trustedbsd/base/sys/geom/geom_slice.c#12 (text+ko) ==== @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/geom/geom_slice.c,v 1.25 2002/10/25 20:09:45 phk Exp $ + * $FreeBSD: src/sys/geom/geom_slice.c,v 1.26 2002/10/28 22:43:54 phk Exp $ */ @@ -206,6 +206,12 @@ struct g_slicer *gsp; gsp = gp->softc; + if (indent == NULL) { + sbuf_printf(sb, " i %u", pp->index); + sbuf_printf(sb, " o %ju", + (uintmax_t)gsp->slices[pp->index].offset); + return; + } if (gp != NULL && (pp == NULL && cp == NULL)) { sbuf_printf(sb, "%s<frontstuff>%ju</frontstuff>\n", indent, (intmax_t)gsp->frontstuff); ==== //depot/projects/trustedbsd/base/sys/geom/geom_sunlabel.c#7 (text+ko) ==== @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/geom/geom_sunlabel.c,v 1.17 2002/10/20 20:28:24 phk Exp $ + * $FreeBSD: src/sys/geom/geom_sunlabel.c,v 1.18 2002/10/28 22:42:20 phk Exp $ */ @@ -59,7 +59,9 @@ #define SUNLABEL_CLASS_NAME "SUN" struct g_sunlabel_softc { - int foo; + int nheads; + int nsects; + int nalt; }; static int @@ -78,8 +80,16 @@ static void g_sunlabel_dumpconf(struct sbuf *sb, char *indent, struct g_geom *gp, struct g_consumer *cp __unused, struct g_provider *pp) { + struct g_slicer *gsp; + struct g_sunlabel_softc *ms; + gsp = gp->softc; + ms = gsp->softc; g_slice_dumpconf(sb, indent, gp, cp, pp); + if (indent == NULL) { + sbuf_printf(sb, " sc %u hd %u alt %u", + ms->nsects, ms->nheads, ms->nalt); + } } static struct g_geom * @@ -151,8 +161,11 @@ printf("v_head %d\n", g_dec_be2(buf + 436)); printf("v_sec %d\n", g_dec_be2(buf + 438)); } + ms->nalt = g_dec_be2(buf + 434); + ms->nheads = g_dec_be2(buf + 436); + ms->nsects = g_dec_be2(buf + 438); - csize = g_dec_be2(buf + 436) * g_dec_be2(buf + 438); + csize = ms->nheads * ms->nsects; for (i = 0; i < 8; i++) { v = g_dec_be4(buf + 444 + i * 8); ==== //depot/projects/trustedbsd/base/sys/kern/kern_mac.c#25 (text+ko) ==== @@ -36,7 +36,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/kern/kern_mac.c,v 1.53 2002/10/27 15:50:49 rwatson Exp $ + * $FreeBSD: src/sys/kern/kern_mac.c,v 1.54 2002/10/28 18:53:53 rwatson Exp $ */ /* * Developed by the TrustedBSD Project. @@ -3014,8 +3014,6 @@ { int error; - ASSERT_VOP_LOCKED(vp, "mac_check_system_reboot"); - if (!mac_enforce_system) return (0); ==== //depot/projects/trustedbsd/base/sys/kern/uipc_socket.c#21 (text+ko) ==== @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)uipc_socket.c 8.3 (Berkeley) 4/15/94 - * $FreeBSD: src/sys/kern/uipc_socket.c,v 1.132 2002/10/05 21:23:46 rwatson Exp $ + * $FreeBSD: src/sys/kern/uipc_socket.c,v 1.133 2002/10/28 21:17:53 rwatson Exp $ */ #include "opt_inet.h" @@ -1265,7 +1265,7 @@ u_long val; #ifdef MAC struct mac extmac; -#endif /* MAC */ +#endif error = 0; if (sopt->sopt_level != SOL_SOCKET) { @@ -1400,9 +1400,9 @@ error = mac_setsockopt_label_set( sopt->sopt_td->td_ucred, so, &extmac); -#else /* MAC */ +#else error = EOPNOTSUPP; -#endif /* MAC */ +#endif break; default: error = ENOPROTOOPT; @@ -1462,7 +1462,7 @@ #endif #ifdef MAC struct mac extmac; -#endif /* MAC */ +#endif error = 0; if (sopt->sopt_level != SOL_SOCKET) { @@ -1551,9 +1551,9 @@ if (error) return (error); error = sooptcopyout(sopt, &extmac, sizeof extmac); -#else /* MAC */ +#else error = EOPNOTSUPP; -#endif /* MAC */ +#endif break; case SO_PEERLABEL: #ifdef MAC @@ -1562,9 +1562,9 @@ if (error) return (error); error = sooptcopyout(sopt, &extmac, sizeof extmac); -#else /* MAC */ +#else error = EOPNOTSUPP; -#endif /* MAC */ +#endif break; default: error = ENOPROTOOPT; ==== //depot/projects/trustedbsd/base/sys/kern/uipc_usrreq.c#15 (text+ko) ==== @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * From: @(#)uipc_usrreq.c 8.3 (Berkeley) 1/4/94 - * $FreeBSD: src/sys/kern/uipc_usrreq.c,v 1.97 2002/10/17 15:52:42 robert Exp $ + * $FreeBSD: src/sys/kern/uipc_usrreq.c,v 1.98 2002/10/28 21:17:53 rwatson Exp $ */ #include "opt_mac.h" @@ -644,7 +644,7 @@ #ifdef MAC error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, &vattr); -#endif /* MAC */ +#endif if (error == 0) { VOP_LEASE(nd.ni_dvp, td, td->td_ucred, LEASE_WRITE); error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); ==== //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.c#16 (text+ko) ==== @@ -34,7 +34,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/mac_biba/mac_biba.c,v 1.29 2002/10/26 14:38:22 rwatson Exp $ + * $FreeBSD: src/sys/security/mac_biba/mac_biba.c,v 1.32 2002/10/28 19:18:29 rwatson Exp $ */ /* @@ -312,12 +312,12 @@ } static int -mac_biba_subject_equal_ok(struct mac_biba *mac_biba) +mac_biba_subject_privileged(struct mac_biba *mac_biba) { KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAGS_BOTH) == MAC_BIBA_FLAGS_BOTH, - ("mac_biba_subject_equal_ok: subject doesn't have both labels")); + ("mac_biba_subject_privileged: subject doesn't have both labels")); /* If the single is EQUAL, it's ok. */ if (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_EQUAL) @@ -337,6 +337,7 @@ return (EPERM); } +static int mac_biba_high_single(struct mac_biba *mac_biba) { @@ -1159,6 +1160,7 @@ !strvalid(trusted_interfaces, sizeof(trusted_interfaces))) goto set; + bzero(tiflist, sizeof(tiflist)); for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++) if(*p != ' ' && *p != '\t') *q = *p; @@ -1175,6 +1177,11 @@ grade = MAC_BIBA_TYPE_HIGH; break; } + } else { + *p = '\0'; + printf("mac_biba warning: interface name " + "\"%s\" is too long (must be < %d)\n", + q, IFNAMSIZ); } if (*p == '\0') break; @@ -1470,7 +1477,7 @@ * their label. */ if (mac_biba_contains_equal(new)) { - error = mac_biba_subject_equal_ok(subj); + error = mac_biba_subject_privileged(subj); if (error) return (error); } @@ -1667,7 +1674,7 @@ * subject must have appropriate privilege. */ if (mac_biba_contains_equal(new)) { - error = mac_biba_subject_equal_ok(subj); + error = mac_biba_subject_privileged(subj); if (error) return (error); } @@ -1829,7 +1836,7 @@ * the subject must have appropriate privilege. */ if (mac_biba_contains_equal(new)) { - error = mac_biba_subject_equal_ok(subj); + error = mac_biba_subject_privileged(subj); if (error) return (error); } @@ -2215,7 +2222,7 @@ * the subject must have appropriate privilege. */ if (mac_biba_contains_equal(new)) { - error = mac_biba_subject_equal_ok(subj); + error = mac_biba_subject_privileged(subj); if (error) return (error); } ==== //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.h#4 (text+ko) ==== @@ -34,7 +34,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/mac_biba/mac_biba.h,v 1.3 2002/10/22 14:31:34 rwatson Exp $ + * $FreeBSD: src/sys/security/mac_biba/mac_biba.h,v 1.4 2002/10/28 19:44:05 rwatson Exp $ */ /* * Definitions for the TrustedBSD Biba integrity policy module. @@ -61,6 +61,33 @@ * MAC_BIBA_TYPE_LABEL. */ /* + * Structures and constants associated with a Biba Integrity policy. + * mac_biba represents a Biba label, with mb_type determining its properties, + * and mb_grade represents the hierarchal grade if valid for the current + * mb_type. + */ + +#define MAC_BIBA_MAX_COMPARTMENTS 256 + +struct mac_biba_element { + u_short mbe_type; + u_short mbe_grade; + u_char mbe_compartments[MAC_BIBA_MAX_COMPARTMENTS >> 3]; +}; + +/* + * Biba labels consist of two components: a single label, and a label + * range. Depending on the context, one or both may be used; the mb_flags + * field permits the provider to indicate what fields are intended for + * use. + */ +struct mac_biba { + int mb_flags; + struct mac_biba_element mb_single; + struct mac_biba_element mb_rangelow, mb_rangehigh; +}; + +/* * Biba compartments bit test/set macros. * The range is 1 to MAC_BIBA_MAX_COMPARTMENTS. */ ==== //depot/projects/trustedbsd/base/sys/security/mac_mls/mac_mls.h#4 (text+ko) ==== @@ -34,7 +34,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/mac_mls/mac_mls.h,v 1.3 2002/10/22 14:31:34 rwatson Exp $ + * $FreeBSD: src/sys/security/mac_mls/mac_mls.h,v 1.5 2002/10/28 19:50:06 rwatson Exp $ */ /* * Definitions for the TrustedBSD MLS confidentiality policy module. @@ -61,6 +61,38 @@ * MAC_MLS_TYPE_LABEL. */ /* + * Structures and constants associated with a Multi-Level Security policy. + * mac_mls represents an MLS label, with mm_type determining its properties, + * and mm_level represents the hierarchal sensitivity level if valid for the + * current mm_type. If compartments are used, the same semantics apply as + * long as the suject is in every compartment the object is in. LOW, EQUAL + * and HIGH cannot be in compartments. + */ + +/* + * MLS compartments bit set size (in bits). + */ +#define MAC_MLS_MAX_COMPARTMENTS 256 + +struct mac_mls_element { + u_short mme_type; + u_short mme_level; + u_char mme_compartments[MAC_MLS_MAX_COMPARTMENTS >> 3]; +}; + +/* + * MLS labels consist of two components: a single label, and a label + * range. Depending on the context, one or both may be used; the mb_flags + * field permits the provider to indicate what fields are intended for + * use. + */ +struct mac_mls { + int mm_flags; + struct mac_mls_element mm_single; + struct mac_mls_element mm_rangelow, mm_rangehigh; +}; + +/* * MLS compartments bit test/set macros. * The range is 1 to MAC_MLS_MAX_COMPARTMENTS. */ ==== //depot/projects/trustedbsd/base/sys/sys/mac.h#16 (text+ko) ==== @@ -34,7 +34,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210290008.g9T08S8Q042030>