Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 30 Jul 2002 15:15:09 -0700 (PDT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: src/sys/kern vnode_if.src
Message-ID:  <200207302215.g6UMF9dd084095@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
rwatson     2002/07/30 15:15:09 PDT

  Modified files:
    sys/kern             vnode_if.src 
  Log:
  Begin committing support for Mandatory Access Control and extensible
  kernel access control.  The MAC framework permits loadable kernel
  modules to link to the kernel at compile-time, boot-time, or run-time,
  and augment the system security policy.  This commit includes the
  initial kernel implementation, although the interface with the userland
  components of the operating system is still under work, and not all
  kernel subsystems are supported.  Later in this commit sequence,
  documentation of which kernel subsystems will not work correctly with
  a kernel compiled with MAC support will be added.
  
  Introduce two node vnode operations required to support MAC.  First,
  VOP_REFRESHLABEL(), which will be invoked by callers requiring that
  vp->v_label be sufficiently "fresh" for access control purposes.
  Second, VOP_SETLABEL(), which be invoked by callers requiring that
  the passed label contents be updated.  The file system is responsible
  for updating v_label if appropriate in coordination with the MAC
  framework, as well as committing to disk.  File systems that are
  not MAC-aware need not implement these VOPs, as the MAC framework
  will default to maintaining a single label for all vnodes based
  on the label on the file system mount point.
  
  Obtained from:  TrustedBSD Project
  Sponsored by:   DARPA, NAI Labs
  
  Revision  Changes    Path
  1.54      +19 -0     src/sys/kern/vnode_if.src

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207302215.g6UMF9dd084095>