Date: Tue, 14 Jan 2003 00:19:35 -0800 (PST) From: Chris Costello <chris@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 23726 for review Message-ID: <200301140819.h0E8JZkx080508@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=23726 Change 23726 by chris@chris_holly on 2003/01/14 00:19:30 Piece together a new "Label operations" section. Add a few more entry points I seem to have missed on the first few sweeps. Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#28 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#28 (text+ko) ==== @@ -155,8 +155,8 @@ be passed NULL pointers for label arguments to entry points.</para> - <sect2 id="policy-module-registration"> - <title>Policy Module Registration</title> + <sect2 id="mac-mpo-general"> + <title>General-Purpose Module Entry Points</title> <para>Modules may be declared using the <function>MAC_POLICY_SET()</function> macro, which names the @@ -298,8 +298,1320 @@ caution should be applied.</para> </sect3> + <sect3 id="mac-mpo-syscall"> + <title><function>&mac.mpo;_syscall</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>int + <function>&mac.mpo;_syscall</function></funcdef> + + <paramdef>struct thread + *<parameter>td</parameter></paramdef> + <paramdef>int <parameter>call</parameter></paramdef> + <paramdef>void *<parameter>arg</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>td</parameter></entry> + <entry>Calling thread</entry> + </row> + + <row> + <entry><parameter>call</parameter></entry> + <entry>Syscall number</entry> + </row> + <row> + <entry><parameter>arg</parameter></entry> + <entry>Pointer to syscall arguments</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>This entry point provides a policy-multiplexed system + call so that policies may provide additional services to + user processes without registering specific system calls. + The policy name provided during registration is used to + demux calls from userland, and the arguments will be + forwarded to this entry point. When implementing new + services, security modules should be sure to invoke + appropriate access control checks from the MAC framework as + needed. For example, if a policy implements an augmented + signal functionality, it should call the necessary signal + access control checks to invoke the MAC framework and other + registered policies.</para> + + <note><para>Modules must currently perform the + <function>copyin()</function> of the syscall data on their + own.</para></note> + </sect3> + + <sect3 id="mac-mpo-thread-userret"> + <title><function>&mac.mpo;_thread_userret</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_thread_userret</function></funcdef> + + <paramdef>struct thread + *<parameter>td</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>td</parameter></entry> + <entry>Returning thread</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <!-- XXX: Maybe rewrite this section. --> + <para>This entry point permits policy modules to perform + MAC-related events when a thread returns to user space. + This is required for policies that have floating process + labels, as it's not always possible to acquire the process + lock at arbitrary points in the stack during system call + processing; process labels might represent traditional + authentication data, process history information, or other + data.</para> + </sect3> </sect2> + + <sect2 id="mac-label-ops"> + <title>Label Operations</title> + + <sect3 id="mac-mpo-init-bpfdesc"> + <title><function>&mac.mpo;_init_bpfdesc_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_init_bpfdesc_label</function></funcdef> + + <paramdef>struct bpf_d + *<parameter>bpf_d</parameter></paramdef> + <paramdef>struct label + *<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>bpf_d</parameter></entry> + <entry>Object; bpf descriptor</entry> + </row> + + <row> + <entry><parameter>label</parameter></entry> + <entry>New label to apply</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Initialize the label on a newly instantiated bpfdesc (BPF + descriptor)</para> + </sect3> + + <sect3 id="mac-mpo-init-cred-label"> + <title><function>&mac.mpo;_init_cred_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_init_cred_label</function></funcdef> + + <paramdef>struct label + *<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>label</parameter></entry> + <entry>New label to initialize</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Initialize the label for a newly instantiated + user credential.</para> + </sect3> + + <sect3 id="mac-mpo-init-devfsdirent"> + <title><function>&mac.mpo;_init_devfsdirent_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_init_devfsdirent_label</function></funcdef> + + <paramdef>struct devfs_dirent + *<parameter>devfs_dirent</parameter></paramdef> + <paramdef>struct label + *<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>devfs_dirent</parameter></entry> + <entry>Object; devfs directory entry</entry> + </row> + + <row> + <entry><parameter>label</parameter></entry> + <entry>New label to apply</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Initialize the label on a newly instantiated devfs + entry.</para> + </sect3> + + <sect3 id="mac-mpo-init-ifnet"> + <title><function>&mac.mpo;_init_ifnet_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_init_ifnet_label</function></funcdef> + + <paramdef>struct ifnet + *<parameter>ifnet</parameter></paramdef> + <paramdef>struct label + *<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>ifnet</parameter></entry> + <entry>Object; network interface</entry> + </row> + + <row> + <entry><parameter>label</parameter></entry> + <entry>New label to apply</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Initialize the label on a newly instantiated network + interface.</para> + </sect3> + + <sect3 id="mac-mpo-init-ipq"> + <title><function>&mac.mpo;_init_ipq_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_init_ipq_label</function></funcdef> + + <paramdef>struct ipq + *<parameter>ipq</parameter></paramdef> + <paramdef>struct label + *<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>ipq</parameter></entry> + <entry>Object; IP reassembly queue</entry> + </row> + + <row> + <entry><parameter>label</parameter></entry> + <entry>New label to apply</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Initialize the label on a newly instantiated IP fragment + reassembly queue.</para> + </sect3> + + <sect3 id="mac-mpo-init-mbuf"> + <title><function>&mac.mpo;_init_mbuf_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_init_mbuf_label</function></funcdef> + + <paramdef>struct mbuf + *<parameter>mbuf</parameter></paramdef> + <paramdef>int <parameter>how</parameter></paramdef> + <paramdef>struct label + *<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>mbuf</parameter></entry> + <entry>Object; mbuf</entry> + </row> + + <row> + <entry><parameter>how</parameter></entry> + <entry>Blocking/non-blocking &man.malloc.9;; see + below</entry> + </row> + + <row> + <entry><parameter>label</parameter></entry> + <entry>Policy label to initialize</entry> + </tbody> + </tgroup> + </informaltable> + + <para>Initialize the label on a newly instantiated mbuf packet + header (<parameter>mbuf</parameter>). The + <parameter>how</parameter> field may be one of + <symbol>M_WAITOK</symbol> and <symbol>M_NOWAIT</symbol>, and + should be employed to avoid performing a blocking + &man.malloc.9; during this initialization call. Mbuf + allocation frequently occurs in performance sensitive + environments, and the implementation should be careful to + avoid blocking or long-lived operations. This entry point + is permitted to fail resulting in the failure to allocate + the mbuf header.</para> + </sect3> + + <sect3 id="mac-mpo-init-mount"> + <title><function>&mac.mpo;_init_mount_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_init_mount_label</function></funcdef> + + <paramdef>struct mount + *<parameter>mount</parameter></paramdef> + <paramdef>struct label + *<parameter>mntlabel</parameter></paramdef> + <paramdef>struct label + *<parameter>fslabel</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <!-- XXX: Wording on label descriptions. --> + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>mount</parameter></entry> + <entry>Object; file system mount point</entry> + </row> + + <row> + <entry><parameter>mntlabel</parameter></entry> + <entry>Policy label to be initialized for the mount + itself</entry> + </row> + + <row> + <entry><parameter>fslabel</parameter></entry> + <entry>Policy label to be initialized for the file + system</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Initialize the labels on a newly instantiated mount + point.</para> + </sect3> + + <sect3 id="mac-mpo-init-mount-fs-label"> + <title><function>&mac.mpo;_init_mount_fs_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_init_mount_fs_label</function></funcdef> + + <paramdef>struct label + *<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>label</parameter></entry> + <entry>Label to be initialized</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Initialize the label on a newly mounted file + system.</para> + </sect3> + + <sect3 id="mac-mpo-init-pipe-label"> + <title><function>&mac.mpo;_init_pipe_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_init_pipe_label</function></funcdef> + + <paramdef>struct + label*<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>label</parameter></entry> + <entry>Label to be filled in</entry> + </row> + </tbody> + </informaltable> + + <para>Initialize a label for a newly instantiated pipe.</para> + </sect3> + + <sect3 id="mac-mpo-init-socket"> + <title><function>&mac.mpo;_init_socket_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_init_socket_label</function></funcdef> + + <paramdef>struct label + *<parameter>label</parameter></paramdef> + <paramdef>int <parameter>flag</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>label</parameter></entry> + <entry>New label to initialize</entry> + </row> + + <row> + <entry><parameter>flag</parameter></entry> + <entry>&man.malloc.9; flags</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Initialize a label for a newly instantiated + socket.</para> + </sect3> + + <sect3 id="mac-mpo-init-socket-peer-label"> + <title><function>&mac.mpo;_init_socket_peer_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_init_socket_peer_label</function></funcdef> + + <paramdef>struct label + *<parameter>label</parameter></paramdef> + <paramdef>int <parameter>flag</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>label</parameter></entry> + <entry>New label to initialize</entry> + </row> + + <row> + <entry><parameter>flag</parameter></entry> + <entry>&man.malloc.9; flags</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Initialize the peer label for a newly instantiated + socket.</para> + </sect3> + + <sect3 id="mac-mpo-init-proc-label"> + <title><function>&mac.mpo;_init_proc_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_init_proc_label</function></funcdef> + + <paramdef>struct label + *<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>label</parameter></entry> + <entry>New label to initialize</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Initialize the label for a newly instantiated + process.</para> + </sect3> + + + <sect3 id="mac-mpo-init-vnode"> + <title><function>&mac.mpo;_init_vnode_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_init_vnode_label</function></funcdef> + + <paramdef>struct vnode + *<parameter>vp</parameter></paramdef> + <paramdef>struct label + *<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>vp</parameter></entry> + <entry>Object; file system object</entry> + </row> + + <row> + <entry><parameter>label</parameter></entry> + <entry>New label to initialize</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Initialize the label on a newly instantiated vnode.</para> + </sect3> + <sect3 id="mac-mpo-destroy-bpfdesc"> + <title><function>&mac.mpo;_destroy_bpfdesc_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_destroy_bpfdesc_label</function></funcdef> + + <paramdef>struct label + *<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>label</parameter></entry> + <entry>bpfdesc label</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Destroy the label on a bpf descriptor. In this entry + point a policy should free any internal storage associated + with <parameter>label</parameter> so that it may be + destroyed.</para> + </sect3> + + <sect3 id="mac-mpo-destroy-cred"> + <title><function>&mac.mpo;_destroy_cred_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_destroy_cred_label</function></funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>struct label + *<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject; user credential</entry> + </row> + + <row> + <entry><parameter>label</parameter></entry> + <entry>Label being destroyed</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Destroy the label on a credential. In this entry point, + a policy module should free any internal storage associated + with <parameter>label</parameter> so that it may be + destroyed.</para> + </sect3> + + + <sect3 id="mac-mpo-destroy-devfsdirent"> + <title><function>&mac.mpo;_destroy_devfsdirent_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_destroy_devfsdirent_label</function></funcdef> + + <paramdef>struct devfs_dirent + *<parameter>devfs_dirent</parameter></paramdef> + <paramdef>struct label + *<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>devfs_dirent</parameter></entry> + <entry>Object; devfs directory entry</entry> + </row> + + <row> + <entry><parameter>label</parameter></entry> + <entry>Label being destroyed</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Destroy the label on a devfs entry. In this entry + point, a policy module should free any internal storage + asociated with <parameter>label</parameter> so that it may + be destroyed.</para> + </sect3> + + <sect3 id="mac-mpo-destroy-ifnet-label"> + <title><function>&mac.mpo;_destroy_ifnet_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_destroy_ifnet_label</function></funcdef> + + <paramdef>struct label + *<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>label</parameter></entry> + <entry>Label being destroyed</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Destroy the label on a removed interface. In this entry + point, a policy module should free any internal storage + associated with <parameter>label</parameter> so that it may + be destroyed.</para> + </sect3> + + <sect3 id="mac-mpo-destroy-ipq-label"> + <title><function>&mac.mpo;_destroy_ipq_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_destroy_ipq_label</function></funcdef> + + <paramdef>struct label + *<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>label</parameter></entry> + <entry>Label being destroyed</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Destroy the label on an IP fragment queue. In this + entry point, a policy module should free any internal + storage associated with <parameter>label</parameter> so that + it may be destroyed.</para> + </sect3> + + <sect3 id="mac-mpo-destroy-mbuf-label"> + <title><function>&mac.mpo;_destroy_mbuf_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_destroy_mbuf_label</function></funcdef> + + <paramdef>struct label + *<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>label</parameter></entry> + <entry>Label being destroyed</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Destroy the label on an mbuf header. In this entry + point, a policy module should free any internal storage + associated with <parameter>label</parameter> so that it may + be destroyed.</para> + </sect3> + + <sect3 id="mac-mpo-destroy-mount-label"> + <title><function>&mac.mpo;_destroy_mount_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_destroy_mount_label</function></funcdef> + + <paramdef>struct label + *<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>label</parameter></entry> + <entry>Mount point label being destroyed</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Destroy the labels on a mount point. In this entry + point, a policy module should free the internal storage + associated with <parameter>mntlabel</parameter> so that they + may be destroyed.</para> + </sect3> + + <sect3 id="mac-mpo-destroy-mount"> + <title><function>&mac.mpo;_destroy_mount_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_destroy_mount_label</function></funcdef> + + <paramdef>struct mount + *<parameter>mp</parameter></paramdef> + <paramdef>struct label + *<parameter>mntlabel</parameter></paramdef> + <paramdef>struct label + *<parameter>fslabel</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>mp</parameter></entry> + <entry>Object; file system mount point</entry> + </row> + + <row> + <entry><parameter>mntlabel</parameter></entry> + <entry>Mount point label being destroyed</entry> + </row> + + <row> + <entry><parameter>fslabel</parameter></entry> + <entry>File system label being destroyed> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Destroy the labels on a mount point. In this entry + point, a policy module should free the internal storage + associated with <parameter>mntlabel</parameter> and + <parameter>fslabel</parameter> so that they may be + destroyed.</para> + </sect3> + + <sect3 id="mac-mpo-destroy-socket"> + <title><function>&mac.mpo;_destroy_socket_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_destroy_socket_label</function></funcdef> + + <paramdef>struct label + *<parameter>label</parameter></paramdef> + + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>label</parameter></entry> + <entry>Socket label being destroyed</entry> + </row> + + </tbody> + </tgroup> + </informaltable> + + <para>Destroy the label on a socket. In this entry point, a + policy module should free any internal storage associated + with <parameter>label</parameter> so that it may be + destroyed.</para> + </sect3> + + <sect3 id="mac-mpo-destroy-socket-peer-label"> + <title><function>&mac.mpo;_destroy_socket_peer_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_destroy_socket_peer_label</function></funcdef> + + <paramdef>struct label + *<parameter>peerlabel</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>peerlabel</parameter></entry> + <entry>Socket peer label being destroyed</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Destroy the peer label on a socket. In this entry + point, a policy module should free any internal storage + associated with <parameter>label</parameter> so that it may + be destroyed.</para> + </sect3> + + <sect3 id="mac-mpo-destroy-pipe-label"> + <title><function>&mac.mpo;_destroy_pipe_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_destroy_pipe_label</function></funcdef> + + <paramdef>struct label + *<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> + <entry><parameter>label</parameter></entry> + <entry>Pipe label</entry> + </row> + </tbody> + </tgroup> + </informaltable> + + <para>Destroy the label on a pipe. In this entry point, a + policy module should free any internal storage associated + with <parameter>label</parameter> so that it may be + destroyed.</para> + </sect3> + + <sect3 id="mac-mpo-destroy-proc-label"> + <title><function>&mac.mpo;_destroy_proc_label</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>void + <function>&mac.mpo;_destroy_proc_label</function></funcdef> + <paramdef>struct label + *<parameter>label</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="3"> + &mac.thead; + + <tbody> + <row> >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301140819.h0E8JZkx080508>