From owner-p4-projects Wed May 1 22:16:57 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 2B70537B41E; Wed, 1 May 2002 22:16:41 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 1747537B41A for ; Wed, 1 May 2002 22:16:38 -0700 (PDT) Received: (from perforce@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g425Gbs86345 for perforce@freebsd.org; Wed, 1 May 2002 22:16:37 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Wed, 1 May 2002 22:16:37 -0700 (PDT) Message-Id: <200205020516.g425Gbs86345@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 10653 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=10653 Change 10653 by rwatson@rwatson_tislabs on 2002/05/01 22:15:57 Update various policies to know about the new flags field, and set the MPC_LOADTIME_FLAG_NOTLATE flag for Biba, MLS, TE, and SEBSD, since they need the opportunity to maintain labeling on all objects starting from system instantiation. They can be compiled as modules, but those modules must be loaded before the kernel starts booting; attempting to load them late in the boot, or following the boot, will fail. Affected files ... ... //depot/projects/trustedbsd/mac/sys/security/babyaudit/babyaudit.c#8 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#34 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#28 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_ifoff/mac_ifoff.c#6 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#28 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#25 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_seeotheruids/mac_seeotheruids.c#8 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#29 edit ... //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#4 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/babyaudit/babyaudit.c#8 (text+ko) ==== @@ -276,4 +276,4 @@ }; MAC_POLICY_SET(babyaudit_ops, trustedbsd_babyaudit, "TrustedBSD MAC/babyaudit", - 0); + 0, 0); ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#34 (text+ko) ==== @@ -1219,5 +1219,6 @@ { MAC_OP_LAST, NULL } }; -MAC_POLICY_SET(mac_biba_ops, trustedbsd_mac_biba, "TrustedBSD MAC/Biba", 1); +MAC_POLICY_SET(mac_biba_ops, trustedbsd_mac_biba, "TrustedBSD MAC/Biba", + MPC_LOADTIME_FLAG_NOTLATE, 1); #endif /* !MAC */ ==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#28 (text+ko) ==== @@ -671,4 +671,4 @@ }; MAC_POLICY_SET(mac_bsdextended_ops, trustedbsd_mac_bsdextended, - "TrustedBSD MAC/BSD Extended", 0); + "TrustedBSD MAC/BSD Extended", 0, 0); ==== //depot/projects/trustedbsd/mac/sys/security/mac_ifoff/mac_ifoff.c#6 (text+ko) ==== @@ -166,4 +166,5 @@ { MAC_OP_LAST, NULL } }; -MAC_POLICY_SET(mac_ifoff_ops, trustedbsd_mac_ifoff, "TrustedBSD MAC/ifoff", 0); +MAC_POLICY_SET(mac_ifoff_ops, trustedbsd_mac_ifoff, "TrustedBSD MAC/ifoff", + 0, 0); ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#28 (text+ko) ==== @@ -1152,5 +1152,6 @@ { MAC_OP_LAST, NULL } }; -MAC_POLICY_SET(mac_mls_ops, trustedbsd_mac_mls, "TrustedBSD MAC/MLS", 1); +MAC_POLICY_SET(mac_mls_ops, trustedbsd_mac_mls, "TrustedBSD MAC/MLS", + MPC_LOADTIME_FLAG_NOTLATE, 1); #endif /* !MAC */ ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#25 (text+ko) ==== @@ -768,6 +768,6 @@ { MAC_OP_LAST, NULL } }; -MAC_POLICY_SET(mac_none_ops, trustedbsd_mac_none, "TrustedBSD MAC/None", 0); +MAC_POLICY_SET(mac_none_ops, trustedbsd_mac_none, "TrustedBSD MAC/None", 0, 0); #endif /* !MAC */ ==== //depot/projects/trustedbsd/mac/sys/security/mac_seeotheruids/mac_seeotheruids.c#8 (text+ko) ==== @@ -173,4 +173,4 @@ }; MAC_POLICY_SET(mac_seeotheruids_ops, trustedbsd_mac_seeotheruids, - "TrustedBSD MAC/seeotheruids", 0); + "TrustedBSD MAC/seeotheruids", 0, 0); ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#29 (text+ko) ==== @@ -1238,6 +1238,7 @@ { MAC_OP_LAST, NULL } }; -MAC_POLICY_SET(mac_te_ops, trustedbsd_mac_te, "TrustedBSD MAC/TE", 1); +MAC_POLICY_SET(mac_te_ops, trustedbsd_mac_te, "TrustedBSD MAC/TE", + MPC_LOADTIME_FLAG_NOTLATE, 1); #endif /* !MAC */ ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#4 (text+ko) ==== @@ -123,6 +123,7 @@ { MAC_OP_LAST, NULL } }; -MAC_POLICY_SET(sebsd_ops, trustedbsd_sebsd, "Security Enhanced BSD", 1); +MAC_POLICY_SET(sebsd_ops, trustedbsd_sebsd, "Security Enhanced BSD", + MPC_LOADTIME_FLAG_NOTLATE, 1); #endif /* !MAC */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message