Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 30 Jul 2002 15:08:12 -0700 (PDT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: src/sys/sys vnode.h
Message-ID:  <200207302208.g6UM8Cth083304@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
rwatson     2002/07/30 15:08:12 PDT

  Modified files:
    sys/sys              vnode.h 
  Log:
  Begin committing support for Mandatory Access Control and extensible
  kernel access control.  The MAC framework permits loadable kernel
  modules to link to the kernel at compile-time, boot-time, or run-time,
  and augment the system security policy.  This commit includes the
  initial kernel implementation, although the interface with the userland
  components of the oeprating system is still under work, and not all
  kernel subsystems are supported.  Later in this commit sequence,
  documentation of which kernel subsystems will not work correctly with
  a kernel compiled with MAC support will be added.
  
  Label vnodes, permitting security information to maintained at the
  granularity of the individual file, directory (et al).  This data is
  protected by the vnode lock and may be read only when holding a shared
  lock, or modified only when holding an exclusive lock.  Label
  information may be considered either the primary copy, or a cached
  copy.  Individual file systems or kernel services may use the
  VCACHEDLABEL flag for accounting purposes to determine which it is.
  New VOPs will be introduced to refresh this label on demand, or to
  set the label value.
  
  Obtained from:  TrustedBSD Project
  Sponsored by:   DARPA, NAI Labs
  
  Revision  Changes    Path
  1.196     +2 -0      src/sys/sys/vnode.h

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207302208.g6UM8Cth083304>